[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   29.090969] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.953857] random: sshd: uninitialized urandom read (32 bytes read)
[   33.363834] random: sshd: uninitialized urandom read (32 bytes read)
[   34.483952] random: sshd: uninitialized urandom read (32 bytes read)
[   34.689665] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts.
[   40.144525] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   40.254527] ==================================================================
[   40.261900] BUG: KMSAN: uninit-value in pfkey_sendmsg+0x57d/0x1aa0
[   40.268193] CPU: 0 PID: 4504 Comm: syz-executor102 Not tainted 4.17.0+ #5
[   40.275093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.284420] Call Trace:
[   40.286987]  dump_stack+0x185/0x1d0
[   40.290592]  kmsan_report+0x188/0x2a0
[   40.294370]  __msan_warning_32+0x70/0xc0
[   40.298407]  pfkey_sendmsg+0x57d/0x1aa0
[   40.302358]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   40.307699]  ? workingset_activation+0x281/0x300
[   40.312435]  ? kmsan_set_origin_inline+0x6b/0x120
[   40.317258]  ? security_socket_sendmsg+0x5d/0x200
[   40.322075]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   40.327413]  ? security_socket_sendmsg+0x91/0x200
[   40.332236]  ? pfkey_release+0x5c0/0x5c0
[   40.336274]  kernel_sendmsg+0x22a/0x2d0
[   40.340226]  sock_no_sendpage+0x1c8/0x250
[   40.344353]  ? sock_no_mmap+0x30/0x30
[   40.348128]  sock_sendpage+0x1ef/0x2e0
[   40.351997]  pipe_to_sendpage+0x321/0x440
[   40.356124]  ? sock_fasync+0x2b0/0x2b0
[   40.359993]  ? propagate_umount+0x3990/0x3990
[   40.364467]  __splice_from_pipe+0x4a5/0xf50
[   40.368767]  ? generic_splice_sendpage+0x2a0/0x2a0
[   40.373674]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   40.379024]  generic_splice_sendpage+0x1c6/0x2a0
[   40.383770]  ? iter_file_splice_write+0x1710/0x1710
[   40.388765]  direct_splice_actor+0x19e/0x200
[   40.393151]  splice_direct_to_actor+0x767/0x1040
[   40.397882]  ? do_splice_direct+0x540/0x540
[   40.402182]  do_splice_direct+0x335/0x540
[   40.406307]  ? security_file_permission+0x230/0x480
[   40.411301]  do_sendfile+0x107b/0x1e40
[   40.415180]  __x64_sys_sendfile64+0x218/0x390
[   40.419662]  ? __ia32_sys_sendfile+0x160/0x160
[   40.424219]  do_syscall_64+0x15b/0x230
[   40.428094]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   40.433263] RIP: 0033:0x43fdb9
[   40.436426] RSP: 002b:00007ffe5a6257b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000028
[   40.444110] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 000000000043fdb9
[   40.451355] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003
[   40.458599] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   40.465846] R10: 02008000fffffffe R11: 0000000000000217 R12: 00000000004016e0
[   40.473091] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   40.480338] 
[   40.481936] Uninit was stored to memory at:
[   40.486239]  kmsan_internal_chain_origin+0x12b/0x210
[   40.491317]  kmsan_memcpy_origins+0x11d/0x170
[   40.495786]  __msan_memcpy+0x109/0x160
[   40.499660]  _copy_from_iter_full+0xe06/0x1440
[   40.504217]  pfkey_sendmsg+0x38d/0x1aa0
[   40.508170]  kernel_sendmsg+0x22a/0x2d0
[   40.512120]  sock_no_sendpage+0x1c8/0x250
[   40.516245]  sock_sendpage+0x1ef/0x2e0
[   40.520117]  pipe_to_sendpage+0x321/0x440
[   40.524243]  __splice_from_pipe+0x4a5/0xf50
[   40.528540]  generic_splice_sendpage+0x1c6/0x2a0
[   40.533273]  direct_splice_actor+0x19e/0x200
[   40.537656]  splice_direct_to_actor+0x767/0x1040
[   40.542396]  do_splice_direct+0x335/0x540
[   40.546522]  do_sendfile+0x107b/0x1e40
[   40.550387]  __x64_sys_sendfile64+0x218/0x390
[   40.554859]  do_syscall_64+0x15b/0x230
[   40.558723]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   40.563882] Uninit was created at:
[   40.567402]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   40.572392]  kmsan_alloc_page+0x82/0xe0
[   40.576342]  __alloc_pages_nodemask+0xf7b/0x5cc0
[   40.581074]  alloc_pages_current+0x6b1/0x970
[   40.585466]  __page_cache_alloc+0x95/0x320
[   40.589684]  generic_file_read_iter+0x22a4/0x44d0
[   40.594504]  generic_file_splice_read+0x5d7/0x900
[   40.599323]  splice_direct_to_actor+0x4cb/0x1040
[   40.604063]  do_splice_direct+0x335/0x540
[   40.608196]  do_sendfile+0x107b/0x1e40
[   40.612067]  __x64_sys_sendfile64+0x218/0x390
[   40.616545]  do_syscall_64+0x15b/0x230
[   40.620412]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   40.625573] ==================================================================
[   40.632903] Disabling lock debugging due to kernel taint
[   40.638324] Kernel panic - not syncing: panic_on_warn set ...
