[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   38.936934] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   43.727184] random: sshd: uninitialized urandom read (32 bytes read)
[   44.237190] random: sshd: uninitialized urandom read (32 bytes read)
[   45.433192] random: sshd: uninitialized urandom read (32 bytes read)
[   45.694802] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts.
[   51.451697] random: sshd: uninitialized urandom read (32 bytes read)
[   51.583353] IPVS: ftp: loaded support on port[0] = 21
[   51.798073] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.804671] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.812433] device bridge_slave_0 entered promiscuous mode
[   51.837808] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.844261] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.851731] device bridge_slave_1 entered promiscuous mode
[   51.876390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   51.901683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   51.974924] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.003417] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.075539] ip (4532) used greatest stack depth: 53688 bytes left
[   52.117301] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   52.124718] team0: Port device team_slave_0 added
[   52.149488] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   52.156968] team0: Port device team_slave_1 added
[   52.182649] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   52.210617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   52.238657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   52.266699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[   52.498651] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.505188] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.512093] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.518511] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   53.361699] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.443273] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   53.524367] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   53.530557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.539606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.619435] 8021q: adding VLAN 0 to HW filter on device team0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   54.632560] ==================================================================
[   54.639982] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x44f/0x27d0
[   54.646556] CPU: 1 PID: 4754 Comm: syz-executor100 Not tainted 4.18.0-rc8+ #33
[   54.653901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.663240] Call Trace:
[   54.665821]  dump_stack+0x17c/0x1c0
[   54.669449]  kmsan_report+0x188/0x2a0
[   54.673254]  kmsan_internal_check_memory+0x138/0x1f0
[   54.678360]  kmsan_copy_to_user+0x73/0xb0
[   54.682510]  _copy_to_iter+0x44f/0x27d0
[   54.686519]  skb_copy_datagram_iter+0x422/0xfa0
[   54.691196]  ? skb_recv_datagram+0x232/0x430
[   54.695597]  ? skb_recv_datagram+0x3d2/0x430
[   54.700009]  packet_recvmsg+0x728/0x1c30
[   54.704089]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   54.709464]  ? security_socket_recvmsg+0xa4/0x220
[   54.714306]  ? packet_sendmsg+0x8ae0/0x8ae0
[   54.718617]  sock_read_iter+0x406/0x480
[   54.722619]  ? kernel_sock_ip_overhead+0x340/0x340
[   54.727557]  __vfs_read+0x7b9/0x9f0
[   54.731198]  vfs_read+0x36c/0x6b0
[   54.734662]  __x64_sys_read+0x1b7/0x3c0
[   54.738636]  ? ksys_read+0x340/0x340
[   54.742343]  do_syscall_64+0x15b/0x220
[   54.746251]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   54.751445] RIP: 0033:0x446fa9
[   54.754622] Code: e8 6c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 03 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   54.773963] RSP: 002b:00007f197391cda8 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   54.781681] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000446fa9
[   54.788953] RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000003
[   54.796230] RBP: 00000000006dcc40 R08: 0000000000000000 R09: 0000000000000000
[   54.803488] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc4c
[   54.810748] R13: 0000010000000002 R14: 00007f197391d9c0 R15: 0000000000000000
[   54.818018] 
[   54.819645] Uninit was created at:
[   54.823176]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   54.828268]  kmsan_kmalloc+0x98/0x100
[   54.832070]  kmsan_slab_alloc+0x10/0x20
[   54.836057]  __kmalloc_node_track_caller+0xb4c/0x11d0
[   54.841251]  __alloc_skb+0x2ce/0x9b0
[   54.844958]  alloc_skb_with_frags+0x1d0/0xac0
[   54.849452]  sock_alloc_send_pskb+0xb47/0x1120
[   54.854036]  packet_sendmsg+0x6480/0x8ae0
[   54.858194]  ___sys_sendmsg+0xe32/0x1250
[   54.862242]  __sys_sendmmsg+0x4ac/0x930
[   54.866204]  __x64_sys_sendmmsg+0x11c/0x170
[   54.870531]  do_syscall_64+0x15b/0x220
[   54.874421]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   54.879596] 
[   54.881223] Bytes 4-5 of 25 are uninitialized
[   54.885700] Memory access starts at ffff8801c0310264
[   54.890791] ==================================================================
[   54.898133] Disabling lock debugging due to kernel taint
[   54.903566] Kernel panic - not syncing: panic_on_warn set ...
[   54.903566] 
[   54.910926] CPU: 1 PID: 4754 Comm: syz-executor100 Tainted: G    B             4.18.0-rc8+ #33
[   54.919662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.928999] Call Trace:
[   54.931591]  dump_stack+0x17c/0x1c0
[   54.935230]  panic+0x3c3/0x9a0
[   54.938448]  kmsan_report+0x29e/0x2a0
[   54.942265]  kmsan_internal_check_memory+0x138/0x1f0
[   54.947367]  kmsan_copy_to_user+0x73/0xb0
[   54.951518]  _copy_to_iter+0x44f/0x27d0
[   54.955532]  skb_copy_datagram_iter+0x422/0xfa0
[   54.960202]  ? skb_recv_datagram+0x232/0x430
[   54.964604]  ? skb_recv_datagram+0x3d2/0x430
[   54.969027]  packet_recvmsg+0x728/0x1c30
[   54.973108]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   54.978461]  ? security_socket_recvmsg+0xa4/0x220
[   54.983301]  ? packet_sendmsg+0x8ae0/0x8ae0
[   54.987613]  sock_read_iter+0x406/0x480
[   54.991613]  ? kernel_sock_ip_overhead+0x340/0x340
[   54.996553]  __vfs_read+0x7b9/0x9f0
[   55.000190]  vfs_read+0x36c/0x6b0
[   55.003651]  __x64_sys_read+0x1b7/0x3c0
[   55.007625]  ? ksys_read+0x340/0x340
[   55.011333]  do_syscall_64+0x15b/0x220
[   55.015220]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   55.020398] RIP: 0033:0x446fa9
[   55.023572] Code: e8 6c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 03 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   55.042862] RSP: 002b:00007f197391cda8 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   55.050563] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000446fa9
[   55.057819] RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000003
[   55.065091] RBP: 00000000006dcc40 R08: 0000000000000000 R09: 0000000000000000
[   55.072358] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc4c
[   55.079638] R13: 0000010000000002 R14: 00007f197391d9c0 R15: 0000000000000000
[   55.087302] Dumping ftrace buffer:
[   55.090843]    (ftrace buffer empty)
[   55.094541] Kernel Offset: disabled
[   55.098172] Rebooting in 86400 seconds..