[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.158863] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.680199] random: sshd: uninitialized urandom read (32 bytes read) [ 28.962273] random: sshd: uninitialized urandom read (32 bytes read) [ 30.087649] random: sshd: uninitialized urandom read (32 bytes read) [ 32.758504] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 38.371793] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/20 01:58:33 parsed 1 programs [ 39.891404] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/20 01:58:35 executed programs: 0 [ 40.809637] IPVS: ftp: loaded support on port[0] = 21 [ 40.810962] IPVS: ftp: loaded support on port[0] = 21 [ 40.821697] IPVS: ftp: loaded support on port[0] = 21 [ 40.824849] IPVS: ftp: loaded support on port[0] = 21 [ 40.846904] IPVS: ftp: loaded support on port[0] = 21 [ 40.864860] IPVS: ftp: loaded support on port[0] = 21 [ 40.897539] IPVS: ftp: loaded support on port[0] = 21 [ 40.906653] IPVS: ftp: loaded support on port[0] = 21 [ 41.364060] ================================================================== [ 41.371455] BUG: KMSAN: uninit-value in __list_add_valid+0x1b8/0x450 [ 41.377926] CPU: 0 PID: 4486 Comm: syz-executor0 Not tainted 4.17.0+ #9 [ 41.384650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.393975] Call Trace: [ 41.396540] [ 41.398679] dump_stack+0x185/0x1d0 [ 41.402295] kmsan_report+0x188/0x2a0 [ 41.406070] __msan_warning_32+0x70/0xc0 [ 41.410106] __list_add_valid+0x1b8/0x450 [ 41.414232] enqueue_task_fair+0xe12/0x4490 [ 41.418539] ? __msan_metadata_ptr_for_store_4+0x10/0x20 [ 41.423966] ? update_load_avg+0x2cc0/0x2cc0 [ 41.428350] try_to_wake_up+0x162f/0x2260 [ 41.432475] wake_up_process+0x34/0x40 [ 41.436337] swake_up+0xfb/0x3b0 [ 41.439676] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 41.445105] rcu_report_qs_rnp+0x767/0x880 [ 41.449319] rcu_process_callbacks+0x90a/0x2060 [ 41.453984] ? rcu_scheduler_starting+0xe0/0xe0 [ 41.458639] __do_softirq+0x592/0x979 [ 41.462415] irq_exit+0x202/0x240 [ 41.465847] exiting_irq+0xe/0x10 [ 41.469274] smp_apic_timer_interrupt+0x64/0x90 [ 41.473918] apic_timer_interrupt+0xf/0x20 [ 41.478123] [ 41.480432] RIP: 0010:kmsan_kmalloc+0xc6/0x100 [ 41.484993] RSP: 0018:ffff8801c837f858 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 41.492684] RAX: 0000000000000246 RBX: ffff880196449b00 RCX: 0000000000000011 [ 41.499930] RDX: 0000000000000010 RSI: ffffea0009859ba8 RDI: ffff880196449b00 [ 41.507175] RBP: ffff8801c837f898 R08: 0000000001000200 R09: 0000000000000001 [ 41.514425] R10: 0000000000000002 R11: ffffffff83ac4fe0 R12: ffff88021f00d980 [ 41.521669] R13: ffff8801c7aeba80 R14: 0000000000000040 R15: 0000000001000200 [ 41.528924] ? cap_task_prctl+0x1290/0x1290 [ 41.533226] kmsan_slab_alloc+0x10/0x20 [ 41.537175] kmem_cache_alloc+0x68c/0xb70 [ 41.541301] ? anon_vma_clone+0x15c/0xbf0 [ 41.545443] anon_vma_clone+0x15c/0xbf0 [ 41.549403] anon_vma_fork+0x106/0xb20 [ 41.553267] copy_process+0x65df/0x9be0 [ 41.557224] _do_fork+0x353/0xf60 [ 41.560654] __x64_sys_clone+0x15e/0x1b0 [ 41.564693] ? __ia32_sys_vfork+0x70/0x70 [ 41.568815] do_syscall_64+0x15b/0x230 [ 41.572680] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.577843] RIP: 0033:0x41f949 [ 41.581008] RSP: 002b:0000000000a3fc00 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 41.588689] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041f949 [ 41.595934] RDX: 0000000000a3fc0c RSI: 0000000000000000 RDI: 0000000000100011 [ 41.603178] RBP: 0000000000a3fdb0 R08: 0000000000a44a60 R09: 000000000000004d [ 41.610422] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000004119a0 [ 41.617665] R13: 0000000000411a30 R14: 0000000000000000 R15: 0000000000000000 [ 41.624913] [ 41.626514] Uninit was stored