[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   30.227827] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.104688] random: sshd: uninitialized urandom read (32 bytes read)
[   33.592670] random: sshd: uninitialized urandom read (32 bytes read)
[   34.743377] random: sshd: uninitialized urandom read (32 bytes read)
[  143.499659] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
[  149.036509] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/08 16:51:46 parsed 1 programs
[  149.987992] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/08 16:51:47 executed programs: 0
[  150.768151] IPVS: ftp: loaded support on port[0] = 21
[  150.783442] IPVS: ftp: loaded support on port[0] = 21
[  150.785631] IPVS: ftp: loaded support on port[0] = 21
[  150.792495] IPVS: ftp: loaded support on port[0] = 21
[  150.795542] IPVS: ftp: loaded support on port[0] = 21
[  150.807404] IPVS: ftp: loaded support on port[0] = 21
[  150.812796] IPVS: ftp: loaded support on port[0] = 21
[  150.849847] IPVS: ftp: loaded support on port[0] = 21
[  150.961109] ip (4532) used greatest stack depth: 54424 bytes left
[  151.041482] ip (4547) used greatest stack depth: 54152 bytes left
[  151.366167] ip (4618) used greatest stack depth: 54056 bytes left
[  151.386059] ==================================================================
[  151.393464] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450
[  151.399947] CPU: 1 PID: 4617 Comm: ip Not tainted 4.17.0+ #4
[  151.405719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  151.415138] Call Trace:
[  151.417701]  <IRQ>
[  151.419844]  dump_stack+0x185/0x1d0
[  151.423537]  kmsan_report+0x188/0x2a0
[  151.427330]  __msan_warning_32+0x70/0xc0
[  151.431367]  __list_add_valid+0x1b8/0x450
[  151.435501]  enqueue_task_fair+0xe12/0x4490
[  151.439805]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  151.445147]  ? update_load_avg+0x2cc0/0x2cc0
[  151.449785]  try_to_wake_up+0x162f/0x2260
[  151.453914]  wake_up_process+0x34/0x40
[  151.457779]  swake_up+0xfb/0x3b0
[  151.461209]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  151.466637]  rcu_report_qs_rnp+0x767/0x880
[  151.470848]  rcu_process_callbacks+0x90a/0x2060
[  151.475496]  ? rcu_scheduler_starting+0xe0/0xe0
[  151.480141]  __do_softirq+0x592/0x979
[  151.484016]  irq_exit+0x202/0x240
[  151.487446]  exiting_irq+0xe/0x10
[  151.490876]  smp_apic_timer_interrupt+0x64/0x90
[  151.495525]  apic_timer_interrupt+0xf/0x20
[  151.499732]  </IRQ>
[  151.501947] RIP: 0010:__msan_chain_origin+0x82/0xc0
[  151.506935] RSP: 0018:ffff880196c8eb40 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[  151.514620] RAX: 0000000090c000a9 RBX: ffff880198ab8000 RCX: ffff880196c8e8a0
[  151.521872] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 00000000e30e3625
[  151.529129] RBP: ffff880196c8eb70 R08: 0000000001080020 R09: 0000000000000003
[  151.536478] R10: 0000000000000002 R11: 00000000874000a9 R12: 0000000000000202
[  151.543726] R13: ffff8801b7a4e200 R14: 000000008ee000a9 R15: 0000000090c000a9
[  151.550999]  __skb_clone+0x7b3/0x990
[  151.554701]  ? kmsan_set_origin_inline+0x6b/0x120
[  151.559524]  skb_clone+0x3e8/0x590
[  151.563045]  netlink_broadcast_filtered+0xcde/0x1e10
[  151.568126]  ? kobject_uevent+0x80/0x80
[  151.572095]  ? kmsan_set_origin+0x9e/0x160
[  151.576313]  kobject_uevent_env+0x18e6/0x22a0
[  151.580793]  kobject_uevent+0x6f/0x80
[  151.584585]  netdev_queue_update_kobjects+0x2aa/0x750
