[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 32.686652] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.748858] random: sshd: uninitialized urandom read (32 bytes read) [ 36.263088] random: sshd: uninitialized urandom read (32 bytes read) [ 37.432968] random: sshd: uninitialized urandom read (32 bytes read) [ 1217.352300] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. [ 1222.837704] random: sshd: uninitialized urandom read (32 bytes read) [ 1222.961395] IPVS: ftp: loaded support on port[0] = 21 [ 1222.962311] IPVS: ftp: loaded support on port[0] = 21 [ 1222.968548] IPVS: ftp: loaded support on port[0] = 21 [ 1222.973044] IPVS: ftp: loaded support on port[0] = 21 [ 1222.978345] IPVS: ftp: loaded support on port[0] = 21 [ 1222.984405] IPVS: ftp: loaded support on port[0] = 21 [ 1222.995533] IPVS: ftp: loaded support on port[0] = 21 [ 1223.003466] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 1223.337819] ================================================================== [ 1223.345217] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450 [ 1223.351702] CPU: 0 PID: 4614 Comm: syz-executor259 Not tainted 4.17.0+ #6 [ 1223.358611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.367949] Call Trace: [ 1223.370514] dump_stack+0x185/0x1d0 [ 1223.374121] kmsan_report+0x188/0x2a0 [ 1223.377897] __msan_warning_32+0x70/0xc0 [ 1223.381934] __list_add_valid+0x1b8/0x450 [ 1223.386058] enqueue_task_fair+0xe12/0x4490 [ 1223.390394] ? update_load_avg+0x2cc0/0x2cc0 [ 1223.394794] wake_up_new_task+0xd34/0x1850 [ 1223.399010] _do_fork+0x799/0xf60 [ 1223.402443] __x64_sys_clone+0x15e/0x1b0 [ 1223.406483] ? __ia32_sys_vfork+0x70/0x70 [ 1223.410606] do_syscall_64+0x15b/0x230 [ 1223.414483] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1223.419646] RIP: 0033:0x415a29 [ 1223.422812] RSP: 002b:00000000007ffbc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1223.430499] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000415a29 [ 1223.437747] RDX: 00000000007ffbcc RSI: 0000000000000000 RDI: 0000000000100011 [ 1223.444992] RBP: 00000000007ffd70 R08: 0000000000804a60 R09: 0000000000000027 [ 1223.452236] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 1223.459492] R13: 0000000000407b30 R14: 0000000000000000 R15: 0000000000000000 [ 1223.466749] [ 1223.468352] Uninit was stored to memory at: [ 1223.472663] kmsan_internal_chain_origin+0x12b/0x210 [ 1223.477748] __msan_chain_origin+0x69/0xc0 [ 1223.481957] pick_next_task_fair+0x2474/0x2530 [ 1223.486514] pick_next_task+0x1ba/0x420 [ 1223.490463] __schedule+0x20f/0x770 [ 1223.494071] do_task_dead+0xc8/0xf0 [ 1223.497689] do_exit+0x347e/0x3930 [ 1223.501219] do_group_exit+0x1a0/0x360 [ 1223.505079] __do_sys_exit_group+0x21/0x30 [ 1223.509301] __se_sys_exit_group+0x14/0x20 [ 1223.513514] __x64_sys_exit_group+0x4c/0x50 [ 1223.517820] do_syscall_64+0x15b/0x230 [ 1223.521695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1223.526855] Local variable description: ----tlb.i@ldt_arch_exit_mmap [ 1223.533319] Variable was created at: [ 1223.537008] ldt_arch_exit_mmap+0x46/0x160 [ 1223.541218] exit_mmap+0x410/0x980 [ 1223.544732] ================================================================== [ 1223.552067] Disabling lock debugging due to kernel taint [ 1223.557494] Kernel panic - not syncing: panic_on_warn set ... [ 1223.557494] [ 1223.564832] CPU: 0 PID: 4614 Comm: syz-executor259 Tainted: G B 4.17.0+ #6 [ 1223.573119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.582447] Call Trace: [ 1223.585013] dump_stack+0x185/0x1d0 [ 1223.588617] panic+0x3d0/0x990 [ 1223.591793] kmsan_report+0x29e/0x2a0 [ 1223.595576] __msan_warning_32+0x70/0xc0 [ 1223.599613] __list_add_valid+0x1b8/0x450 [ 1223.603738] enqueue_task_fair+0xe12/0x4490 [ 1223.608044] ? update_load_avg+0x2cc0/0x2cc0 [ 1223.612448] wake_up_new_task+0xd34/0x1850 [ 1223.616664] _do_fork+0x799/0xf60 [ 1223.620110] __x64_sys_clone+0x15e/0x1b0 [ 1223.624149] ? __ia32_sys_vfork+0x70/0x70 [ 1223.628272] do_syscall_64+0x15b/0x230 [ 1223.632140] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1223.637307] RIP: 0033:0x415a29 [ 1223.640475] RSP: 002b:00000000007ffbc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1223.648161] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000415a29 [ 1223.655406] RDX: 00000000007ffbcc RSI: 0000000000000000 RDI: 0000000000100011 [ 1223.662656] RBP: 00000000007ffd70 R08: 0000000000804a60 R09: 0000000000000027 [ 1223.669904] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 1223.677164] R13: 0000000000407b30 R14: 0000000000000000 R15: 0000000000000000 [ 1224.773893] Shutting down cpus with NMI [ 1224.789122] Dumping ftrace buffer: [ 1224.792658] (ftrace buffer empty) [ 1224.796342] Kernel Offset: disabled [ 1224.799943] Rebooting in 86400 seconds..