[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   28.529660] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.880196] random: sshd: uninitialized urandom read (32 bytes read)
[   34.319878] random: sshd: uninitialized urandom read (32 bytes read)
[   35.454758] random: sshd: uninitialized urandom read (32 bytes read)
[  626.381920] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts.
[  631.910170] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  632.598384] ==================================================================
[  632.605856] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450
[  632.612329] CPU: 0 PID: 5154 Comm: syz-executor442 Not tainted 4.17.0+ #9
[  632.619226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  632.628568] Call Trace:
[  632.631128]  <IRQ>
[  632.633286]  dump_stack+0x185/0x1d0
[  632.636935]  kmsan_report+0x188/0x2a0
[  632.640716]  __msan_warning_32+0x70/0xc0
[  632.644755]  __list_add_valid+0x1b8/0x450
[  632.648915]  enqueue_task_fair+0xe12/0x4490
[  632.653214]  ? __msan_metadata_ptr_for_store_4+0x10/0x20
[  632.658643]  ? update_load_avg+0x2cc0/0x2cc0
[  632.663042]  try_to_wake_up+0x162f/0x2260
[  632.667168]  wake_up_process+0x34/0x40
[  632.671064]  hrtimer_wakeup+0xac/0x100
[  632.674929]  __hrtimer_run_queues+0xc54/0x1630
[  632.679489]  ? hrtimer_init_sleeper+0xc0/0xc0
[  632.683962]  hrtimer_interrupt+0x451/0x13c0
[  632.688258]  ? __msan_poison_alloca+0x15c/0x1d0
[  632.692927]  ? trace_local_timer_entry+0x2f/0x1d0
[  632.697746]  ? hrtimer_init+0x5c0/0x5c0
[  632.701694]  local_apic_timer_interrupt+0x6b/0x250
[  632.706600]  smp_apic_timer_interrupt+0x5a/0x90
[  632.711247]  apic_timer_interrupt+0xf/0x20
[  632.715455]  </IRQ>
[  632.717677] RIP: 0010:__msan_get_context_state+0x93/0xf0
[  632.723099] RSP: 0000:ffff8801bf4bf9f8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[  632.730781] RAX: ffff8801cc8ae098 RBX: ffff8801cc8ae098 RCX: 0000000000000000
[  632.738025] RDX: ffffea00098c1d80 RSI: 0000000000000000 RDI: ffff8801bf4bfcc8
[  632.745271] RBP: ffff8801bf4bfa20 R08: 0000000000000000 R09: 0000000000000002
[  632.752512] R10: 0000000000000000 R11: ffffffff81928dc0 R12: ffffea00098c1d80
[  632.759757] R13: ffff8801bf4bfc37 R14: ffff8801cc8ad7c0 R15: 0000000000000202
[  632.767040]  ? filemap_fault+0x2590/0x2590
[  632.771264]  alloc_set_pte+0x26/0x1d80
[  632.775133]  filemap_map_pages+0x12d7/0x1ac0
[  632.779520]  ? filemap_fault+0x2590/0x2590
[  632.783729]  handle_mm_fault+0x2f6b/0x7ed0
[  632.787942]  ? filemap_fault+0x2590/0x2590
[  632.792159]  __do_page_fault+0xec6/0x1a10
[  632.796284]  do_page_fault+0xb7/0x250
[  632.800060]  ? page_fault+0x8/0x30
[  632.803572]  page_fault+0x1e/0x30
[  632.806998] RIP: 0033:0x43f0ba
[  632.810161] RSP: 002b:00007ffe992ee280 EFLAGS: 00010246
[  632.815503] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000043f0ba
[  632.822748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  632.829993] RBP: 00007ffe992ee2a0 R08: 000000000000118e R09: 0000000000c98880
[  632.837236] R10: 0000000000c98b50 R11: 0000000000000246 R12: 000000000000118e
[  632.844480] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000
[  632.851724] 
[  632.853326] Uninit was stored to memory at:
[  632.857657]  kmsan_internal_chain_origin+0x12b/0x210
[  632.862744]  __msan_chain_origin+0x69/0xc0
[  632.866961]  pick_next_task_fair+0x2474/0x2530
[  632.871516]  pick_next_task+0x1ba/0x420
[  632.875464]  __schedule+0x20f/0x770
[  632.879065]  do_task_dead+0xc8/0xf0
[  632.882683]  do_exit+0x347e/0x3930
[  632.886201]  do_group_exit+0x1a0/0x360
[  632.890076]  __do_sys_exit_group+0x21/0x30
[  632.894288]  __se_sys_exit_group+0x14/0x20
[  632.898510]  __x64_sys_exit_group+0x4c/0x50
[  632.902840]  do_syscall_64+0x15b/0x230
[  632.906707]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  632.911867] 
[  632.913467] Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave
[  632.920970] Variable was created at:
[  632.924658]  _raw_spin_lock_irqsave+0x45/0xf0
[  632.929135]  do_task_dead+0x40/0xf0
[  632.932739] ==================================================================
[  632.940071] Disabling lock debugging due to kernel taint
[  632.945491] Kernel panic - not syncing: panic_on_warn set ...
