[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   30.654189] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.895983] random: sshd: uninitialized urandom read (32 bytes read)
[   35.449825] random: sshd: uninitialized urandom read (32 bytes read)
[   36.797336] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts.
[   42.438668] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/06 09:32:20 fuzzer started
[   43.885808] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/06 09:32:23 dialing manager at 10.128.0.26:33811
[   68.337775] can: request_module (can-proto-0) failed.
[   68.348930] can: request_module (can-proto-0) failed.
2018/06/06 09:32:48 kcov=true, comps=false
2018/06/06 09:32:54 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$kcm(0x29, 0x5, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970")
bind$inet(r0, &(0x7f0000dc9ff0)={0x2, 0x4e20, @rand_addr}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x17f, 0x4)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendto$inet(r0, &(0x7f000099bf26), 0x143, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
sendto$inet(r0, &(0x7f0000000100), 0x229f, 0x4008000, 0x0, 0xb4)

2018/06/06 09:32:54 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="0047fc2f07d82c99240970")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183}, 0x48)
r3 = socket$kcm(0x29, 0x1000000000002, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f000031aff8)={r1, r2})
sendmsg$kcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000480)='_', 0x1}], 0x1, &(0x7f0000000640)}, 0x0)
dup3(r2, r3, 0x0)

2018/06/06 09:32:54 executing program 7:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r0, 0x10d, 0x4000000097, &(0x7f00000036c0), &(0x7f0000003a40)=0x4)

2018/06/06 09:32:54 executing program 3:
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c)
listen(r0, 0xffffffffffffff7f)
read(r0, &(0x7f00000000c0)=""/113, 0x71)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/06/06 09:32:54 executing program 1:
timer_create(0x3, &(0x7f00000001c0)={0x0, 0x0, 0x1, @thr={&(0x7f00007e3ff8), &(0x7f0000c21000)}}, &(0x7f0000000200))
seccomp(0x1, 0x0, &(0x7f0000e8c000)={0x1, &(0x7f0000000000)=[{0x6}]})
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0)
timer_delete(0x0)

2018/06/06 09:32:54 executing program 4:
r0 = memfd_create(&(0x7f00000001c0)="736563757269747d917617cb0e3dbe4574656f00", 0x0)
write(r0, &(0x7f0000000040)="16", 0x1)
sendfile(r0, r0, &(0x7f0000000080), 0xb516)
clock_nanosleep(0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c9c380}, &(0x7f0000000600))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000a10000/0x14000)=nil, 0x14000)
mlock(&(0x7f000089d000/0x2000)=nil, 0x2000)

2018/06/06 09:32:54 executing program 5:
r0 = socket$kcm(0x29, 0x5, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000040)="0047fc2f07d82c99240970")
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
symlink(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00')
mount(&(0x7f0000000700)='./file0/file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000000840)='minix\x00', 0x0, &(0x7f0000000000))

2018/06/06 09:32:54 executing program 6:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000f84f90)={0x2, 0x1, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @multicast1=0xe0000001}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa}}]}, 0x50}, 0x1}, 0x0)

