[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.348153] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.585533] random: sshd: uninitialized urandom read (32 bytes read) [ 33.072994] random: sshd: uninitialized urandom read (32 bytes read) [ 34.118819] random: sshd: uninitialized urandom read (32 bytes read) [ 34.333626] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. [ 39.844647] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.001447] ================================================================== [ 40.008829] BUG: KMSAN: uninit-value in netlink_rcv_skb+0x3e3/0x600 [ 40.015209] CPU: 0 PID: 4470 Comm: syz-executor336 Not tainted 4.17.0-rc5+ #96 [ 40.022537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.031860] Call Trace: [ 40.034425] dump_stack+0x185/0x1d0 [ 40.038033] ? netlink_rcv_skb+0x3e3/0x600 [ 40.042243] kmsan_report+0x142/0x240 [ 40.046021] __msan_warning_32+0x6c/0xb0 [ 40.050057] netlink_rcv_skb+0x3e3/0x600 [ 40.054093] ? rtnetlink_bind+0x120/0x120 [ 40.058230] rtnetlink_rcv+0x50/0x60 [ 40.061919] netlink_unicast+0x166b/0x1740 [ 40.066128] ? rtnetlink_net_exit+0xa0/0xa0 [ 40.070424] netlink_sendmsg+0x1072/0x1370 [ 40.074644] kernel_sendmsg+0x228/0x2d0 [ 40.078591] ? netlink_getsockopt+0xc80/0xc80 [ 40.083061] sock_no_sendpage+0x1c8/0x250 [ 40.087185] ? sock_no_mmap+0x30/0x30 [ 40.090957] sock_sendpage+0x1de/0x2c0 [ 40.094824] pipe_to_sendpage+0x31b/0x430 [ 40.098946] ? sock_fasync+0x2b0/0x2b0 [ 40.102811] ? generic_pipe_buf_get+0xf0/0xf0 [ 40.107280] __splice_from_pipe+0x49a/0xf30 [ 40.111576] ? generic_splice_sendpage+0x2a0/0x2a0 [ 40.116484] generic_splice_sendpage+0x1c6/0x2a0 [ 40.121216] ? iter_file_splice_write+0x1710/0x1710 [ 40.126206] ? iter_file_splice_write+0x1710/0x1710 [ 40.131197] direct_splice_actor+0x19b/0x200 [ 40.135582] splice_direct_to_actor+0x764/0x1040 [ 40.140311] ? do_splice_direct+0x540/0x540 [ 40.144610] ? security_file_permission+0x269/0x490 [ 40.149603] do_splice_direct+0x335/0x540 [ 40.153739] do_sendfile+0x1067/0x1e40 [ 40.157609] __x64_sys_sendfile64+0x218/0x390 [ 40.162091] do_syscall_64+0x154/0x220 [ 40.165955] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.171117] RIP: 0033:0x440149 [ 40.174279] RSP: 002b:00007ffc493d9b58 EFLAGS: 00000217 ORIG_RAX: 0000000000000028 [ 40.181960] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440149 [ 40.189202] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 [ 40.196443] RBP: 00000000006ca018 R08: 65732f636f72702f R09: 65732f636f72702f [ 40.203684] R10: 0000000080000002 R11: 0000000000000217 R12: 00000000004019d0 [ 40.210926] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000 [ 40.218168] [ 40.219767] Uninit was stored to memory at: [ 40.224066] kmsan_internal_chain_origin+0x12b/0x210 [ 40.229143] kmsan_memcpy_origins+0x11d/0x170 [ 40.233610] __msan_memcpy+0x109/0x160 [ 40.237471] _copy_from_iter_full+0xdfc/0x1450 [ 40.242031] netlink_sendmsg+0xe1c/0x1370 [ 40.246151] kernel_sendmsg+0x228/0x2d0 [ 40.250096] sock_no_sendpage+0x1c8/0x250 [ 40.254215] sock_sendpage+0x1de/0x2c0 [ 40.258076] pipe_to_sendpage+0x31b/0x430 [ 40.262195] __splice_from_pipe+0x49a/0xf30 [ 40.266488] generic_splice_sendpage+0x1c6/0x2a0 [ 40.271214] direct_splice_actor+0x19b/0x200 [ 40.275595] splice_direct_to_actor+0x764/0x1040 [ 40.280323] do_splice_direct+0x335/0x540 [ 40.284442] do_sendfile+0x1067/0x1e40 [ 40.288304] __x64_sys_sendfile64+0x218/0x390 [ 40.292773] do_syscall_64+0x154/0x220 [ 40.296632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.301788] Uninit was created at: [ 40.305302] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 40.310289] kmsan_alloc_page+0x82/0xe0 [ 40.314235] __alloc_pages_nodemask+0xf8e/0x5dd0 [ 40.318964] alloc_pages_current+0x6b5/0x970 [ 40.323343] push_pipe+0x680/0xca0 [ 40.326857] iov_iter_get_pages+0x1357/0x1810 [ 40.331327] __blockdev_direct_IO+0x1a4d/0x6580 [ 40.335969] ext4_direct_IO+0xed8/0x27c0 [ 40.340003] generic_file_read_iter+0x3bd2/0x4440 [ 40.344824] ext4_file_read_iter+0x30f/0x520 [ 40.349204] generic_file_splice_read+0x5d2/0x900 [ 40.354022] splice_direct_to_actor+0x4c6/0x1040 [ 40.358748] do_splice_direct+0x335/0x540 [ 40.362868] do_sendfile+0x1067/0x1e40 [ 40.366735] __x64_sys_sendfile64+0x218/0x390 [ 40.371202] do_syscall_64+0x154/0x220 [ 40.375061] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.380218] ================================================================== [ 40.387545] Disabling lock debugging due to kernel taint [ 40.392963] Kernel panic - not syncing: panic_on_warn set ... [ 40.392963] [ 40.400299] CPU: 0 PID: 4470 Comm: syz-executor336 Tainted: G B 4.17.0-rc5+ #96 [ 40.409020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.418345] Call Trace: [ 40.420912] dump_stack+0x185/0x1d0 [ 40.424515] panic+0x39d/0x940 [ 40.427687] ? netlink_rcv_skb+0x3e3/0x600 [ 40.431897] kmsan_report+0x238/0x240 [ 40.435669] __msan_warning_32+0x6c/0xb0 [ 40.439701] netlink_rcv_skb+0x3e3/0x600 [ 40.443735] ? rtnetlink_bind+0x120/0x120 [ 40.447858] rtnetlink_rcv+0x50/0x60 [ 40.451543] netlink_unicast+0x166b/0x1740 [ 40.455750] ? rtnetlink_net_exit+0xa0/0xa0 [ 40.460046] netlink_sendmsg+0x1072/0x1370 [ 40.464258] kernel_sendmsg+0x228/0x2d0 [ 40.468205] ? netlink_getsockopt+0xc80/0xc80 [ 40.472675] sock_no_sendpage+0x1c8/0x250 [ 40.476798] ? sock_no_mmap+0x30/0x30 [ 40.480570] sock_sendpage+0x1de/0x2c0 [ 40.484431] pipe_to_sendpage+0x31b/0x430 [ 40.488552] ? sock_fasync+0x2b0/0x2b0 [ 40.492419] ? generic_pipe_buf_get+0xf0/0xf0 [ 40.496890] __splice_from_pipe+0x49a/0xf30 [ 40.501184] ? generic_splice_sendpage+0x2a0/0x2a0 [ 40.506092] generic_splice_sendpage+0x1c6/0x2a0 [ 40.510822] ? iter_file_splice_write+0x1710/0x1710 [ 40.515810] ? iter_file_splice_write+0x1710/0x1710 [ 40.520801] direct_splice_actor+0x19b/0x200 [ 40.525182] splice_direct_to_actor+0x764/0x1040 [ 40.529908] ? do_splice_direct+0x540/0x540 [ 40.534224] ? security_file_permission+0x269/0x490 [ 40.539223] do_splice_direct+0x335/0x540 [ 40.543346] do_sendfile+0x1067/0x1e40 [ 40.547211] __x64_sys_sendfile64+0x218/0x390 [ 40.551680] do_syscall_64+0x154/0x220 [ 40.555541] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.560704] RIP: 0033:0x440149 [ 40.563865] RSP: 002b:00007ffc493d9b58 EFLAGS: 00000217 ORIG_RAX: 0000000000000028 [ 40.571551] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440149 [ 40.578793] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 [ 40.586039] RBP: 00000000006ca018 R08: 65732f636f72702f R09: 65732f636f72702f [ 40.593283] R10: 0000000080000002 R11: 0000000000000217 R12: 00000000004019d0 [ 40.600525] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000 [ 40.608301] Dumping ftrace buffer: [ 40.611816] (ftrace buffer empty) [ 40.615502] Kernel Offset: disabled [ 40.619103] Rebooting in 86400 seconds..