[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 34.628142] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.429612] random: sshd: uninitialized urandom read (32 bytes read) [ 38.820813] random: sshd: uninitialized urandom read (32 bytes read) [ 40.189958] random: sshd: uninitialized urandom read (32 bytes read) [ 40.420880] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 45.996994] random: sshd: uninitialized urandom read (32 bytes read) [ 46.121718] IPVS: ftp: loaded support on port[0] = 21 [ 46.315678] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.322112] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.329651] device bridge_slave_0 entered promiscuous mode [ 46.352839] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.359244] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.366727] device bridge_slave_1 entered promiscuous mode [ 46.389820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.412886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.441749] ip (4616) used greatest stack depth: 53616 bytes left [ 46.479517] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.505502] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.606310] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.613649] team0: Port device team_slave_0 added [ 46.635826] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.643240] team0: Port device team_slave_1 added [ 46.666364] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.687000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.712554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.738574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported [ 46.816715] ip (4651) used greatest stack depth: 53504 bytes left RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 46.956440] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.962905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.969665] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.976112] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 47.735924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.810990] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.883459] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.889670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.898067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.968875] 8021q: adding VLAN 0 to HW filter on device team0 executing program executing program [ 48.404313] ================================================================== [ 48.412371] BUG: KMSAN: uninit-value in __nf_conntrack_find_get+0xc15/0x2190 [ 48.419548] CPU: 0 PID: 4589 Comm: syz-executor705 Not tainted 4.18.0-rc4+ #23 [ 48.426884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.436226] Call Trace: [ 48.438799] dump_stack+0x185/0x1e0 [ 48.442412] kmsan_report+0x195/0x2c0 [ 48.446198] __msan_warning_32+0x7d/0xe0 [ 48.450252] __nf_conntrack_find_get+0xc15/0x2190 [ 48.455083] ? __msan_poison_alloca+0x183/0x220 [ 48.459737] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 48.465087] ? hash_conntrack_raw+0x5f7/0x8c0 [ 48.469570] nf_conntrack_in+0x1674/0x2070 [ 48.473809] ipv6_conntrack_local+0xc3/0xf0 [ 48.478126] ? ipv6_conntrack_in+0xf0/0xf0 [ 48.482342] nf_hook_slow+0x15d/0x3e0 [ 48.486147] __ip6_local_out+0x64c/0x770 [ 48.490195] ? __ip6_local_out+0x770/0x770 [ 48.494424] ip6_local_out+0xa4/0x1d0 [ 48.498211] ip6_push_pending_frames+0x218/0x4d0 [ 48.502952] rawv6_sendmsg+0x45f0/0x5410 [ 48.506994] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 48.512357] ? rw_copy_check_uvector+0x630/0x710 [ 48.517115] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 48.522555] ? import_iovec+0x3e0/0x640 [ 48.526518] ? compat_rawv6_ioctl+0x100/0x100 [ 48.530996] inet_sendmsg+0x3fc/0x760 [ 48.534797] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 48.540159] ? inet_getname+0x4a0/0x4a0 [ 48.544117] ___sys_sendmsg+0xed9/0x1350 [ 48.548167] ? __msan_poison_alloca+0x183/0x220 [ 48.552830] ? __fdget+0x4e/0x60 [ 48.556196] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 48.561541] ? __fget_light+0x205/0x760 [ 48.565509] ? kmsan_set_origin_inline+0x6b/0x120 [ 48.570355] __x64_sys_sendmsg+0x3b0/0x520 [ 48.574578] ? ___sys_sendmsg+0x1350/0x1350 [ 48.578885] do_syscall_64+0x15b/0x230 [ 48.582770] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 48.587941] RIP: 0033:0x441289 [ 48.591107] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.610266] RSP: 002b:00007ffef059aad8 EFLAGS: 00000207 ORIG_RAX: 000000000000002e [ 