[   76.971500] IPVS: ftp: loaded support on port[0] = 21
[   76.981975] IPVS: ftp: loaded support on port[0] = 21
[   76.994620] IPVS: ftp: loaded support on port[0] = 21
[   77.021147] IPVS: ftp: loaded support on port[0] = 21
[   77.031651] IPVS: ftp: loaded support on port[0] = 21
[   77.040438] IPVS: ftp: loaded support on port[0] = 21
[   77.064661] IPVS: ftp: loaded support on port[0] = 21
[   77.074135] IPVS: ftp: loaded support on port[0] = 21
[   79.115431] ip (4736) used greatest stack depth: 54520 bytes left
[   79.122345] ==================================================================
[   79.129734] BUG: KMSAN: uninit-value in do_syslog+0x39c1/0x3be0
[   79.135831] CPU: 0 PID: 4399 Comm: rsyslogd Not tainted 4.17.0-rc5+ #103
[   79.143045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.152402] Call Trace:
[   79.154993]  dump_stack+0x185/0x1d0
[   79.158647]  ? do_syslog+0x39c1/0x3be0
[   79.162546]  kmsan_report+0x149/0x260
[   79.166348]  __msan_warning_32+0x6e/0xc0
[   79.170410]  do_syslog+0x39c1/0x3be0
[   79.174126]  ? init_wait_entry+0x1a0/0x1a0
[   79.178383]  kmsg_read+0x142/0x1a0
[   79.181935]  ? mmap_vmcore_fault+0x30/0x30
[   79.186177]  proc_reg_read+0x1de/0x2f0
[   79.190070]  ? proc_reg_llseek+0x260/0x260
[   79.194308]  __vfs_read+0x1a5/0x9b0
[   79.197940]  vfs_read+0x36c/0x6b0
[   79.201394]  __x64_sys_read+0x1bf/0x3e0
[   79.205373]  do_syscall_64+0x152/0x230
[   79.209268]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   79.214458] RIP: 0033:0x7f54d07141fd
[   79.218168] RSP: 002b:00007f54cdcb3e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   79.226228] RAX: ffffffffffffffda RBX: 0000000000d7f650 RCX: 00007f54d07141fd
[   79.233589] RDX: 0000000000000fff RSI: 00007f54cf4e85a0 RDI: 0000000000000004
[   79.240951] RBP: 0000000000000000 R08: 0000000000d6a260 R09: 0000000004000001
[   79.248233] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420
[   79.252693] ip (4738) used greatest stack depth: 54424 bytes left
[   79.255504] R13: 00007f54cdcb49c0 R14: 00007f54d0d59040 R15: 0000000000000003
[   79.255513] 
[   79.255517] Uninit was stored to memory at:
[   79.255537]  kmsan_internal_chain_origin+0x12b/0x210
[   79.255567]  __msan_chain_origin+0x69/0xc0
[   79.284312]  log_store+0x13fc/0x14b0
[   79.288075]  vprintk_emit+0xc44/0xff0
[   79.291885]  vprintk_default+0x90/0xa0
[   79.295854]  vprintk_func+0x517/0x700
[   79.299645]  printk+0x1b6/0x1f0
[   79.303015]  do_exit+0x3377/0x38d0
[   79.306565]  do_group_exit+0x1a0/0x360
[   79.310467]  __do_sys_exit_group+0x21/0x30
[   79.314702]  __se_sys_exit_group+0x14/0x20
[   79.318935]  __x64_sys_exit_group+0x4c/0x50
[   79.323252]  do_syscall_64+0x152/0x230
[   79.327149]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   79.332519] Local variable description: ----tlb.i@ldt_arch_exit_mmap
[   79.341203] Variable was created at:
[   79.344933]  ldt_arch_exit_mmap+0x46/0x160
[   79.349185]  exit_mmap+0x3ef/0x970
[   79.352715] ==================================================================
[   79.360067] Disabling lock debugging due to kernel taint
[   79.365573] Kernel panic - not syncing: panic_on_warn set ...
[   79.365573] 
[   79.373044] CPU: 0 PID: 4399 Comm: rsyslogd Tainted: G    B             4.17.0-rc5+ #103
[   79.381386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.390744] Call Trace:
[   79.393346]  dump_stack+0x185/0x1d0
[   79.396979]  panic+0x39d/0x940
[   79.400191]  ? do_syslog+0x39c1/0x3be0
[   79.404082]  kmsan_report+0x260/0x260
[   79.407887]  __msan_warning_32+0x6e/0xc0
[   79.411945]  do_syslog+0x39c1/0x3be0
[   79.415678]  ? init_wait_entry+0x1a0/0x1a0
[   79.419919]  kmsg_read+0x142/0x1a0
[   79.423461]  ? mmap_vmcore_fault+0x30/0x30
[   79.427697]  proc_reg_read+0x1de/0x2f0
[   79.431594]  ? proc_reg_llseek+0x260/0x260
[   79.435850]  __vfs_read+0x1a5/0x9b0
[   79.439483]  vfs_read+0x36c/0x6b0
[   79.442970]  __x64_sys_read+0x1bf/0x3e0
[   79.446943]  do_syscall_64+0x152/0x230
[   79.450834]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   79.456025] RIP: 0033:0x7f54d07141fd
[   79.459727] RSP: 002b:00007f54cdcb3e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   79.467439] RAX: ffffffffffffffda RBX: 0000000000d7f650 RCX: 00007f54d07141fd
[   79.474717] RDX: 0000000000000fff RSI: 00007f54cf4e85a0 RDI: 0000000000000004
[   79.482342] RBP: 0000000000000000 R08: 0000000000d6a260 R09: 0000000004000001
[   79.489619] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420
[   79.496895] R13: 00007f54cdcb49c0 R14: 00007f54d0d59040 R15: 0000000000000003
[   79.504898] Dumping ftrace buffer:
[   79.508435]    (ftrace buffer empty)
[   79.512132] Kernel Offset: disabled
[   79.515738] Rebooting in 86400 seconds..