[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.824645] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.673848] random: sshd: uninitialized urandom read (32 bytes read) [ 35.936597] random: sshd: uninitialized urandom read (32 bytes read) [ 37.081864] random: sshd: uninitialized urandom read (32 bytes read) [ 111.953475] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. [ 117.489752] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/15 21:27:27 parsed 1 programs [ 119.053138] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/15 21:27:29 executed programs: 0 [ 120.465675] IPVS: ftp: loaded support on port[0] = 21 [ 120.480172] IPVS: ftp: loaded support on port[0] = 21 [ 120.490252] IPVS: ftp: loaded support on port[0] = 21 [ 120.505511] IPVS: ftp: loaded support on port[0] = 21 [ 120.511984] IPVS: ftp: loaded support on port[0] = 21 [ 120.513327] IPVS: ftp: loaded support on port[0] = 21 [ 120.527190] IPVS: ftp: loaded support on port[0] = 21 [ 120.559292] IPVS: ftp: loaded support on port[0] = 21 [ 121.251127] ip (4677) used greatest stack depth: 54488 bytes left [ 121.276695] ip (4686) used greatest stack depth: 54424 bytes left [ 121.688726] ip (4763) used greatest stack depth: 54328 bytes left [ 121.820448] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.826882] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.840551] device bridge_slave_0 entered promiscuous mode [ 121.872293] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.878740] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.886663] device bridge_slave_0 entered promiscuous mode [ 121.897122] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.903544] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.912247] device bridge_slave_0 entered promiscuous mode [ 121.930926] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.937388] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.946001] device bridge_slave_0 entered promiscuous mode [ 121.953736] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.960206] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.969191] device bridge_slave_0 entered promiscuous mode [ 121.979658] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.986103] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.995133] device bridge_slave_0 entered promiscuous mode [ 122.005765] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.012191] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.020930] device bridge_slave_1 entered promiscuous mode [ 122.031363] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.037772] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.051348] device bridge_slave_0 entered promiscuous mode [ 122.063253] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.069719] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.077959] device bridge_slave_1 entered promiscuous mode [ 122.087708] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.094122] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.101915] device bridge_slave_1 entered promiscuous mode [ 122.112708] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.119117] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.126946] device bridge_slave_1 entered promiscuous mode [ 122.133422] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.139931] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.149786] device bridge_slave_0 entered promiscuous mode [ 122.159449] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.165991] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.176203] device bridge_slave_1 entered promiscuous mode [ 122.189730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.200170] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.206587] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.223899] device bridge_slave_1 entered promiscuous mode [ 122.230315] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.236715] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.244768] device bridge_slave_1 entered promiscuous mode [ 122.253555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.261844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.269508] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.284747] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.292678] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.300251] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.306710] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.327199] device bridge_slave_1 entered promiscuous mode [ 122.339838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.350700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.367981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.376211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.390112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.404096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.429915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.442128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.457234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.474298] ================================================================== [ 122.481715] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450 [ 122.488200] CPU: 0 PID: 4531 Comm: syz-executor5 Not tainted 4.17.0+ #8 [ 122.494933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.504273] Call Trace: [ 122.506853] dump_stack+0x185/0x1d0 [ 122.510463] kmsan_report+0x188/0x2a0 [ 122.514246] __msan_warning_32+0x70/0xc0 [ 122.518287] __list_add_valid+0x1b8/0x450 [ 122.522515] enqueue_task_fair+0xe12/0x4490 [ 122.526825] ? update_load_avg+0x2cc0/0x2cc0 [ 122.531220] wake_up_new_task+0xd34/0x1850 [ 122.535445] _do_fork+0x799/0xf60 [ 122.538883] __x64_sys_clone+0x15e/0x1b0 [ 122.542933] ? __ia32_sys_vfork+0x70/0x70 [ 122.547066] do_syscall_64+0x15b/0x230 [ 122.550939] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 122.556115] RIP: 0033:0x41f949 [ 122.559284] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 122.566973] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041f949 [ 122.574231] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011 [ 122.581566] RBP: 0000000000a3fc80 R08: 0000000000a44a60 R09: 000000000000003f [ 122.588816] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fe60 [ 122.596064] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 122.603316] [ 122.604922] Uninit was stored to memory at: [ 122.609232] kmsan_internal_chain_origin+0x12b/0x210 [ 122.614312] __msan_chain_origin+0x69/0xc0 [ 122.618530] pick_next_task_fair+0x2474/0x2530 [ 122.623091] pick_next_task+0x1ba/0x420 [ 122.627048] __schedule+0x20f/0x770 [ 122.630660] do_task_dead+0xc8/0xf0 [ 122.634269] do_exit+0x347e/0x3930 [ 122.637790] do_group_exit+0x1a0/0x360 [ 122.641659] __do_sys_exit_group+0x21/0x30 [ 122.646482] __se_sys_exit_group+0x14/0x20 [ 122.650697] __x64_sys_exit_group+0x4c/0x50 [ 122.655004] do_syscall_64+0x15b/0x230 [ 122.658870] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 122.664030] [ 122.665644] Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave [ 122.673149] Variable was created at: [ 122.676840] _raw_spin_lock_irqsave+0x45/0xf0 [ 122.681314] do_task_dead+0x40/0xf0 [ 122.684917] ================================================================== [ 122.692250] Disabling lock debugging due to kernel taint [ 122.697683] Kernel panic - not syncing: panic_on_warn set ... [ 122.697683] [ 122.705038] CPU: 0 PID: 4531 Comm: syz-executor5 Tainted: G B 4.17.0+ #8 [ 122.713154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.722482] Call Trace: [ 122.725602] dump_stack+0x185/0x1d0 [ 122.729234] panic+0x3d0/0x990 [ 122.732426] kmsan_report+0x29e/0x2a0 [ 122.736209] __msan_warning_32+0x70/0xc0 [ 122.740264] __list_add_valid+0x1b8/0x450 [ 122.744831] enqueue_task_fair+0xe12/0x4490 [ 122.749140] ? update_load_avg+0x2cc0/0x2cc0 [ 122.753540] wake_up_new_task+0xd34/0x1850 [ 122.757762] _do_fork+0x799/0xf60 [ 122.761200] __x64_sys_clone+0x15e/0x1b0 [ 122.765242] ? __ia32_sys_vfork+0x70/0x70 [ 122.769372] do_syscall_64+0x15b/0x230 [ 122.773243] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 122.778410] RIP: 0033:0x41f949 [ 122.781581] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 122.789269] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041f949 [ 122.796517] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011 [ 122.803764] RBP: 0000000000a3fc80 R08: 0000000000a44a60 R09: 000000000000003f [ 122.811016] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fe60 [ 122.818269] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 124.044088] Shutting down cpus with NMI [ 124.060368] Dumping ftrace buffer: [ 124.063904] (ftrace buffer empty) [ 124.067595] Kernel Offset: disabled [ 124.071206] Rebooting in 86400 seconds..