[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 36.228475] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.809292] random: sshd: uninitialized urandom read (32 bytes read) [ 41.171795] random: sshd: uninitialized urandom read (32 bytes read) [ 42.603719] random: sshd: uninitialized urandom read (32 bytes read) [ 42.861316] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. [ 48.449448] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 [ 48.581068] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 executing program [ 48.758215] ================================================================== [ 48.765732] BUG: KMSAN: uninit-value in ipv6_skip_exthdr+0x156/0x910 [ 48.772230] CPU: 0 PID: 4596 Comm: syz-executor935 Not tainted 4.18.0-rc4+ #23 [ 48.779591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.789057] Call Trace: [ 48.791646] dump_stack+0x185/0x1e0 [ 48.795267] kmsan_report+0x195/0x2c0 [ 48.799162] __msan_warning_32+0x7d/0xe0 [ 48.803223] ipv6_skip_exthdr+0x156/0x910 [ 48.807400] ipv6_get_l4proto+0x1be/0x2f0 [ 48.811546] nf_conntrack_in+0x54a/0x2070 [ 48.815695] ? ipv6_invert_tuple+0xf0/0xf0 [ 48.819927] ipv6_conntrack_in+0xc3/0xf0 [ 48.823994] ? ipv6_hooks_unregister+0x200/0x200 [ 48.828762] nf_hook_slow+0x15d/0x3e0 [ 48.832580] ipv6_rcv+0x1df5/0x2250 [ 48.836217] ? local_bh_enable+0x40/0x40 [ 48.840270] __netif_receive_skb_core+0x4a7a/0x4fc0 [ 48.845295] ? ip6_rcv_finish+0x6e0/0x6e0 [ 48.849525] netif_receive_skb_internal+0x475/0x660 [ 48.854537] napi_gro_frags+0xfb4/0x1600 [ 48.858602] tun_get_user+0x5a3b/0x89c0 [ 48.862721] tun_chr_write_iter+0x1d4/0x330 [ 48.867056] ? tun_chr_read_iter+0x460/0x460 [ 48.871467] do_iter_readv_writev+0x81a/0xac0 [ 48.875974] ? tun_chr_read_iter+0x460/0x460 [ 48.880374] do_iter_write+0x30d/0xd50 [ 48.884255] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 48.889705] ? import_iovec+0x3e0/0x640 [ 48.893682] do_writev+0x3d8/0x860 [ 48.897230] ? kmsan_set_origin_inline+0x6b/0x120 [ 48.902074] ? __msan_poison_alloca+0x183/0x220 [ 48.906743] __x64_sys_writev+0xe1/0x120 [ 48.910893] ? __ia32_sys_readv+0x120/0x120 [ 48.915209] do_syscall_64+0x15b/0x230 [ 48.919106] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 48.924311] RIP: 0033:0x441570 [ 48.927485] Code: 05 48 3d 01 f0 ff ff 0f 83 bd 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 81 27 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 09 fc ff c3 48 83 ec 08 e8 3a 2b 00 00 [ 48.946673] RSP: 002b:00007ffe4bffac48 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 48.954388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441570 [ 48.961667] RDX: 0000000000000001 RSI: 00007ffe4bffac70 RDI: 00000000000000fc [ 48.968949] RBP: 00000000006cc018 R08: 0000000000000000 R09: 000000000000001a [ 48.976214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402390 [ 48.983479] R13: 0000000000402420 R14: 0000000000000000 R15: 0000000000000000 [ 48.990768] [ 48.992387] Uninit was stored to memory at: [ 48.996729] kmsan_internal_chain_origin+0x13c/0x240 [ 49.001822] kmsan_memcpy_origins+0x11d/0x170 [ 49.006313] __msan_memcpy+0xe7/0x150 [ 49.010110] skb_copy_bits+0x1f9/0xd80 [ 49.014003] ipv6_get_l4proto+0x105/0x2f0 [ 49.018163] nf_conntrack_in+0x54a/0x2070 [ 49.022310] ipv6_conntrack_in+0xc3/0xf0 [ 49.026391] nf_hook_slow+0x15d/0x3e0 [ 49.030180] ipv6_rcv+0x1df5/0x2250 [ 49.033892] __netif_receive_skb_core+0x4a7a/0x4fc0 [ 49.039022] netif_receive_skb_internal+0x475/0x660 [ 49.044053] napi_gro_frags+0xfb4/0x1600 [ 49.048280] tun_get_user+0x5a3b/0x89c0 [ 49.052333] tun_chr_write_iter+0x1d4/0x330 [ 49.056657] do_iter_readv_writev+0x81a/0xac0 [ 49.061152] do_iter_write+0x30d/0xd50 [ 49.065035] do_writev+0x3d8/0x860 [ 49.068755] __x64_sys_writev+0xe1/0x120 [ 49.072810] do_syscall_64+0x15b/0x230 [ 49.076692] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 49.081862] [ 49.083482] Uninit was stored to memory at: [ 