[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   13.171571] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.859555] random: sshd: uninitialized urandom read (32 bytes read)
[   17.291109] random: sshd: uninitialized urandom read (32 bytes read)
[   17.782862] random: sshd: uninitialized urandom read (32 bytes read)
[   24.245612] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
[   29.881939] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   29.966805] ------------[ cut here ]------------
[   29.971562] kernel BUG at net/core/skbuff.c:1455!
[   29.976649] invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   29.982533] Dumping ftrace buffer:
[   29.986042]    (ftrace buffer empty)
[   29.989725] Modules linked in:
[   29.992920] CPU: 0 PID: 1964 Comm: syz-executor691 Not tainted 4.14.67+ #1
[   29.999902] task: ffff8801bc1d1780 task.stack: ffff8801c8de0000
[   30.005935] RIP: 0010:pskb_expand_head+0xa65/0xb30
[   30.010839] RSP: 0018:ffff8801c8de7548 EFLAGS: 00010297
[   30.016175] RAX: ffff8801bc1d1780 RBX: ffff8801cadf8140 RCX: 0000000001080020
[   30.023417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8801cadf821c
[   30.030783] RBP: 0000000001080020 R08: 0000000000000004 R09: ffffed00391dd000
[   30.038031] R10: ffffed00391dd000 R11: ffff8801c8ee8003 R12: ffff8801cadf8204
[   30.045272] R13: 000000000000003f R14: 0000000000000040 R15: 0000000000000000
[   30.052639] FS:  00007f67216b3700(0000) GS:ffff8801dba00000(0000) knlGS:0000000000000000
[   30.060841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.066694] CR2: 0000000020005700 CR3: 00000001c6472003 CR4: 00000000001606b0
[   30.074205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.081450] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.088692] Call Trace:
[   30.091263]  ? proto_seq_start+0x50/0x50
[   30.095301]  __pskb_pull_tail+0xca/0x1500
[   30.099428]  ip6_datagram_recv_specific_ctl+0x1419/0x1710
[   30.104938]  ? lock_downgrade+0x560/0x560
[   30.109063]  ? ip6_datagram_recv_common_ctl+0x3a0/0x3a0
[   30.114415]  ? copy_page_to_iter+0x421/0xd40
[   30.118796]  ? ip6_datagram_recv_common_ctl+0x27c/0x3a0
[   30.124131]  ? ipv6_recv_rxpmtu+0x790/0x790
[   30.128423]  ? skb_copy_datagram_iter+0x1a3/0x900
[   30.133242]  rawv6_recvmsg+0x90d/0xb40
[   30.137105]  ? rawv6_bind+0x7b0/0x7b0
[   30.140882]  ? dup_iter+0x240/0x240
[   30.144483]  ? __might_fault+0x177/0x1b0
[   30.148524]  sock_common_recvmsg+0xf3/0x190
[   30.152819]  ? compat_sock_common_getsockopt+0x130/0x130
[   30.158253]  ? security_socket_recvmsg+0x91/0xc0
[   30.162979]  ? compat_sock_common_getsockopt+0x130/0x130
[   30.168410]  sock_recvmsg+0xc0/0x100
[   30.172112]  ? __sock_recv_ts_and_drops+0x370/0x370
[   30.177100]  ___sys_recvmsg+0x242/0x510
[   30.181047]  ? ___sys_sendmsg+0x890/0x890
[   30.185273]  ? wake_up_q+0xed/0x150
[   30.188909]  ? futex_wake+0x141/0x420
[   30.192693]  ? __fget+0x204/0x3a0
[   30.196135]  ? lock_downgrade+0x560/0x560
[   30.200289]  ? lock_acquire+0x10f/0x380
[   30.204253]  ? check_preemption_disabled+0x34/0x160
[   30.209258]  ? check_preemption_disabled+0x34/0x160
[   30.214366]  ? __fget+0x22b/0x3a0
[   30.217797]  ? __fget_light+0x192/0x1f0
[   30.221750]  __sys_recvmmsg+0x236/0x690
[   30.225713]  ? SyS_recvmsg+0x40/0x40
[   30.229397]  ? check_preemption_disabled+0x34/0x160
[   30.234417]  ? __fget+0x22b/0x3a0
[   30.237848]  ? __might_fault+0x104/0x1b0
[   30.241886]  ? lock_downgrade+0x560/0x560
[   30.246112]  ? lock_acquire+0x10f/0x380
[   30.250069]  ? __might_fault+0xd4/0x1b0
[   30.254018]  ? __might_fault+0x177/0x1b0
[   30.258058]  SyS_recvmmsg+0xbf/0x170
[   30.261767]  ? __sys_recvmmsg+0x690/0x690
[   30.265903]  ? do_syscall_64+0x43/0x4b0
[   30.269850]  ? __sys_recvmmsg+0x690/0x690
[   30.273991]  do_syscall_64+0x19b/0x4b0
[   30.277873]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.283036] RIP: 0033:0x4468d9
[   30.286199] RSP: 002b:00007f67216b2da8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   30.293878] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 00000000004468d9
[   30.301136] RDX: 0000000000000006 RSI: 0000000020006780 RDI: 0000000000000004
[   30.308440] RBP: 00000000006dbc30 R08: 0000000020006900 R09: 0000000000000000
[   30.315792] R10: 0000000000000002 R11: 0000000000000246 R12: 00000000006dbc3c
[   30.323037] R13: 0100000000000000 R14: 00007f67216b39c0 R15: 00000000006dbd2c
[   30.330289] Code: e9 49 fa ff ff 4c 89 ef e8 49 a0 27 ff e9 b6 fd ff ff e8 3f a0 27 ff e9 89 fb ff ff e8 35 a0 27 ff e9 98 fc ff ff e8 6b a7 05 ff <0f> 0b 48 8b 7c 24 18 e8 1f a0 27 ff e9 ff fa ff ff 48 8b 7c 24 
[   30.349355] RIP: pskb_expand_head+0xa65/0xb30 RSP: ffff8801c8de7548
[   30.357971] ---[ end trace ef7e4a9084e8db7c ]---
[   30.362882] Kernel panic - not syncing: Fatal exception
[   30.368518] Dumping ftrace buffer:
[   30.372032]    (ftrace buffer empty)
[   30.375716] Kernel Offset: 0x9e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   30.386592] Rebooting in 86400 seconds..