[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   28.984470] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.511672] random: sshd: uninitialized urandom read (32 bytes read)
[   32.996506] random: sshd: uninitialized urandom read (32 bytes read)
[   34.085256] random: sshd: uninitialized urandom read (32 bytes read)
[   42.000524] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
[   47.428380] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/30 13:31:11 parsed 1 programs
2018/05/30 13:31:11 executed programs: 0
[   47.973914] IPVS: ftp: loaded support on port[0] = 21
[   47.977993] IPVS: ftp: loaded support on port[0] = 21
[   48.030703] IPVS: ftp: loaded support on port[0] = 21
[   48.032349] IPVS: ftp: loaded support on port[0] = 21
[   48.041914] IPVS: ftp: loaded support on port[0] = 21
[   48.046479] IPVS: ftp: loaded support on port[0] = 21
[   48.060940] ip (4521) used greatest stack depth: 54520 bytes left
[   48.063587] IPVS: ftp: loaded support on port[0] = 21
[   48.071386] IPVS: ftp: loaded support on port[0] = 21
[   48.270149] ip (4550) used greatest stack depth: 53976 bytes left
[   48.706538] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.713097] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.736359] device bridge_slave_0 entered promiscuous mode
[   48.820702] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.827167] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.866522] device bridge_slave_1 entered promiscuous mode
[   48.917899] ==================================================================
[   48.925309] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450
[   48.931781] CPU: 0 PID: 4658 Comm: ip Not tainted 4.17.0-rc5+ #103
[   48.938072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.947399] Call Trace:
[   48.949966]  dump_stack+0x185/0x1d0
[   48.953571]  ? __list_add_valid+0x1b8/0x450
[   48.957874]  kmsan_report+0x149/0x260
[   48.961662]  __msan_warning_32+0x6e/0xc0
[   48.965699]  __list_add_valid+0x1b8/0x450
[   48.969828]  enqueue_task_fair+0xe02/0x4470
[   48.974126]  ? __msan_metadata_ptr_for_load_1+0x20/0x20
[   48.979479]  ? update_load_avg+0x2cc0/0x2cc0
[   48.983867]  try_to_wake_up+0x1430/0x20b0
[   48.987998]  wake_up_process+0x34/0x40
[   48.991865]  __queue_work+0x1c1d/0x1f20
[   48.995816]  ? kmsan_set_origin_inline+0x6b/0x120
[   49.000638]  queue_work_on+0x1a5/0x1c0
[   49.004508]  netdevice_event+0xc53/0xf10
[   49.008546]  ? del_netdev_ips+0xa0/0xa0
[   49.012499]  ? del_netdev_default_ips_join+0x1e0/0x1e0
[   49.017752]  ? is_eth_port_of_netdev+0x520/0x520
[   49.022498]  ? enum_all_gids_of_dev_cb+0x8f0/0x8f0
[   49.027405]  ? inet6addr_event+0x4c0/0x4c0
[   49.031627]  ? inet6addr_event+0x4c0/0x4c0
[   49.035842]  raw_notifier_call_chain+0x13b/0x250
[   49.040581]  register_netdevice+0x211c/0x26c0
[   49.045059]  veth_newlink+0xb9e/0x1480
[   49.048932]  ? veth_validate+0x340/0x340
[   49.052967]  rtnl_newlink+0x272d/0x37a0
[   49.056917]  ? rtnl_newlink+0xca5/0x37a0
