[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 30.538610] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.892226] random: sshd: uninitialized urandom read (32 bytes read) [ 33.251305] random: sshd: uninitialized urandom read (32 bytes read) [ 34.448240] random: sshd: uninitialized urandom read (32 bytes read) [ 34.652777] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. [ 40.162354] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.294610] ================================================================== [ 40.302032] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x1b14/0x2800 [ 40.308683] CPU: 1 PID: 4520 Comm: syz-executor841 Not tainted 4.17.0+ #5 [ 40.315598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.324938] Call Trace: [ 40.327535] dump_stack+0x185/0x1d0 [ 40.331155] kmsan_report+0x188/0x2a0 [ 40.334950] kmsan_internal_check_memory+0x138/0x1f0 [ 40.340053] kmsan_copy_to_user+0x7a/0x160 [ 40.344287] ? _copy_to_iter+0x92/0x2800 [ 40.348333] _copy_to_iter+0x1b14/0x2800 [ 40.352399] skb_copy_datagram_iter+0x422/0xfa0 [ 40.357076] ? skb_recv_datagram+0x3e5/0x450 [ 40.361475] netlink_recvmsg+0x6f1/0x1900 [ 40.365616] sock_recvmsg+0x1d6/0x230 [ 40.369398] ? netlink_sendmsg+0x1350/0x1350 [ 40.373785] ___sys_recvmsg+0x3fe/0x810 [ 40.377753] ? __fget_light+0x57/0x700 [ 40.381628] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 40.386974] ? __fget_light+0x6a3/0x700 [ 40.390944] __sys_recvmmsg+0x58e/0xe30 [ 40.394905] ? kmsan_set_origin+0x9e/0x160 [ 40.399134] do_sys_recvmmsg+0x2a6/0x3e0 [ 40.403179] __x64_sys_recvmmsg+0x15d/0x1c0 [ 40.407492] ? __sys_recvmmsg+0xe30/0xe30 [ 40.411621] do_syscall_64+0x15b/0x230 [ 40.415493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.420664] RIP: 0033:0x446ce9 [ 40.423833] RSP: 002b:00007fc307918db8 EFLAGS: 00000293 ORIG_RAX: 000000000000012b [ 40.431525] RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000446ce9 [ 40.438775] RDX: 000000000000000a RSI: 0000000020005040 RDI: 0000000000000003 [ 40.446029] RBP: 00000000006dbc20 R08: 0000000020004e40 R09: 0000000000000000 [ 40.453286] R10: 0000000040000000 R11: 0000000000000293 R12: 0000000000000000 [ 40.460534] R13: 00007ffc8d2df32f R14: 00007fc3079199c0 R15: 0000000000000001 [ 40.467785] [ 40.469388] Uninit was stored to memory at: [ 40.473702] kmsan_internal_chain_origin+0x12b/0x210 [ 40.478784] kmsan_memcpy_origins+0x11d/0x170 [ 40.483272] __msan_memcpy+0x109/0x160 [ 40.487140] nla_put+0x276/0x340 [ 40.490495] dump_one_policy+0xbe1/0x1090 [ 40.494623] xfrm_policy_walk+0x45a/0xd00 [ 40.498751] xfrm_dump_policy+0x1c0/0x2a0 [ 40.502891] netlink_dump+0x9b5/0x1550 [ 40.506761] __netlink_dump_start+0x1131/0x1270 [ 40.511414] xfrm_user_rcv_msg+0x8a3/0x9b0 [ 40.515644] netlink_rcv_skb+0x37e/0x600 [ 40.519688] xfrm_netlink_rcv+0xb2/0xf0 [ 40.523648] netlink_unicast+0x1680/0x1750 [ 40.527867] netlink_sendmsg+0x104f/0x1350 [ 40.532098] ___sys_sendmsg+0xec8/0x1320 [ 40.536155] __x64_sys_sendmsg+0x331/0x460 [ 40.540372] do_syscall_64+0x15b/0x230 [ 40.544254] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.549427] Local variable description: ----upt.i@dump_one_policy [ 40.555635] Variable was created at: [ 40.559333] dump_one_policy+0x78/0x1090 [ 40.563389] xfrm_policy_walk+0x45a/0xd00 [ 40.567518] [ 40.569140] Byte 130 of 137 is uninitialized [ 40.573531] Memory access starts at ffff88019550407f [ 40.578606] ================================================================== [ 40.586039] Disabling lock debugging due to kernel taint [ 40.591483] Kernel panic - not syncing: panic_on_warn set ... [ 40.591483] [ 40.598836] CPU: 1 PID: 4520 Comm: syz-executor841 Tainted: G B 4.17.0+ #5 [ 40.607140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.616472] Call Trace: [ 40.619056] dump_stack+0x185/0x1d0 [ 40.622674] panic+0x3d0/0x990 [ 40.625850] kmsan_report+0x29e/0x2a0 [ 40.629639] kmsan_internal_check_memory+0x138/0x1f0 [ 40.634722] kmsan_copy_to_user+0x7a/0x160 [ 40.638946] ? _copy_to_iter+0x92/0x2800 [ 40.642994] _copy_to_iter+0x1b14/0x2800 [ 40.647065] skb_copy_datagram_iter+0x422/0xfa0 [ 40.651731] ? skb_recv_datagram+0x3e5/0x450 [ 40.656143] netlink_recvmsg+0x6f1/0x1900 [ 40.660293] sock_recvmsg+0x1d6/0x230 [ 40.664083] ? netlink_sendmsg+0x1350/0x1350 [ 40.668480] ___sys_recvmsg+0x3fe/0x810 [ 40.672439] ? __fget_light+0x57/0x700 [ 40.676316] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 40.681695] ? __fget_light+0x6a3/0x700 [ 40.685667] __sys_recvmmsg+0x58e/0xe30 [ 40.689633] ? kmsan_set_origin+0x9e/0x160 [ 40.693850] do_sys_recvmmsg+0x2a6/0x3e0 [ 40.697898] __x64_sys_recvmmsg+0x15d/0x1c0 [ 40.702201] ? __sys_recvmmsg+0xe30/0xe30 [ 40.706327] do_syscall_64+0x15b/0x230 [ 40.710204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.715370] RIP: 0033:0x446ce9 [ 40.718536] RSP: 002b:00007fc307918db8 EFLAGS: 00000293 ORIG_RAX: 000000000000012b [ 40.726239] RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000446ce9 [ 40.733505] RDX: 000000000000000a RSI: 0000000020005040 RDI: 0000000000000003 [ 40.740762] RBP: 00000000006dbc20 R08: 0000000020004e40 R09: 0000000000000000 [ 40.748021] R10: 0000000040000000 R11: 0000000000000293 R12: 0000000000000000 [ 40.755287] R13: 00007ffc8d2df32f R14: 00007fc3079199c0 R15: 0000000000000001 [ 40.763107] Dumping ftrace buffer: [ 40.766623] (ftrace buffer empty) [ 40.770320] Kernel Offset: disabled [ 40.773924] Rebooting in 86400 seconds..