48.617956] RAX: ffffffffffffffda RBX: 0000000020000300 RCX: 0000000000441289 [ 48.625215] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 48.632465] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 48.639713] R10: 0000000000000000 R11: 0000000000000207 R12: 00000000004021f0 [ 48.647053] R13: 0000000000402280 R14: 0000000000000000 R15: 0000000000000000 [ 48.654307] [ 48.655913] Uninit was stored to memory at: [ 48.660232] kmsan_internal_chain_origin+0x13c/0x240 [ 48.665317] __msan_chain_origin+0x76/0xd0 [ 48.669535] __nf_conntrack_confirm+0x2700/0x3f70 [ 48.674361] ipv6_confirm+0x573/0x740 [ 48.678140] nf_hook_slow+0x15d/0x3e0 [ 48.681923] ip6_output+0x37d/0x710 [ 48.685539] ip6_local_out+0x164/0x1d0 [ 48.689406] ip6_push_pending_frames+0x218/0x4d0 [ 48.694144] rawv6_sendmsg+0x45f0/0x5410 [ 48.698194] inet_sendmsg+0x3fc/0x760 [ 48.701976] ___sys_sendmsg+0xed9/0x1350 [ 48.706024] __x64_sys_sendmsg+0x3b0/0x520 [ 48.710250] do_syscall_64+0x15b/0x230 [ 48.714119] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 48.719283] [ 48.720890] Uninit was created at: [ 48.724410] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 48.729494] kmsan_kmalloc+0xa1/0x120 [ 48.733278] kmem_cache_alloc+0xad2/0xbb0 [ 48.737408] __nf_conntrack_alloc+0x166/0x670 [ 48.741884] init_conntrack+0x635/0x2840 [ 48.745929] nf_conntrack_in+0x1812/0x2070 [ 48.750155] ipv6_conntrack_local+0xc3/0xf0 [ 48.754456] nf_hook_slow+0x15d/0x3e0 [ 48.758238] __ip6_local_out+0x64c/0x770 [ 48.762277] ip6_local_out+0xa4/0x1d0 [ 48.766060] ip6_push_pending_frames+0x218/0x4d0 [ 48.770797] rawv6_sendmsg+0x45f0/0x5410 [ 48.775042] inet_sendmsg+0x3fc/0x760 [ 48.778828] ___sys_sendmsg+0xed9/0x1350 [ 48.782972] __x64_sys_sendmsg+0x3b0/0x520 [ 48.787185] do_syscall_64+0x15b/0x230 [ 48.791059] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 48.796222] ================================================================== [ 48.803566] Disabling lock debugging due to kernel taint [ 48.809000] Kernel panic - not syncing: panic_on_warn set ... [ 48.809000] [ 48.816373] CPU: 0 PID: 4589 Comm: syz-executor705 Tainted: G B 4.18.0-rc4+ #23 [ 48.825097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.834430] Call Trace: [ 48.837015] dump_stack+0x185/0x1e0 [ 48.840645] panic+0x3d0/0x9b0 [ 48.843832] kmsan_report+0x2bf/0x2c0 [ 48.847616] __msan_warning_32+0x7d/0xe0 [ 48.851662] __nf_conntrack_find_get+0xc15/0x2190 [ 48.856489] ? __msan_poison_alloca+0x183/0x220 [ 48.861154] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 48.866498] ? hash_conntrack_raw+0x5f7/0x8c0 [ 48.870981] nf_conntrack_in+0x1674/0x2070 [ 48.875220] ipv6_conntrack_local+0xc3/0xf0 [ 48.879525] ? ipv6_conntrack_in+0xf0/0xf0 [ 48.883741] nf_hook_slow+0x15d/0x3e0 [ 48.887529] __ip6_local_out+0x64c/0x770 [ 48.891577] ? __ip6_local_out+0x770/0x770 [ 48.895803] ip6_local_out+0xa4/0x1d0 [ 48.899595] ip6_push_pending_frames+0x218/0x4d0 [ 48.904337] rawv6_sendmsg+0x45f0/0x5410 [ 48.908380] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 48.913742] ? rw_copy_check_uvector+0x630/0x710 [ 48.918487] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 48.923921] ? import_iovec+0x3e0/0x640 [ 48.927897] ? compat_rawv6_ioctl+0x100/0x100 [ 48.932383] inet_sendmsg+0x3fc/0x760 [ 48.936181] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 48.941531] ? inet_getname+0x4a0/0x4a0 [ 48.945498] ___sys_sendmsg+0xed9/0x1350 [ 48.949546] ? __msan_poison_alloca+0x183/0x220 [ 48.954206] ? __fdget+0x4e/0x60 [ 48.957558] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 48.962906] ? __fget_light+0x205/0x760 [ 48.966860] ? kmsan_set_origin_inline+0x6b/0x120 [ 48.971707] __x64_sys_sendmsg+0x3b0/0x520 [ 48.975933] ? ___sys_sendmsg+0x1350/0x1350 [ 48.980237] do_syscall_64+0x15b/0x230 [ 48.984113] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 48.989285] RIP: 0033:0x441289 [ 48.992465] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.011622] RSP: 002b:00007ffef059aad8 EFLAGS: 00000207 ORIG_RAX: 000000000000002e [ 49.019312] RAX: ffffffffffffffda RBX: 0000000020000300 RCX: 0000000000441289 [ 49.026563] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 49.033819] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 49.041078] R10: 0000000000000000 R11: 0000000000000207 R12: 00000000004021f0 [ 49.048333] R13: 0000000000402280 R14: 0000000000000000 R15: 0000000000000000 [ 49.056476] Dumping ftrace buffer: [ 49.060002] (ftrace buffer empty) [ 49.063691] Kernel Offset: disabled [ 49.067317] Rebooting in 86400 seconds..