[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 33.220956] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.454083] random: sshd: uninitialized urandom read (32 bytes read) [ 37.902963] random: sshd: uninitialized urandom read (32 bytes read) [ 39.175761] random: sshd: uninitialized urandom read (32 bytes read) [ 40.227187] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts. [ 45.734773] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 45.874653] ================================================================== [ 45.882058] BUG: KMSAN: kernel-infoleak in put_cmsg+0x5ef/0x860 [ 45.888103] CPU: 0 PID: 4569 Comm: syz-executor867 Not tainted 4.17.0+ #22 [ 45.895092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.904426] Call Trace: [ 45.906998] dump_stack+0x185/0x1d0 [ 45.910622] kmsan_report+0x188/0x2a0 [ 45.914409] kmsan_internal_check_memory+0x138/0x1f0 [ 45.919499] kmsan_copy_to_user+0x73/0xb0 [ 45.923634] put_cmsg+0x5ef/0x860 [ 45.927077] ip6_datagram_recv_specific_ctl+0x1cf3/0x1eb0 [ 45.932617] ip6_datagram_recv_ctl+0x41c/0x450 [ 45.937340] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 45.943773] ? __ipv6_addr_type+0x31d/0x3a0 [ 45.948079] rawv6_recvmsg+0x10fb/0x1460 [ 45.952129] ? rawv6_sendmsg+0x4fc0/0x4fc0 [ 45.956347] sock_common_recvmsg+0x173/0x280 [ 45.960739] sock_recvmsg+0x1d6/0x230 [ 45.964521] ? compat_sock_common_getsockopt+0x260/0x260 [ 45.969956] ___sys_recvmsg+0x3fe/0x810 [ 45.973922] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 45.979267] ? __fget_light+0x6a3/0x700 [ 45.983231] __x64_sys_recvmsg+0x325/0x460 [ 45.987454] ? ___sys_recvmsg+0x810/0x810 [ 45.991581] do_syscall_64+0x15b/0x230 [ 45.995459] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 46.000630] RIP: 0033:0x4456c9 [ 46.003800] RSP: 002b:00007f32213cbda8 EFLAGS: 00000297 ORIG_RAX: 000000000000002f [ 46.011487] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 00000000004456c9 [ 46.018739] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 46.025987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 46.033238] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dac20 [ 46.040494] R13: 0000000020000500 R14: 0100000000000000 R15: 0000000000000001 [ 46.047747] [ 46.049354] Uninit was stored to memory at: [ 46.053661] kmsan_internal_chain_origin+0x12b/0x210 [ 46.058759] __msan_chain_origin+0x69/0xc0 [ 46.062977] ip6_datagram_recv_specific_ctl+0x1c3e/0x1eb0 [ 46.068494] ip6_datagram_recv_ctl+0x41c/0x450 [ 46.073060] rawv6_recvmsg+0x10fb/0x1460 [ 46.077103] sock_common_recvmsg+0x173/0x280 [ 46.081494] sock_recvmsg+0x1d6/0x230 [ 46.085276] ___sys_recvmsg+0x3fe/0x810 [ 46.089239] __x64_sys_recvmsg+0x325/0x460 [ 46.093453] do_syscall_64+0x15b/0x230 [ 46.097322] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 46.102483] [ 46.104089] Uninit was created at: [ 46.107614] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 46.112696] kmsan_kmalloc+0x94/0x100 [ 46.116475] kmsan_slab_alloc+0x10/0x20 [ 46.120431] __kmalloc_node_track_caller+0xb35/0x11b0 [ 46.125603] __alloc_skb+0x2cb/0x9e0 [ 46.129304] __ip6_append_data+0x364d/0x4fb0 [ 46.133692] ip6_append_data+0x40e/0x6b0 [ 46.137735] rawv6_sendmsg+0x2756/0x4fc0 [ 46.141774] inet_sendmsg+0x3fc/0x760 [ 46.145557] ___sys_sendmsg+0xec8/0x1320 [ 46.149608] __x64_sys_sendmsg+0x331/0x460 [ 46.153832] do_syscall_64+0x15b/0x230 [ 46.157702] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 46.162868] [ 46.164476] Bytes 2-3 of 24 are uninitialized [ 46.168946] Memory access starts at ffff88019620f8a8 [ 46.174030] ================================================================== [ 46.181384] Disabling lock debugging due to kernel taint [ 46.186832] Kernel panic - not syncing: panic_on_warn set ... [ 46.186832] [ 46.194178] CPU: 0 PID: 4569 Comm: syz-executor867 Tainted: G B 4.17.0+ #22 [ 46.202559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.211889] Call Trace: [ 46.214464] dump_stack+0x185/0x1d0 [ 46.218092] panic+0x3d0/0x9b0 [ 46.221291] kmsan_report+0x29e/0x2a0 [ 46.225078] kmsan_internal_check_memory+0x138/0x1f0 [ 46.230175] kmsan_copy_to_user+0x73/0xb0 [ 46.234314] put_cmsg+0x5ef/0x860 [ 46.237765] ip6_datagram_recv_specific_ctl+0x1cf3/0x1eb0 [ 46.243290] ip6_datagram_recv_ctl+0x41c/0x450 [ 46.247855] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 46.253203] ? __ipv6_addr_type+0x31d/0x3a0 [ 46.257509] rawv6_recvmsg+0x10fb/0x1460 [ 46.261570] ? rawv6_sendmsg+0x4fc0/0x4fc0 [ 46.265799] sock_common_recvmsg+0x173/0x280 [ 46.270197] sock_recvmsg+0x1d6/0x230 [ 46.273979] ? compat_sock_common_getsockopt+0x260/0x260 [ 46.279415] ___sys_recvmsg+0x3fe/0x810 [ 46.283381] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 46.288728] ? __fget_light+0x6a3/0x700 [ 46.292690] __x64_sys_recvmsg+0x325/0x460 [ 46.296915] ? ___sys_recvmsg+0x810/0x810 [ 46.301052] do_syscall_64+0x15b/0x230 [ 46.304925] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 46.310102] RIP: 0033:0x4456c9 [ 46.313288] RSP: 002b:00007f32213cbda8 EFLAGS: 00000297 ORIG_RAX: 000000000000002f [ 46.320975] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 00000000004456c9 [ 46.328226] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 46.335475] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 46.342728] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dac20 [ 46.349978] R13: 0000000020000500 R14: 0100000000000000 R15: 0000000000000001 [ 46.357762] Dumping ftrace buffer: [ 46.361279] (ftrace buffer empty) [ 46.364978] Kernel Offset: disabled [ 46.368586] Rebooting in 86400 seconds..