to memory at: [ 41.630812] kmsan_internal_chain_origin+0x12b/0x210 [ 41.635889] __msan_chain_origin+0x69/0xc0 [ 41.640097] pick_next_task_fair+0x2474/0x2530 [ 41.644653] pick_next_task+0x1ba/0x420 [ 41.648600] __schedule+0x20f/0x770 [ 41.652201] do_task_dead+0xc8/0xf0 [ 41.655800] do_exit+0x347e/0x3930 [ 41.659314] do_group_exit+0x1a0/0x360 [ 41.663193] __do_sys_exit_group+0x21/0x30 [ 41.667400] __se_sys_exit_group+0x14/0x20 [ 41.671607] __x64_sys_exit_group+0x4c/0x50 [ 41.675911] do_syscall_64+0x15b/0x230 [ 41.679774] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.684933] [ 41.686535] Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave [ 41.694210] Variable was created at: [ 41.697897] _raw_spin_lock_irqsave+0x45/0xf0 [ 41.702369] do_task_dead+0x40/0xf0 [ 41.705975] ================================================================== [ 41.713303] Disabling lock debugging due to kernel taint [ 41.718724] Kernel panic - not syncing: panic_on_warn set ... [ 41.718724] [ 41.726069] CPU: 0 PID: 4486 Comm: syz-executor0 Tainted: G B 4.17.0+ #9 [ 41.734182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.743508] Call Trace: [ 41.746064] [ 41.748203] dump_stack+0x185/0x1d0 [ 41.751806] panic+0x3d0/0x990 [ 41.755070] kmsan_report+0x29e/0x2a0 [ 41.758846] __msan_warning_32+0x70/0xc0 [ 41.762883] __list_add_valid+0x1b8/0x450 [ 41.767009] enqueue_task_fair+0xe12/0x4490 [ 41.771308] ? __msan_metadata_ptr_for_store_4+0x10/0x20 [ 41.776739] ? update_load_avg+0x2cc0/0x2cc0 [ 41.781125] try_to_wake_up+0x162f/0x2260 [ 41.785269] wake_up_process+0x34/0x40 [ 41.789132] swake_up+0xfb/0x3b0 [ 41.792477] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 41.797909] rcu_report_qs_rnp+0x767/0x880 [ 41.802132] rcu_process_callbacks+0x90a/0x2060 [ 41.806782] ? rcu_scheduler_starting+0xe0/0xe0 [ 41.811429] __do_softirq+0x592/0x979 [ 41.815208] irq_exit+0x202/0x240 [ 41.818638] exiting_irq+0xe/0x10 [ 41.822070] smp_apic_timer_interrupt+0x64/0x90 [ 41.826730] apic_timer_interrupt+0xf/0x20 [ 41.830938] [ 41.833154] RIP: 0010:kmsan_kmalloc+0xc6/0x100 [ 41.837709] RSP: 0018:ffff8801c837f858 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 41.845395] RAX: 0000000000000246 RBX: ffff880196449b00 RCX: 0000000000000011 [ 41.852660] RDX: 0000000000000010 RSI: ffffea0009859ba8 RDI: ffff880196449b00 [ 41.859914] RBP: ffff8801c837f898 R08: 0000000001000200 R09: 0000000000000001 [ 41.867158] R10: 0000000000000002 R11: ffffffff83ac4fe0 R12: ffff88021f00d980 [ 41.874402] R13: ffff8801c7aeba80 R14: 0000000000000040 R15: 0000000001000200 [ 41.881656] ? cap_task_prctl+0x1290/0x1290 [ 41.885957] kmsan_slab_alloc+0x10/0x20 [ 41.889906] kmem_cache_alloc+0x68c/0xb70 [ 41.894030] ? anon_vma_clone+0x15c/0xbf0 [ 41.898154] anon_vma_clone+0x15c/0xbf0 [ 41.902108] anon_vma_fork+0x106/0xb20 [ 41.905975] copy_process+0x65df/0x9be0 [ 41.909935] _do_fork+0x353/0xf60 [ 41.913366] __x64_sys_clone+0x15e/0x1b0 [ 41.917403] ? __ia32_sys_vfork+0x70/0x70 [ 41.921526] do_syscall_64+0x15b/0x230 [ 41.925390] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.930553] RIP: 0033:0x41f949 [ 41.933723] RSP: 002b:0000000000a3fc00 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 41.941404] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041f949 [ 41.948648] RDX: 0000000000a3fc0c RSI: 0000000000000000 RDI: 0000000000100011 [ 41.955903] RBP: 0000000000a3fdb0 R08: 0000000000a44a60 R09: 000000000000004d [ 41.963152] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000004119a0 [ 41.970406] R13: 0000000000411a30 R14: 0000000000000000 R15: 0000000000000000 [ 43.090469] Shutting down cpus with NMI [ 43.107030] Dumping ftrace buffer: [ 43.110557] (ftrace buffer empty) [ 43.114247] Kernel Offset: disabled [ 43.117856] Rebooting in 86400 seconds..