[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 38.936934] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.727184] random: sshd: uninitialized urandom read (32 bytes read) [ 44.237190] random: sshd: uninitialized urandom read (32 bytes read) [ 45.433192] random: sshd: uninitialized urandom read (32 bytes read) [ 45.694802] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. [ 51.451697] random: sshd: uninitialized urandom read (32 bytes read) [ 51.583353] IPVS: ftp: loaded support on port[0] = 21 [ 51.798073] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.804671] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.812433] device bridge_slave_0 entered promiscuous mode [ 51.837808] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.844261] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.851731] device bridge_slave_1 entered promiscuous mode [ 51.876390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.901683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.974924] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.003417] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.075539] ip (4532) used greatest stack depth: 53688 bytes left [ 52.117301] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.124718] team0: Port device team_slave_0 added [ 52.149488] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.156968] team0: Port device team_slave_1 added [ 52.182649] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.210617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.238657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.266699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available [ 52.498651] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.505188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.512093] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.518511] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 53.361699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.443273] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.524367] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.530557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.539606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.619435] 8021q: adding VLAN 0 to HW filter on device team0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 54.632560] ================================================================== [ 54.639982] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x44f/0x27d0 [ 54.646556] CPU: 1 PID: 4754 Comm: syz-executor100 Not tainted 4.18.0-rc8+ #33 [ 54.653901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.663240] Call Trace: [ 54.665821] dump_stack+0x17c/0x1c0 [ 54.669449] kmsan_report+0x188/0x2a0 [ 54.673254] kmsan_internal_check_memory+0x138/0x1f0 [ 54.678360] kmsan_copy_to_user+0x73/0xb0 [ 54.682510] _copy_to_iter+0x44f/0x27d0 [ 54.686519] skb_copy_datagram_iter+0x422/0xfa0 [ 54.691196] ? skb_recv_datagram+0x232/0x430 [ 54.695597] ? skb_recv_datagram+0x3d2/0x430 [ 54.700009] packet_recvmsg+0x728/0x1c30 [ 54.704089] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 54.709464] ? security_socket_recvmsg+0xa4/0x220 [ 54.714306] ? packet_sendmsg+0x8ae0/0x8ae0 [ 54.718617] sock_read_iter+0x406/0x480 [ 54.722619] ? kernel_sock_ip_overhead+0x340/0x340 [ 54.727557] __vfs_read+0x7b9/0x9f0 [ 54.731198] vfs_read+0x36c/0x6b0 [ 54.734662] __x64_sys_read+0x1b7/0x3c0 [ 54.738636] ? ksys_read+0x340/0x340 [ 54.742343] do_syscall_64+0x15b/0x220 [ 54.746251] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 54.751445] RIP: 0033:0x446fa9 [ 54.754622] Code: e8 6c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 03 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.773963] RSP: 002b:00007f197391cda8 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 54.781681] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000446fa9 [ 54.788953] RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000003 [ 54.796230] RBP: 00000000006dcc40 R08: 0000000000000000 R09: 0000000000000000 [ 54.803488] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc4c [ 54.810748] R13: 0000010000000002 R14: 00007f197391d9c0 R15: 0000000000000000 [ 54.818018] [ 54.819645] Uninit was created at: [ 54.823176] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 54.828268] kmsan_kmalloc+0x98/0x100 [ 54.832070] kmsan_slab_alloc+0x10/0x20 [ 54.836057] __kmalloc_node_track_caller+0xb4c/0x11d0 [ 54.841251] __alloc_skb+0x2ce/0x9b0 [ 54.844958] alloc_skb_with_frags+0x1d0/0xac0 [ 54.849452] sock_alloc_send_pskb+0xb47/0x1120 [ 54.854036] packet_sendmsg+0x6480/0x8ae0 [ 54.858194] ___sys_sendmsg+0xe32/0x1250 [ 54.862242] __sys_sendmmsg+0x4ac/0x930 [ 54.866204] __x64_sys_sendmmsg+0x11c/0x170 [ 54.870531] do_syscall_64+0x15b/0x220 [ 54.874421] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 54.879596] [ 54.881223] Bytes 4-5 of 25 are uninitialized [ 54.885700] Memory access starts at ffff8801c0310264 [ 54.890791] ================================================================== [ 54.898133] Disabling lock debugging due to kernel taint [ 54.903566] Kernel panic - not syncing: panic_on_warn set ... [ 54.903566] [ 54.910926] CPU: 1 PID: 4754 Comm: syz-executor100 Tainted: G B 4.18.0-rc8+ #33 [ 54.919662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.928999] Call Trace: [ 54.931591] dump_stack+0x17c/0x1c0 [ 54.935230] panic+0x3c3/0x9a0 [ 54.938448] kmsan_report+0x29e/0x2a0 [ 54.942265] kmsan_internal_check_memory+0x138/0x1f0 [ 54.947367] kmsan_copy_to_user+0x73/0xb0 [ 54.951518] _copy_to_iter+0x44f/0x27d0 [ 54.955532] skb_copy_datagram_iter+0x422/0xfa0 [ 54.960202] ? skb_recv_datagram+0x232/0x430 [ 54.964604] ? skb_recv_datagram+0x3d2/0x430 [ 54.969027] packet_recvmsg+0x728/0x1c30 [ 54.973108] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 54.978461] ? security_socket_recvmsg+0xa4/0x220 [ 54.983301] ? packet_sendmsg+0x8ae0/0x8ae0 [ 54.987613] sock_read_iter+0x406/0x480 [ 54.991613] ? kernel_sock_ip_overhead+0x340/0x340 [ 54.996553] __vfs_read+0x7b9/0x9f0 [ 55.000190] vfs_read+0x36c/0x6b0 [ 55.003651] __x64_sys_read+0x1b7/0x3c0 [ 55.007625] ? ksys_read+0x340/0x340 [ 55.011333] do_syscall_64+0x15b/0x220 [ 55.015220] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 55.020398] RIP: 0033:0x446fa9 [ 55.023572] Code: e8 6c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 03 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.042862] RSP: 002b:00007f197391cda8 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 55.050563] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000446fa9 [ 55.057819] RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000003 [ 55.065091] RBP: 00000000006dcc40 R08: 0000000000000000 R09: 0000000000000000 [ 55.072358] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc4c [ 55.079638] R13: 0000010000000002 R14: 00007f197391d9c0 R15: 0000000000000000 [ 55.087302] Dumping ftrace buffer: [ 55.090843] (ftrace buffer empty) [ 55.094541] Kernel Offset: disabled [ 55.098172] Rebooting in 86400 seconds..