[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   35.009187] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   39.623377] random: sshd: uninitialized urandom read (32 bytes read)
[   40.093832] random: sshd: uninitialized urandom read (32 bytes read)
[   41.036666] random: sshd: uninitialized urandom read (32 bytes read)
[   41.321637] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.217' (ECDSA) to the list of known hosts.
[   47.023217] random: sshd: uninitialized urandom read (32 bytes read)
[   47.190047] IPVS: ftp: loaded support on port[0] = 21
[   47.281871] ip (4325) used greatest stack depth: 53880 bytes left
[   47.334216] ip (4330) used greatest stack depth: 53784 bytes left
[   47.420591] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.427048] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.434689] device bridge_slave_0 entered promiscuous mode
[   47.460948] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.467380] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.475011] device bridge_slave_1 entered promiscuous mode
[   47.500493] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.526364] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.602026] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   47.631236] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   47.748944] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   47.756668] team0: Port device team_slave_0 added
[   47.781962] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   47.789440] team0: Port device team_slave_1 added
[   47.815631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.844558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.873312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.901906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[   48.143039] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.149492] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.156326] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.162815] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   48.888876] ip (4470) used greatest stack depth: 53464 bytes left
[   49.049072] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.134287] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.220635] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.226862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.234680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.317200] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   49.810691] ==================================================================
[   49.818109] BUG: KMSAN: uninit-value in bond_start_xmit+0x1ab8/0x2b90
[   49.824681] CPU: 0 PID: 4319 Comm: syz-executor658 Not tainted 4.19.0-rc3+ #44
[   49.832029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.841371] Call Trace:
[   49.843951]  dump_stack+0x14b/0x190
[   49.847595]  kmsan_report+0x183/0x2b0
[   49.851395]  __msan_warning+0x70/0xc0
[   49.855195]  bond_start_xmit+0x1ab8/0x2b90
[   49.859437]  ? bond_close+0x1d0/0x1d0
[   49.863233]  dev_hard_start_xmit+0x5df/0xc20
[   49.867682]  __dev_queue_xmit+0x2f35/0x3ab0
[   49.872049]  dev_queue_xmit+0x4b/0x60
[   49.875857]  ? __netdev_pick_tx+0x12e0/0x12e0
[   49.880349]  packet_sendmsg+0x80ff/0x8c60
[   49.884518]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   49.889944]  ___sys_sendmsg+0xe70/0x1290
[   49.894041]  ? compat_packet_setsockopt+0x360/0x360
[   49.899088]  __se_sys_sendmsg+0x2a3/0x3d0
[   49.903262]  __x64_sys_sendmsg+0x4a/0x70
[   49.907327]  do_syscall_64+0xb8/0x100
[   49.911127]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   49.916307] RIP: 0033:0x4410f9
[   49.919491] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   49.938421] RSP: 002b:00007ffcc15c2468 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   49.946145] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004410f9
[   49.953402] RDX: 0000000000000000 RSI: 0000000020001940 RDI: 0000000000000004
[   49.960673] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   49.967930] R10: 0000000000000100 R11: 0000000000000217 R12: 0000000000402060
[   49.975187] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
[   49.982509] 
[   49.984137] Uninit was created at:
[   49.987684]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   49.992806]  kmsan_kmalloc+0x98/0x100
[   49.996612]  kmsan_slab_alloc+0x10/0x20
[   50.000583]  __kmalloc_node_track_caller+0x9e7/0x1160
[   50.005765]  __alloc_skb+0x2f5/0x9e0
[   50.009474]  alloc_skb_with_frags+0x1d0/0xac0
[   50.013960]  sock_alloc_send_pskb+0xb47/0x1170
[   50.018563]  packet_sendmsg+0x6599/0x8c60
[   50.022716]  ___sys_sendmsg+0xe70/0x1290
[   50.026796]  __se_sys_sendmsg+0x2a3/0x3d0
[   50.030935]  __x64_sys_sendmsg+0x4a/0x70
[   50.035012]  do_syscall_64+0xb8/0x100
[   50.038821]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   50.043992] ==================================================================
[   50.051353] Disabling lock debugging due to kernel taint
[   50.056789] Kernel panic - not syncing: panic_on_warn set ...
[   50.056789] 
[   50.064146] CPU: 0 PID: 4319 Comm: syz-executor658 Tainted: G    B             4.19.0-rc3+ #44
[   50.072902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.082243] Call Trace:
[   50.084823]  dump_stack+0x14b/0x190
[   50.088452]  panic+0x35d/0x8cb
[   50.091684]  kmsan_report+0x2a8/0x2b0
[   50.095517]  __msan_warning+0x70/0xc0
[   50.099347]  bond_start_xmit+0x1ab8/0x2b90
[   50.103589]  ? bond_close+0x1d0/0x1d0
[   50.107387]  dev_hard_start_xmit+0x5df/0xc20
[   50.111819]  __dev_queue_xmit+0x2f35/0x3ab0
[   50.116164]  dev_queue_xmit+0x4b/0x60
[   50.119956]  ? __netdev_pick_tx+0x12e0/0x12e0
[   50.124448]  packet_sendmsg+0x80ff/0x8c60
[   50.128609]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   50.134003]  ___sys_sendmsg+0xe70/0x1290
[   50.138071]  ? compat_packet_setsockopt+0x360/0x360
[   50.143118]  __se_sys_sendmsg+0x2a3/0x3d0
[   50.147274]  __x64_sys_sendmsg+0x4a/0x70
[   50.151330]  do_syscall_64+0xb8/0x100
[   50.155124]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   50.160303] RIP: 0033:0x4410f9
[   50.163485] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   50.182416] RSP: 002b:00007ffcc15c2468 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   50.190120] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004410f9
[   50.197378] RDX: 0000000000000000 RSI: 0000000020001940 RDI: 0000000000000004
[   50.204667] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   50.211950] R10: 0000000000000100 R11: 0000000000000217 R12: 0000000000402060
[   50.219259] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
[   50.226884] Kernel Offset: disabled
[   50.230519] Rebooting in 86400 seconds..