[  151.589754]  netdev_register_kobject+0x5d5/0x6d0
[  151.594502]  register_netdevice+0x18ea/0x2720
[  151.598979]  team_newlink+0x168/0x1d0
[  151.602759]  ? team_validate+0x220/0x220
[  151.606796]  rtnl_newlink+0x2721/0x37a0
[  151.610744]  ? rtnl_newlink+0xca5/0x37a0
[  151.614781]  ? rtnl_newlink+0xb64/0x37a0
[  151.618831]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  151.624182]  ? rtnl_setlink+0x770/0x770
[  151.628132]  rtnetlink_rcv_msg+0xa44/0x1570
[  151.632448]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  151.637797]  ? netlink_sendmsg+0x76e/0x1350
[  151.642106]  ? ___sys_sendmsg+0xec8/0x1320
[  151.646490]  ? __x64_sys_sendmsg+0x331/0x460
[  151.650888]  ? do_syscall_64+0x15b/0x230
[  151.655880]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  151.661219]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  151.666556]  ? lookup_fast+0xbff/0x1780
[  151.670522]  ? kmsan_set_origin_inline+0x6b/0x120
[  151.675459]  ? kmsan_set_origin+0x9e/0x160
[  151.679677]  netlink_rcv_skb+0x37e/0x600
[  151.683727]  ? rtnetlink_bind+0x120/0x120
[  151.687864]  rtnetlink_rcv+0x50/0x60
[  151.691554]  netlink_unicast+0x1680/0x1750
[  151.695765]  ? rtnetlink_net_exit+0xa0/0xa0
[  151.700077]  netlink_sendmsg+0x104f/0x1350
[  151.704293]  ? netlink_getsockopt+0xc60/0xc60
[  151.708764]  ___sys_sendmsg+0xec8/0x1320
[  151.712818]  ? __fdget+0x4e/0x60
[  151.716258]  ? __fget_light+0x57/0x700
[  151.720122]  ? __fdget+0x4e/0x60
[  151.723476]  ? __fget_light+0x1dc/0x700
[  151.727437]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  151.732788]  ? __fget_light+0x1f5/0x700
[  151.736741]  __x64_sys_sendmsg+0x331/0x460
[  151.740967]  ? ___sys_sendmsg+0x1320/0x1320
[  151.745367]  do_syscall_64+0x15b/0x230
[  151.749247]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  151.754411] RIP: 0033:0x7fae95b1d320
[  151.758101] RSP: 002b:00007ffeb7675238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  151.765798] RAX: ffffffffffffffda RBX: 00007ffeb7679330 RCX: 00007fae95b1d320
[  151.773392] RDX: 0000000000000000 RSI: 00007ffeb7675270 RDI: 0000000000000003
[  151.780639] RBP: 00007ffeb7675270 R08: 0000000000000000 R09: 00007fae95dcc0b0
[  151.787936] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005b1ab426
[  151.795357] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffeb7679b10
[  151.802605] 
[  151.804217] Uninit was stored to memory at:
[  151.808793]  kmsan_internal_chain_origin+0x12b/0x210
[  151.813961]  __msan_chain_origin+0x69/0xc0
[  151.818172]  pick_next_task_fair+0x2474/0x2530
[  151.822731]  pick_next_task+0x1ba/0x420
[  151.826689]  __schedule+0x20f/0x770
[  151.830295]  do_task_dead+0xc8/0xf0
[  151.833911]  do_exit+0x347e/0x3930
[  151.837435]  do_group_exit+0x1a0/0x360
[  151.841303]  __do_sys_exit_group+0x21/0x30
[  151.845619]  __se_sys_exit_group+0x14/0x20
[  151.849895]  __x64_sys_exit_group+0x4c/0x50
[  151.854203]  do_syscall_64+0x15b/0x230
[  151.858084]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  151.863246] Local variable description: ----tlb.i@ldt_arch_exit_mmap
[  151.869722] Variable was created at:
[  151.873422]  ldt_arch_exit_mmap+0x46/0x160
[  151.877645]  exit_mmap+0x410/0x980
[  151.881175] ==================================================================
[  151.888508] Disabling lock debugging due to kernel taint
[  151.893933] Kernel panic - not syncing: panic_on_warn set ...