[   49.060957]  ? kmsan_set_origin_inline+0x6b/0x120
[   49.065795]  ? rcu_all_qs+0x32/0x1f0
[   49.069526]  ? rtnl_setlink+0x770/0x770
[   49.073485]  rtnetlink_rcv_msg+0xa32/0x1560
[   49.077786]  ? do_syscall_64+0x152/0x230
[   49.081825]  ? netlink_sendmsg+0x76e/0x1350
[   49.086127]  ? ___sys_sendmsg+0xec0/0x1310
[   49.090349]  ? __x64_sys_sendmsg+0x331/0x460
[   49.094732]  ? do_syscall_64+0x152/0x230
[   49.098772]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.104116]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   49.109456]  ? lookup_fast+0xbf3/0x1780
[   49.113411]  ? kmsan_set_origin_inline+0x6b/0x120
[   49.118257]  ? kmsan_set_origin+0x9e/0x160
[   49.122491]  netlink_rcv_skb+0x378/0x600
[   49.126529]  ? rtnetlink_bind+0x120/0x120
[   49.130656]  rtnetlink_rcv+0x50/0x60
[   49.134348]  netlink_unicast+0x1678/0x1750
[   49.138562]  ? rtnetlink_net_exit+0xa0/0xa0
[   49.142862]  netlink_sendmsg+0x104f/0x1350
[   49.147076]  ? netlink_getsockopt+0xc80/0xc80
[   49.151564]  ___sys_sendmsg+0xec0/0x1310
[   49.155607]  ? __fdget+0x4e/0x60
[   49.158951]  ? __fget_light+0x57/0x700
[   49.162814]  ? __fdget+0x4e/0x60
[   49.166156]  ? __fget_light+0x1dc/0x700
[   49.170111]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   49.176069]  ? __fget_light+0x1f5/0x700
[   49.180033]  __x64_sys_sendmsg+0x331/0x460
[   49.184249]  do_syscall_64+0x152/0x230
[   49.188116]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.193281] RIP: 0033:0x7f728eda9320
[   49.196966] RSP: 002b:00007ffcccd6e268 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   49.204654] RAX: ffffffffffffffda RBX: 00007ffcccd72360 RCX: 00007f728eda9320
[   49.211900] RDX: 0000000000000000 RSI: 00007ffcccd6e2a0 RDI: 0000000000000003
[   49.219150] RBP: 00007ffcccd6e2a0 R08: 0000000000000000 R09: 00007f728edef070
[   49.226399] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005b0ea7a2
[   49.233648] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffcccd72b40
[   49.240905] 
[   49.242507] Uninit was stored to memory at:
[   49.246815]  kmsan_internal_chain_origin+0x12b/0x210
[   49.251895]  __msan_chain_origin+0x69/0xc0
[   49.256109]  pick_next_task_fair+0x2464/0x2520
[   49.260665]  pick_next_task+0x1b1/0x410
[   49.264619]  __schedule+0x20b/0x730
[   49.268222]  do_task_dead+0xc8/0xf0
[   49.271828]  do_exit+0x340e/0x38d0
[   49.275346]  do_group_exit+0x1a0/0x360
[   49.279210]  __do_sys_exit_group+0x21/0x30
[   49.283436]  __se_sys_exit_group+0x14/0x20
[   49.287651]  __x64_sys_exit_group+0x4c/0x50
[   49.291950]  do_syscall_64+0x152/0x230
[   49.295816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.300981] Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave
[   49.308487] Variable was created at:
[   49.312180]  _raw_spin_lock_irqsave+0x45/0xf0
[   49.316686]  do_task_dead+0x40/0xf0
[   49.320285] ==================================================================
[   49.327620] Disabling lock debugging due to kernel taint
[   49.333047] Kernel panic - not syncing: panic_on_warn set ...
