[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 30.083282] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.741181] random: sshd: uninitialized urandom read (32 bytes read) [ 35.170441] random: sshd: uninitialized urandom read (32 bytes read) [ 36.261892] random: sshd: uninitialized urandom read (32 bytes read) [ 54.229964] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. [ 59.818332] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 59.950808] ================================================================== [ 59.958236] BUG: KMSAN: kernel-infoleak in put_cmsg+0x5ef/0x860 [ 59.964285] CPU: 0 PID: 4501 Comm: syz-executor128 Not tainted 4.17.0+ #9 [ 59.971196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.980528] Call Trace: [ 59.983103] dump_stack+0x185/0x1d0 [ 59.986710] kmsan_report+0x188/0x2a0 [ 59.990498] kmsan_internal_check_memory+0x138/0x1f0 [ 59.995578] kmsan_copy_to_user+0x7a/0x160 [ 59.999790] put_cmsg+0x5ef/0x860 [ 60.003226] ip6_datagram_recv_specific_ctl+0x1cf3/0x1eb0 [ 60.008744] ip6_datagram_recv_ctl+0x41c/0x450 [ 60.013313] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.018659] ? __ipv6_addr_type+0x31d/0x3a0 [ 60.022964] rawv6_recvmsg+0x10fb/0x1460 [ 60.027009] ? rawv6_sendmsg+0x4fc0/0x4fc0 [ 60.031227] sock_common_recvmsg+0x173/0x280 [ 60.035628] sock_recvmsg+0x1d6/0x230 [ 60.039405] ? compat_sock_common_getsockopt+0x260/0x260 [ 60.044833] ___sys_recvmsg+0x3fe/0x810 [ 60.048789] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 60.054140] ? __fget_light+0x6a3/0x700 [ 60.058101] __x64_sys_recvmsg+0x325/0x460 [ 60.062342] ? ___sys_recvmsg+0x810/0x810 [ 60.066472] do_syscall_64+0x15b/0x230 [ 60.070534] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.075732] RIP: 0033:0x4456b9 [ 60.078896] RSP: 002b:00007f5ce4b16da8 EFLAGS: 00000297 ORIG_RAX: 000000000000002f [ 60.086576] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 00000000004456b9 [ 60.093821] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 60.101066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 60.108308] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dac20 [ 60.115553] R13: 0000000020000500 R14: 0100000000000000 R15: 0000000000000001 [ 60.122800] [ 60.124402] Uninit was stored to memory at: [ 60.128715] kmsan_internal_chain_origin+0x12b/0x210 [ 60.133789] __msan_chain_origin+0x69/0xc0 [ 60.138006] ip6_datagram_recv_specific_ctl+0x1c3e/0x1eb0 [ 60.143516] ip6_datagram_recv_ctl+0x41c/0x450 [ 60.148074] rawv6_recvmsg+0x10fb/0x1460 [ 60.152110] sock_common_recvmsg+0x173/0x280 [ 60.156495] sock_recvmsg+0x1d6/0x230 [ 60.160266] ___sys_recvmsg+0x3fe/0x810 [ 60.164212] __x64_sys_recvmsg+0x325/0x460 [ 60.168418] do_syscall_64+0x15b/0x230 [ 60.172278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.177435] [ 60.179036] Uninit was created at: [ 60.182552] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 60.187628] kmsan_kmalloc+0x94/0x100 [ 60.191401] kmsan_slab_alloc+0x10/0x20 [ 60.195350] __kmalloc_node_track_caller+0xb35/0x11b0 [ 60.200512] __alloc_skb+0x2cb/0x9e0 [ 60.204198] __ip6_append_data+0x364d/0x4fb0 [ 60.208578] ip6_append_data+0x40e/0x6b0 [ 60.212610] rawv6_sendmsg+0x2756/0x4fc0 [ 60.216644] inet_sendmsg+0x3fc/0x760 [ 60.220417] ___sys_sendmsg+0xec8/0x1320 [ 60.224450] __x64_sys_sendmsg+0x331/0x460 [ 60.228657] do_syscall_64+0x15b/0x230 [ 60.232518] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.237676] [ 60.239274] Bytes 2-3 of 24 are uninitialized [ 60.243738] Memory access starts at ffff8801bde1f8a8 [ 60.248810] ================================================================== [ 60.256142] Disabling lock debugging due to kernel taint [ 60.261565] Kernel panic - not syncing: panic_on_warn set ... [ 60.261565] [ 60.268913] CPU: 0 PID: 4501 Comm: syz-executor128 Tainted: G B 4.17.0+ #9 [ 60.277201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.286530] Call Trace: [ 60.289100] dump_stack+0x185/0x1d0 [ 60.292703] panic+0x3d0/0x990 [ 60.295876] kmsan_report+0x29e/0x2a0 [ 60.299651] kmsan_internal_check_memory+0x138/0x1f0 [ 60.304728] kmsan_copy_to_user+0x7a/0x160 [ 60.308940] put_cmsg+0x5ef/0x860 [ 60.312375] ip6_datagram_recv_specific_ctl+0x1cf3/0x1eb0 [ 60.317891] ip6_datagram_recv_ctl+0x41c/0x450 [ 60.322456] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.327795] ? __ipv6_addr_type+0x31d/0x3a0 [ 60.332096] rawv6_recvmsg+0x10fb/0x1460 [ 60.336135] ? rawv6_sendmsg+0x4fc0/0x4fc0 [ 60.340359] sock_common_recvmsg+0x173/0x280 [ 60.344744] sock_recvmsg+0x1d6/0x230 [ 60.348517] ? compat_sock_common_getsockopt+0x260/0x260 [ 60.353941] ___sys_recvmsg+0x3fe/0x810 [ 60.357893] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 60.363231] ? __fget_light+0x6a3/0x700 [ 60.367197] __x64_sys_recvmsg+0x325/0x460 [ 60.371410] ? ___sys_recvmsg+0x810/0x810 [ 60.375532] do_syscall_64+0x15b/0x230 [ 60.379405] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.384573] RIP: 0033:0x4456b9 [ 60.387737] RSP: 002b:00007f5ce4b16da8 EFLAGS: 00000297 ORIG_RAX: 000000000000002f [ 60.395419] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 00000000004456b9 [ 60.402660] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 60.409907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 60.417153] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dac20 [ 60.424398] R13: 0000000020000500 R14: 0100000000000000 R15: 0000000000000001 [ 60.432089] Dumping ftrace buffer: [ 60.435604] (ftrace buffer empty) [ 60.439289] Kernel Offset: disabled [ 60.442889] Rebooting in 86400 seconds..