[  151.893933] 
[  151.901362] CPU: 1 PID: 4617 Comm: ip Tainted: G    B             4.17.0+ #4
[  151.908521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  151.917874] Call Trace:
[  151.920520]  <IRQ>
[  151.922652]  dump_stack+0x185/0x1d0
[  151.926274]  panic+0x3d0/0x990
[  151.929558]  kmsan_report+0x29e/0x2a0
[  151.933424]  __msan_warning_32+0x70/0xc0
[  151.937473]  __list_add_valid+0x1b8/0x450
[  151.941612]  enqueue_task_fair+0xe12/0x4490
[  151.945915]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  151.951269]  ? update_load_avg+0x2cc0/0x2cc0
[  151.955743]  try_to_wake_up+0x162f/0x2260
[  151.959872]  wake_up_process+0x34/0x40
[  151.963736]  swake_up+0xfb/0x3b0
[  151.967081]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  151.972519]  rcu_report_qs_rnp+0x767/0x880
[  151.976746]  rcu_process_callbacks+0x90a/0x2060
[  151.981394]  ? rcu_scheduler_starting+0xe0/0xe0
[  151.986051]  __do_softirq+0x592/0x979
[  151.989830]  irq_exit+0x202/0x240
[  151.993260]  exiting_irq+0xe/0x10
[  151.996692]  smp_apic_timer_interrupt+0x64/0x90
[  152.001338]  apic_timer_interrupt+0xf/0x20
[  152.005553]  </IRQ>
[  152.007859] RIP: 0010:__msan_chain_origin+0x82/0xc0
[  152.012847] RSP: 0018:ffff880196c8eb40 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[  152.020537] RAX: 0000000090c000a9 RBX: ffff880198ab8000 RCX: ffff880196c8e8a0
[  152.027781] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 00000000e30e3625
[  152.035043] RBP: ffff880196c8eb70 R08: 0000000001080020 R09: 0000000000000003
[  152.042289] R10: 0000000000000002 R11: 00000000874000a9 R12: 0000000000000202
[  152.049547] R13: ffff8801b7a4e200 R14: 000000008ee000a9 R15: 0000000090c000a9
[  152.056890]  __skb_clone+0x7b3/0x990
[  152.060600]  ? kmsan_set_origin_inline+0x6b/0x120
[  152.065431]  skb_clone+0x3e8/0x590
[  152.068952]  netlink_broadcast_filtered+0xcde/0x1e10
[  152.074093]  ? kobject_uevent+0x80/0x80
[  152.078050]  ? kmsan_set_origin+0x9e/0x160
[  152.082266]  kobject_uevent_env+0x18e6/0x22a0
[  152.086747]  kobject_uevent+0x6f/0x80
[  152.090622]  netdev_queue_update_kobjects+0x2aa/0x750
[  152.095882]  netdev_register_kobject+0x5d5/0x6d0
[  152.100649]  register_netdevice+0x18ea/0x2720
[  152.105255]  team_newlink+0x168/0x1d0
[  152.109047]  ? team_validate+0x220/0x220
[  152.113088]  rtnl_newlink+0x2721/0x37a0
[  152.117047]  ? rtnl_newlink+0xca5/0x37a0
[  152.121095]  ? rtnl_newlink+0xb64/0x37a0
[  152.125326]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  152.130764]  ? rtnl_setlink+0x770/0x770
[  152.134726]  rtnetlink_rcv_msg+0xa44/0x1570
[  152.139052]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  152.144682]  ? netlink_sendmsg+0x76e/0x1350
[  152.150463]  ? ___sys_sendmsg+0xec8/0x1320
[  152.154681]  ? __x64_sys_sendmsg+0x331/0x460
[  152.159748]  ? do_syscall_64+0x15b/0x230
[  152.163794]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  152.169139]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  152.174567]  ? lookup_fast+0xbff/0x1780
[  152.178519]  ? kmsan_set_origin_inline+0x6b/0x120
[  152.183342]  ? kmsan_set_origin+0x9e/0x160
[  152.187561]  netlink_rcv_skb+0x37e/0x600
[  152.191610]  ? rtnetlink_bind+0x120/0x120
[  152.195746]  rtnetlink_rcv+0x50/0x60
[  152.199435]  netlink_unicast+0x1680/0x1750
[  152.203648]  ? rtnetlink_net_exit+0xa0/0xa0
[  152.207955]  netlink_sendmsg+0x104f/0x1350
[  152.212189]  ? netlink_getsockopt+0xc60/0xc60
[  152.216660]  ___sys_sendmsg+0xec8/0x1320
[  152.220709]  ? __fdget+0x4e/0x60
[  152.224067]  ? __fget_light+0x57/0x700
[  152.227932]  ? __fdget+0x4e/0x60
[  152.231274]  ? __fget_light+0x1dc/0x700
[  152.235236]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  152.240577]  ? __fget_light+0x1f5/0x700
[  152.244617]  __x64_sys_sendmsg+0x331/0x460
[  152.248830]  ? ___sys_sendmsg+0x1320/0x1320
[  152.253127]  do_syscall_64+0x15b/0x230
[  152.256994]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  152.262260] RIP: 0033:0x7fae95b1d320
[  152.265959] RSP: 002b:00007ffeb7675238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  152.273659] RAX: ffffffffffffffda RBX: 00007ffeb7679330 RCX: 00007fae95b1d320
[  152.280912] RDX: 0000000000000000 RSI: 00007ffeb7675270 RDI: 0000000000000003
[  152.288159] RBP: 00007ffeb7675270 R08: 0000000000000000 R09: 00007fae95dcc0b0
[  152.295416] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005b1ab426
[  152.302683] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffeb7679b10
[  153.521094] Shutting down cpus with NMI
[  153.537777] Dumping ftrace buffer:
[  153.541309]    (ftrace buffer empty)
[  153.545001] Kernel Offset: disabled
[  153.548623] Rebooting in 86400 seconds..