[   49.333047] 
[   49.340398] CPU: 0 PID: 4658 Comm: ip Tainted: G    B             4.17.0-rc5+ #103
[   49.348080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.357419] Call Trace:
[   49.359994]  dump_stack+0x185/0x1d0
[   49.363606]  panic+0x39d/0x940
[   49.366787]  ? __list_add_valid+0x1b8/0x450
[   49.371090]  kmsan_report+0x260/0x260
[   49.374869]  __msan_warning_32+0x6e/0xc0
[   49.378909]  __list_add_valid+0x1b8/0x450
[   49.383041]  enqueue_task_fair+0xe02/0x4470
[   49.387346]  ? __msan_metadata_ptr_for_load_1+0x20/0x20
[   49.392694]  ? update_load_avg+0x2cc0/0x2cc0
[   49.397083]  try_to_wake_up+0x1430/0x20b0
[   49.401212]  wake_up_process+0x34/0x40
[   49.405079]  __queue_work+0x1c1d/0x1f20
[   49.409034]  ? kmsan_set_origin_inline+0x6b/0x120
[   49.413863]  queue_work_on+0x1a5/0x1c0
[   49.417735]  netdevice_event+0xc53/0xf10
[   49.421778]  ? del_netdev_ips+0xa0/0xa0
[   49.425732]  ? del_netdev_default_ips_join+0x1e0/0x1e0
[   49.430988]  ? is_eth_port_of_netdev+0x520/0x520
[   49.435723]  ? enum_all_gids_of_dev_cb+0x8f0/0x8f0
[   49.440647]  ? inet6addr_event+0x4c0/0x4c0
[   49.444862]  ? inet6addr_event+0x4c0/0x4c0
[   49.449080]  raw_notifier_call_chain+0x13b/0x250
[   49.453819]  register_netdevice+0x211c/0x26c0
[   49.458302]  veth_newlink+0xb9e/0x1480
[   49.462182]  ? veth_validate+0x340/0x340
[   49.466224]  rtnl_newlink+0x272d/0x37a0
[   49.470175]  ? rtnl_newlink+0xca5/0x37a0
[   49.474219]  ? kmsan_set_origin_inline+0x6b/0x120
[   49.479043]  ? rcu_all_qs+0x32/0x1f0
[   49.482742]  ? rtnl_setlink+0x770/0x770
[   49.486693]  rtnetlink_rcv_msg+0xa32/0x1560
[   49.490996]  ? do_syscall_64+0x152/0x230
[   49.495036]  ? netlink_sendmsg+0x76e/0x1350
[   49.499336]  ? ___sys_sendmsg+0xec0/0x1310
[   49.503563]  ? __x64_sys_sendmsg+0x331/0x460
[   49.507946]  ? do_syscall_64+0x152/0x230
[   49.511990]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.517345]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   49.522688]  ? lookup_fast+0xbf3/0x1780
[   49.526643]  ? kmsan_set_origin_inline+0x6b/0x120
[   49.531478]  ? kmsan_set_origin+0x9e/0x160
[   49.535693]  netlink_rcv_skb+0x378/0x600
[   49.539735]  ? rtnetlink_bind+0x120/0x120
[   49.543861]  rtnetlink_rcv+0x50/0x60
[   49.547552]  netlink_unicast+0x1678/0x1750
[   49.551769]  ? rtnetlink_net_exit+0xa0/0xa0
[   49.556070]  netlink_sendmsg+0x104f/0x1350
[   49.560284]  ? netlink_getsockopt+0xc80/0xc80
[   49.564761]  ___sys_sendmsg+0xec0/0x1310
[   49.568801]  ? __fdget+0x4e/0x60
[   49.572141]  ? __fget_light+0x57/0x700
[   49.576003]  ? __fdget+0x4e/0x60
[   49.579346]  ? __fget_light+0x1dc/0x700
[   49.583297]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   49.588638]  ? __fget_light+0x1f5/0x700
[   49.592593]  __x64_sys_sendmsg+0x331/0x460
[   49.596810]  do_syscall_64+0x152/0x230
[   49.600677]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.605848] RIP: 0033:0x7f728eda9320
[   49.609533] RSP: 002b:00007ffcccd6e268 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   49.617222] RAX: ffffffffffffffda RBX: 00007ffcccd72360 RCX: 00007f728eda9320
[   49.624472] RDX: 0000000000000000 RSI: 00007ffcccd6e2a0 RDI: 0000000000000003
[   49.631735] RBP: 00007ffcccd6e2a0 R08: 0000000000000000 R09: 00007f728edef070
[   49.638983] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005b0ea7a2
[   49.646229] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffcccd72b40
[   50.806674] Shutting down cpus with NMI
[   50.822958] Dumping ftrace buffer:
[   50.826484]    (ftrace buffer empty)
[   50.830172] Kernel Offset: disabled
[   50.833816] Rebooting in 86400 seconds..