[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.001815] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.174416] random: sshd: uninitialized urandom read (32 bytes read) [ 32.497659] random: sshd: uninitialized urandom read (32 bytes read) [ 33.860593] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. [ 39.434052] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/14 05:18:04 fuzzer started [ 40.951802] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/14 05:18:07 dialing manager at 10.128.0.26:41167 2018/06/14 05:18:13 syscalls: 1643 2018/06/14 05:18:13 code coverage: enabled 2018/06/14 05:18:13 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: errno 524 2018/06/14 05:18:13 setuid sandbox: enabled 2018/06/14 05:18:13 namespace sandbox: enabled 2018/06/14 05:18:13 fault injection: enabled 2018/06/14 05:18:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/06/14 05:18:13 net packed injection: enabled 05:18:19 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000000b000)={&(0x7f000000f000)={0x10}, 0xc, &(0x7f00005a6ff0)={&(0x7f00000002c0)=@flushpolicy={0x10, 0x1d, 0x111}, 0x10}, 0x1}, 0x0) 05:18:19 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setrlimit(0x400000000000007, &(0x7f0000000000)) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") inotify_init() 05:18:19 executing program 7: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_getroute={0x1c, 0x1a, 0x201, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) recvfrom$ax25(r0, &(0x7f0000001380)=""/57, 0x39, 0x0, 0x0, 0xfffffffffffffe8e) 05:18:19 executing program 1: ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @loopback=0x7f000001}, 0x10, &(0x7f0000000840), 0x0, &(0x7f0000000f00)=[@mask_cswp={0x58, 0x114, 0x6, {{}, &(0x7f0000000e80), &(0x7f0000000ec0)}}], 0x58}, 0x0) 05:18:19 executing program 3: 05:18:19 executing program 4: 05:18:19 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_unlink(&(0x7f0000000100)='eth0\x00') close(r0) 05:18:19 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="2957e1311f16f477671070") r2 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f00000000c0)="95", 0x1}, {&(0x7f0000001480)="c0", 0x1}], 0x2}], 0x1, 0x0) [ 55.038448] IPVS: ftp: loaded support on port[0] = 21 [ 55.056401] IPVS: ftp: loaded support on port[0] = 21 [ 55.067123] IPVS: ftp: loaded support on port[0] = 21 [ 55.080435] IPVS: ftp: loaded support on port[0] = 21 [ 55.102403] IPVS: ftp: loaded support on port[0] = 21 [ 55.119201] IPVS: ftp: loaded support on port[0] = 21 [ 55.148776] IPVS: ftp: loaded support on port[0] = 21 [ 55.159511] IPVS: ftp: loaded support on port[0] = 21 [ 57.015207] ip (4649) used greatest stack depth: 54536 bytes left [ 57.261788] ip (4669) used greatest stack depth: 54440 bytes left [ 57.272359] ================================================================== [ 57.279737] BUG: KMSAN: uninit-value in do_syslog+0x3a2d/0x3c20 [ 57.285810] CPU: 0 PID: 4350 Comm: rsyslogd Not tainted 4.17.0+ #6 [ 57.292117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.301461] Call Trace: [ 57.304049] dump_stack+0x185/0x1d0 [ 57.307679] kmsan_report+0x188/0x2a0 [ 57.311485] __msan_warning_32+0x70/0xc0 [ 57.315546] do_syslog+0x3a2d/0x3c20 [ 57.319254] ? init_wait_entry+0x1a0/0x1a0 [ 57.323492] kmsg_read+0x142/0x1a0 [ 57.327026] ? mmap_vmcore_fault+0x30/0x30 [ 57.331253] proc_reg_read+0x1e3/0x2f0 [ 57.335139] ? proc_reg_llseek+0x260/0x260 [ 57.339377] __vfs_read+0x1b2/0x9d0 [ 57.343011] vfs_read+0x36c/0x6b0 [ 57.346472] __x64_sys_read+0x1bf/0x3e0 [ 57.350449] ? ksys_read+0x360/0x360 [ 57.354160] do_syscall_64+0x15b/0x230 [ 57.358051] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.363232] RIP: 0033:0x7f4f493bc1fd [ 57.366934] RSP: 002b:00007f4f4695be30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 57.374641] RAX: ffffffffffffffda RBX: 000000000218f170 RCX: 00007f4f493bc1fd [ 57.381904] RDX: 0000000000000fff RSI: 00007f4f481905a0 RDI: 0000000000000004 [ 57.389172] RBP: 0000000000000000 R08: 000000000217a260 R09: 0000000004000001 [ 57.396436] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 57.403699] R13: 00007f4f4695c9c0 R14: 00007f4f49a01040 R15: 0000000000000003 [ 57.410965] [ 57.412583] Uninit was stored to memory at: [ 57.416903] kmsan_internal_chain_origin+0x12b/0x210 [ 57.422004] __msan_chain_origin+0x69/0xc0 [ 57.426236] log_store+0x13fc/0x14b0 [ 57.429944] vprintk_emit+0xca5/0x1060 [ 57.430508] ip (4678) used greatest stack depth: 54328 bytes left [ 57.433822] vprintk_default+0x90/0xa0 [ 57.433833] vprintk_func+0x517/0x700 [ 57.433842] printk+0x1e4/0x210 [ 57.433852] do_exit+0x33e7/0x3930 [ 57.433878] do_group_exit+0x1a0/0x360 [ 57.458677] __do_sys_exit_group+0x21/0x30 [ 57.462910] __se_sys_exit_group+0x14/0x20 [ 57.467144] __x64_sys_exit_group+0x4c/0x50 [ 57.471462] do_syscall_64+0x15b/0x230 [ 57.475351] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.480528] Local variable description: ----tlb.i@ldt_arch_exit_mmap [ 57.487014] Variable was created at: [ 57.490726] ldt_arch_exit_mmap+0x46/0x160 [ 57.494953] exit_mmap+0x410/0x980 [ 57.498478] ================================================================== [ 57.505821] Disabling lock debugging due to kernel taint [ 57.511261] Kernel panic - not syncing: panic_on_warn set ... [ 57.511261] [ 57.518623] CPU: 0 PID: 4350 Comm: rsyslogd Tainted: G B 4.17.0+ #6 [ 57.526320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.535671] Call Trace: [ 57.538260] dump_stack+0x185/0x1d0 [ 57.541891] panic+0x3d0/0x990 [ 57.545092] kmsan_report+0x29e/0x2a0 [ 57.548893] __msan_warning_32+0x70/0xc0 [ 57.552955] do_syslog+0x3a2d/0x3c20 [ 57.556668] ? init_wait_entry+0x1a0/0x1a0 [ 57.560916] kmsg_read+0x142/0x1a0 [ 57.564456] ? mmap_vmcore_fault+0x30/0x30 [ 57.568688] proc_reg_read+0x1e3/0x2f0 [ 57.572575] ? proc_reg_llseek+0x260/0x260 [ 57.576808] __vfs_read+0x1b2/0x9d0 [ 57.580440] vfs_read+0x36c/0x6b0 [ 57.583894] __x64_sys_read+0x1bf/0x3e0 [ 57.589436] ? ksys_read+0x360/0x360 [ 57.593143] do_syscall_64+0x15b/0x230 [ 57.597032] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.602219] RIP: 0033:0x7f4f493bc1fd [ 57.605924] RSP: 002b:00007f4f4695be30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 57.613627] RAX: ffffffffffffffda RBX: 000000000218f170 RCX: 00007f4f493bc1fd [ 57.620913] RDX: 0000000000000fff RSI: 00007f4f481905a0 RDI: 0000000000000004 [ 57.628176] RBP: 0000000000000000 R08: 000000000217a260 R09: 0000000004000001 [ 57.635442] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 57.642707] R13: 00007f4f4695c9c0 R14: 00007f4f49a01040 R15: 0000000000000003 [ 57.650011] Dumping ftrace buffer: [ 57.653543] (ftrace buffer empty) [ 57.657229] Kernel Offset: disabled [ 57.660830] Rebooting in 86400 seconds..