[   40.638324] 
[   40.645663] CPU: 0 PID: 4504 Comm: syz-executor102 Tainted: G    B             4.17.0+ #5
[   40.653948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.663282] Call Trace:
[   40.665856]  dump_stack+0x185/0x1d0
[   40.669464]  panic+0x3d0/0x990
[   40.672637]  kmsan_report+0x29e/0x2a0
[   40.676416]  __msan_warning_32+0x70/0xc0
[   40.680457]  pfkey_sendmsg+0x57d/0x1aa0
[   40.684410]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   40.689756]  ? workingset_activation+0x281/0x300
[   40.694980]  ? kmsan_set_origin_inline+0x6b/0x120
[   40.699805]  ? security_socket_sendmsg+0x5d/0x200
[   40.704626]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   40.709966]  ? security_socket_sendmsg+0x91/0x200
[   40.714790]  ? pfkey_release+0x5c0/0x5c0
[   40.718827]  kernel_sendmsg+0x22a/0x2d0
[   40.722780]  sock_no_sendpage+0x1c8/0x250
[   40.726914]  ? sock_no_mmap+0x30/0x30
[   40.730690]  sock_sendpage+0x1ef/0x2e0
[   40.734557]  pipe_to_sendpage+0x321/0x440
[   40.738678]  ? sock_fasync+0x2b0/0x2b0
[   40.742544]  ? propagate_umount+0x3990/0x3990
[   40.747025]  __splice_from_pipe+0x4a5/0xf50
[   40.751334]  ? generic_splice_sendpage+0x2a0/0x2a0
[   40.756242]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   40.761581]  generic_splice_sendpage+0x1c6/0x2a0
[   40.766313]  ? iter_file_splice_write+0x1710/0x1710
[   40.771304]  direct_splice_actor+0x19e/0x200
[   40.775693]  splice_direct_to_actor+0x767/0x1040
[   40.780426]  ? do_splice_direct+0x540/0x540
[   40.784728]  do_splice_direct+0x335/0x540
[   40.788865]  ? security_file_permission+0x230/0x480
[   40.793861]  do_sendfile+0x107b/0x1e40
[   40.797730]  __x64_sys_sendfile64+0x218/0x390
[   40.802205]  ? __ia32_sys_sendfile+0x160/0x160
[   40.806763]  do_syscall_64+0x15b/0x230
[   40.810627]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   40.815789] RIP: 0033:0x43fdb9
[   40.818952] RSP: 002b:00007ffe5a6257b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000028
[   40.826632] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 000000000043fdb9
[   40.833875] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003
[   40.841118] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   40.848365] R10: 02008000fffffffe R11: 0000000000000217 R12: 00000000004016e0
[   40.855607] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   40.863322] Dumping ftrace buffer:
[   40.866841]    (ftrace buffer empty)
[   40.870523] Kernel Offset: disabled
[   40.874121] Rebooting in 86400 seconds..