[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   28.119486] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.918870] random: sshd: uninitialized urandom read (32 bytes read)
[   32.184405] random: sshd: uninitialized urandom read (32 bytes read)
[   33.268642] random: sshd: uninitialized urandom read (32 bytes read)
[   47.304297] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts.
[   52.883839] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/28 11:11:52 parsed 1 programs
[   54.145705] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/28 11:11:54 executed programs: 0
[   55.747648] IPVS: ftp: loaded support on port[0] = 21
[   55.750262] IPVS: ftp: loaded support on port[0] = 21
[   55.761288] IPVS: ftp: loaded support on port[0] = 21
[   55.771944] IPVS: ftp: loaded support on port[0] = 21
[   55.772850] IPVS: ftp: loaded support on port[0] = 21
[   55.800728] IPVS: ftp: loaded support on port[0] = 21
[   55.804149] IPVS: ftp: loaded support on port[0] = 21
[   55.824819] IPVS: ftp: loaded support on port[0] = 21
[   56.541824] ip (4643) used greatest stack depth: 54424 bytes left
[   56.718220] ip (4672) used greatest stack depth: 54328 bytes left
[   57.045644] ip (4744) used greatest stack depth: 54216 bytes left
[   57.147228] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.153649] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.171798] device bridge_slave_0 entered promiscuous mode
[   57.182179] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.188583] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.196464] device bridge_slave_0 entered promiscuous mode
[   57.232219] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.238621] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.259151] device bridge_slave_0 entered promiscuous mode
[   57.270373] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.276793] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.284647] device bridge_slave_0 entered promiscuous mode
[   57.293546] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.299925] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.307589] device bridge_slave_1 entered promiscuous mode
[   57.316782] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.323171] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.330829] device bridge_slave_0 entered promiscuous mode
[   57.341316] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.347701] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.356576] device bridge_slave_1 entered promiscuous mode
[   57.366442] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.372877] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.382157] device bridge_slave_0 entered promiscuous mode
[   57.393913] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.400360] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.408314] device bridge_slave_1 entered promiscuous mode
[   57.418505] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.424920] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.432716] device bridge_slave_1 entered promiscuous mode
[   57.439178] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.445657] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.454777] device bridge_slave_0 entered promiscuous mode
[   57.471559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.480010] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.486501] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.498633] device bridge_slave_1 entered promiscuous mode
[   57.507080] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.513472] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.521300] device bridge_slave_1 entered promiscuous mode
[   57.528583] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.536911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.544840] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.551323] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.570528] device bridge_slave_0 entered promiscuous mode
[   57.580824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.589986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.600494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.610586] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.617068] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.627469] device bridge_slave_1 entered promiscuous mode
[   57.640263] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.649776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.659615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.667832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.676394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   57.686646] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.703195] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.709668] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.732327] device bridge_slave_1 entered promiscuous mode
[   57.756158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.786707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   57.804900] ==================================================================
[   57.812307] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450
[   57.818779] CPU: 1 PID: 4845 Comm: sh Not tainted 4.17.0+ #9
[   57.824552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.833895] Call Trace:
[   57.836480]  dump_stack+0x185/0x1d0
[   57.840082]  kmsan_report+0x188/0x2a0
[   57.843871]  __msan_warning_32+0x70/0xc0
[   57.847907]  __list_add_valid+0x1b8/0x450
[   57.852032]  enqueue_task_fair+0xe12/0x4490
[   57.856336]  ? update_load_avg+0x2cc0/0x2cc0
[   57.860721]  wake_up_new_task+0xd34/0x1850
[   57.864934]  _do_fork+0x799/0xf60
[   57.868377]  __x64_sys_clone+0x15e/0x1b0
[   57.872423]  ? __ia32_sys_vfork+0x70/0x70
[   57.876549]  do_syscall_64+0x15b/0x230
[   57.880418]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   57.885583] RIP: 0033:0x7f360e8e5f46
[   57.889268] RSP: 002b:00007ffe9186f540 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   57.896955] RAX: ffffffffffffffda RBX: 00007ffe9186f540 RCX: 00007f360e8e5f46
[   57.904213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   57.911460] RBP: 00007ffe9186f580 R08: 0000000000000000 R09: 000000000000002c
[   57.918704] R10: 00007f360eddc9d0 R11: 0000000000000246 R12: 0000000000000000
[   57.925951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.933203] 
[   57.934806] Uninit was stored to memory at:
[   57.939113]  kmsan_internal_chain_origin+0x12b/0x210
[   57.944194]  __msan_chain_origin+0x69/0xc0
[   57.948409]  pick_next_task_fair+0x2474/0x2530
[   57.952979]  pick_next_task+0x1ba/0x420
[   57.956929]  __schedule+0x20f/0x770
[   57.960535]  do_task_dead+0xc8/0xf0
[   57.964140]  do_exit+0x347e/0x3930
[   57.967658]  do_group_exit+0x1a0/0x360
[   57.971523]  __do_sys_exit_group+0x21/0x30
[   57.975744]  __se_sys_exit_group+0x14/0x20
[   57.979957]  __x64_sys_exit_group+0x4c/0x50
[   57.984258]  do_syscall_64+0x15b/0x230
[   57.988147]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   57.993305] 
[   57.994906] Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave
[   58.002408] Variable was created at:
[   58.006102]  _raw_spin_lock_irqsave+0x45/0xf0
[   58.010583]  do_task_dead+0x40/0xf0
[   58.014201] ==================================================================
[   58.021546] Disabling lock debugging due to kernel taint
[   58.026976] Kernel panic - not syncing: panic_on_warn set ...
[   58.026976] 
[   58.034326] CPU: 1 PID: 4845 Comm: sh Tainted: G    B             4.17.0+ #9
[   58.041491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.050825] Call Trace:
[   58.053450]  dump_stack+0x185/0x1d0
[   58.057065]  panic+0x3d0/0x990
[   58.060249]  kmsan_report+0x29e/0x2a0
[   58.064037]  __msan_warning_32+0x70/0xc0
[   58.068087]  __list_add_valid+0x1b8/0x450
[   58.072223]  enqueue_task_fair+0xe12/0x4490
[   58.076536]  ? update_load_avg+0x2cc0/0x2cc0
[   58.080928]  wake_up_new_task+0xd34/0x1850
[   58.085158]  _do_fork+0x799/0xf60
[   58.088599]  __x64_sys_clone+0x15e/0x1b0
[   58.092645]  ? __ia32_sys_vfork+0x70/0x70
[   58.096780]  do_syscall_64+0x15b/0x230
[   58.100656]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.105829] RIP: 0033:0x7f360e8e5f46
[   58.109530] RSP: 002b:00007ffe9186f540 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   58.117224] RAX: ffffffffffffffda RBX: 00007ffe9186f540 RCX: 00007f360e8e5f46
[   58.124474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   58.131726] RBP: 00007ffe9186f580 R08: 0000000000000000 R09: 000000000000002c
[   58.138978] R10: 00007f360eddc9d0 R11: 0000000000000246 R12: 0000000000000000
[   58.146234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.354929] Shutting down cpus with NMI
[   59.371168] Dumping ftrace buffer:
[   59.374700]    (ftrace buffer empty)
[   59.378392] Kernel Offset: disabled
[   59.382001] Rebooting in 86400 seconds..