49.087799] kmsan_internal_chain_origin+0x13c/0x240 [ 49.092899] kmsan_memcpy_origins+0x11d/0x170 [ 49.097391] kmsan_memmove_origins+0x9/0x10 [ 49.101718] __msan_memmove+0xe7/0x150 [ 49.105623] nf_ct_frag6_gather+0x436a/0x5870 [ 49.110114] ipv6_defrag+0x501/0x5c0 [ 49.113817] nf_hook_slow+0x15d/0x3e0 [ 49.117637] ipv6_rcv+0x1df5/0x2250 [ 49.121281] __netif_receive_skb_core+0x4a7a/0x4fc0 [ 49.126286] netif_receive_skb_internal+0x475/0x660 [ 49.131296] napi_gro_frags+0xfb4/0x1600 [ 49.135347] tun_get_user+0x5a3b/0x89c0 [ 49.139314] tun_chr_write_iter+0x1d4/0x330 [ 49.143649] do_iter_readv_writev+0x81a/0xac0 [ 49.148136] do_iter_write+0x30d/0xd50 [ 49.152012] do_writev+0x3d8/0x860 [ 49.155642] __x64_sys_writev+0xe1/0x120 [ 49.159699] do_syscall_64+0x15b/0x230 [ 49.163665] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 49.168842] [ 49.170554] Uninit was created at: [ 49.174090] kmsan_internal_alloc_meta_for_pages+0x157/0x730 [ 49.179966] kmsan_alloc_page+0x80/0xe0 [ 49.183928] __alloc_pages_nodemask+0x105b/0x6320 [ 49.188764] page_frag_alloc+0x444/0x9d0 [ 49.192813] __napi_alloc_skb+0x199/0xa10 [ 49.196963] page_to_skb+0x14a/0x1230 [ 49.200773] receive_buf+0x1203/0x7900 [ 49.204672] virtnet_poll+0x903/0x1490 [ 49.208552] net_rx_action+0x799/0x1ae0 [ 49.212519] __do_softirq+0x55f/0x934 [ 49.216302] ================================================================== [ 49.223658] Disabling lock debugging due to kernel taint [ 49.229107] Kernel panic - not syncing: panic_on_warn set ... [ 49.229107] [ 49.236551] CPU: 0 PID: 4596 Comm: syz-executor935 Tainted: G B 4.18.0-rc4+ #23 [ 49.245304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.254766] Call Trace: [ 49.257353] dump_stack+0x185/0x1e0 [ 49.260973] panic+0x3d0/0x9b0 [ 49.264182] kmsan_report+0x2bf/0x2c0 [ 49.268167] __msan_warning_32+0x7d/0xe0 [ 49.272225] ipv6_skip_exthdr+0x156/0x910 [ 49.276390] ipv6_get_l4proto+0x1be/0x2f0 [ 49.280560] nf_conntrack_in+0x54a/0x2070 [ 49.284744] ? ipv6_invert_tuple+0xf0/0xf0 [ 49.289000] ipv6_conntrack_in+0xc3/0xf0 [ 49.293091] ? ipv6_hooks_unregister+0x200/0x200 [ 49.297857] nf_hook_slow+0x15d/0x3e0 [ 49.301669] ipv6_rcv+0x1df5/0x2250 [ 49.305312] ? local_bh_enable+0x40/0x40 [ 49.309379] __netif_receive_skb_core+0x4a7a/0x4fc0 [ 49.314405] ? ip6_rcv_finish+0x6e0/0x6e0 [ 49.318574] netif_receive_skb_internal+0x475/0x660 [ 49.323608] napi_gro_frags+0xfb4/0x1600 [ 49.327726] tun_get_user+0x5a3b/0x89c0 [ 49.331725] tun_chr_write_iter+0x1d4/0x330 [ 49.336064] ? tun_chr_read_iter+0x460/0x460 [ 49.340478] do_iter_readv_writev+0x81a/0xac0 [ 49.344986] ? tun_chr_read_iter+0x460/0x460 [ 49.349418] do_iter_write+0x30d/0xd50 [ 49.353326] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 49.358774] ? import_iovec+0x3e0/0x640 [ 49.362749] do_writev+0x3d8/0x860 [ 49.366301] ? kmsan_set_origin_inline+0x6b/0x120 [ 49.371333] ? __msan_poison_alloca+0x183/0x220 [ 49.376100] __x64_sys_writev+0xe1/0x120 [ 49.380156] ? __ia32_sys_readv+0x120/0x120 [ 49.384490] do_syscall_64+0x15b/0x230 [ 49.388376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 49.393578] RIP: 0033:0x441570 [ 49.396765] Code: 05 48 3d 01 f0 ff ff 0f 83 bd 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 81 27 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 09 fc ff c3 48 83 ec 08 e8 3a 2b 00 00 [ 49.415928] RSP: 002b:00007ffe4bffac48 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 49.423644] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441570 [ 49.430906] RDX: 0000000000000001 RSI: 00007ffe4bffac70 RDI: 00000000000000fc [ 49.438168] RBP: 00000000006cc018 R08: 0000000000000000 R09: 000000000000001a [ 49.445430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402390 [ 49.452702] R13: 0000000000402420 R14: 0000000000000000 R15: 0000000000000000 [ 49.460950] Dumping ftrace buffer: [ 49.464495] (ftrace buffer empty) [ 49.468211] Kernel Offset: disabled [ 49.471829] Rebooting in 86400 seconds..