[  632.945491] 
[  632.952829] CPU: 0 PID: 5154 Comm: syz-executor442 Tainted: G    B             4.17.0+ #9
[  632.961115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  632.970451] Call Trace:
[  632.973006]  <IRQ>
[  632.975222]  dump_stack+0x185/0x1d0
[  632.978827]  panic+0x3d0/0x990
[  632.982001]  kmsan_report+0x29e/0x2a0
[  632.985780]  __msan_warning_32+0x70/0xc0
[  632.989821]  __list_add_valid+0x1b8/0x450
[  632.993959]  enqueue_task_fair+0xe12/0x4490
[  632.998255]  ? __msan_metadata_ptr_for_store_4+0x10/0x20
[  633.003683]  ? update_load_avg+0x2cc0/0x2cc0
[  633.008068]  try_to_wake_up+0x162f/0x2260
[  633.012197]  wake_up_process+0x34/0x40
[  633.016061]  hrtimer_wakeup+0xac/0x100
[  633.019924]  __hrtimer_run_queues+0xc54/0x1630
[  633.024482]  ? hrtimer_init_sleeper+0xc0/0xc0
[  633.028955]  hrtimer_interrupt+0x451/0x13c0
[  633.033252]  ? __msan_poison_alloca+0x15c/0x1d0
[  633.037898]  ? trace_local_timer_entry+0x2f/0x1d0
[  633.042716]  ? hrtimer_init+0x5c0/0x5c0
[  633.046663]  local_apic_timer_interrupt+0x6b/0x250
[  633.051569]  smp_apic_timer_interrupt+0x5a/0x90
[  633.056214]  apic_timer_interrupt+0xf/0x20
[  633.060421]  </IRQ>
[  633.062632] RIP: 0010:__msan_get_context_state+0x93/0xf0
[  633.068054] RSP: 0000:ffff8801bf4bf9f8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[  633.075736] RAX: ffff8801cc8ae098 RBX: ffff8801cc8ae098 RCX: 0000000000000000
[  633.082981] RDX: ffffea00098c1d80 RSI: 0000000000000000 RDI: ffff8801bf4bfcc8
[  633.090233] RBP: ffff8801bf4bfa20 R08: 0000000000000000 R09: 0000000000000002
[  633.097477] R10: 0000000000000000 R11: ffffffff81928dc0 R12: ffffea00098c1d80
[  633.104731] R13: ffff8801bf4bfc37 R14: ffff8801cc8ad7c0 R15: 0000000000000202
[  633.111983]  ? filemap_fault+0x2590/0x2590
[  633.116198]  alloc_set_pte+0x26/0x1d80
[  633.120066]  filemap_map_pages+0x12d7/0x1ac0
[  633.124454]  ? filemap_fault+0x2590/0x2590
[  633.128661]  handle_mm_fault+0x2f6b/0x7ed0
[  633.132882]  ? filemap_fault+0x2590/0x2590
[  633.137094]  __do_page_fault+0xec6/0x1a10
[  633.141220]  do_page_fault+0xb7/0x250
[  633.144997]  ? page_fault+0x8/0x30
[  633.148523]  page_fault+0x1e/0x30
[  633.151949] RIP: 0033:0x43f0ba
[  633.155121] RSP: 002b:00007ffe992ee280 EFLAGS: 00010246
[  633.160459] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000043f0ba
[  633.167704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  633.174953] RBP: 00007ffe992ee2a0 R08: 000000000000118e R09: 0000000000c98880
[  633.182429] R10: 0000000000c98b50 R11: 0000000000000246 R12: 000000000000118e
[  633.189673] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000
[  634.310901] Shutting down cpus with NMI
[  634.326841] Dumping ftrace buffer:
[  634.330362]    (ftrace buffer empty)
[  634.334049] Kernel Offset: disabled
[  634.337655] Rebooting in 86400 seconds..