[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 28.771673] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.820654] random: sshd: uninitialized urandom read (32 bytes read) [ 32.285645] random: sshd: uninitialized urandom read (32 bytes read) [ 33.467167] random: sshd: uninitialized urandom read (32 bytes read) [ 33.665308] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. [ 39.192871] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.299380] ================================================================== [ 39.306771] BUG: KMSAN: uninit-value in xfrm_state_find+0x2541/0x4fa0 [ 39.313329] CPU: 1 PID: 4464 Comm: syz-executor272 Not tainted 4.17.0+ #8 [ 39.320230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.329557] Call Trace: [ 39.332135] dump_stack+0x185/0x1d0 [ 39.335742] kmsan_report+0x188/0x2a0 [ 39.339524] __msan_warning_32+0x70/0xc0 [ 39.343565] xfrm_state_find+0x2541/0x4fa0 [ 39.347776] ? __save_stack_trace+0x90d/0xb00 [ 39.352249] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 39.357690] xfrm_resolve_and_create_bundle+0xc47/0x52d0 [ 39.363119] ? __sys_sendmmsg+0x490/0x850 [ 39.367266] ? __x64_sys_sendmmsg+0x11c/0x170 [ 39.371744] ? xfrm_lookup+0x4db/0x39f0 [ 39.375708] ? xfrm_expand_policies+0x9a/0xb60 [ 39.380270] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 39.385614] xfrm_lookup+0x606/0x39f0 [ 39.389393] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 39.394738] ? ip_route_output_key_hash_rcu+0x2ef0/0x3a90 [ 39.400254] xfrm_lookup_route+0xfa/0x360 [ 39.404381] ip_route_output_flow+0x35b/0x3b0 [ 39.408861] udp_sendmsg+0x2453/0x33c0 [ 39.412726] ? ip_copy_metadata+0xee0/0xee0 [ 39.417052] udpv6_sendmsg+0x1291/0x3f40 [ 39.421094] ? __local_bh_enable_ip+0x3b/0x140 [ 39.425657] ? _raw_spin_unlock_bh+0x57/0x70 [ 39.430054] ? udp_lib_get_port+0x291d/0x2dc0 [ 39.434538] ? kmsan_set_origin_inline+0x6b/0x120 [ 39.439361] ? _raw_spin_unlock_bh+0x57/0x70 [ 39.443757] ? _raw_spin_unlock_bh+0x57/0x70 [ 39.448146] ? __local_bh_enable_ip+0x3b/0x140 [ 39.452706] ? udpv6_queue_rcv_skb+0x1bb0/0x1bb0 [ 39.457455] inet_sendmsg+0x3fc/0x760 [ 39.461235] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 39.466576] ? inet_getname+0x4a0/0x4a0 [ 39.470524] ___sys_sendmsg+0xec8/0x1320 [ 39.474563] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 39.479995] ? __fdget+0x4e/0x60 [ 39.483347] __sys_sendmmsg+0x490/0x850 [ 39.487298] ? syscall_return_slowpath+0xe9/0x710 [ 39.492116] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 39.497032] ? syscall_return_slowpath+0xe9/0x710 [ 39.501866] __x64_sys_sendmmsg+0x11c/0x170 [ 39.506164] ? __sys_sendmmsg+0x850/0x850 [ 39.510286] do_syscall_64+0x15b/0x230 [ 39.514151] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 39.519316] RIP: 0033:0x440049 [ 39.522483] RSP: 002b:00007ffffcfdcdf8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 39.530166] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440049 [ 39.537411] RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003 [ 39.544656] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 39.551903] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401970 [ 39.559150] R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000 [ 39.566403] [ 39.568008] Local variable description: ----fl4_stack@udp_sendmsg [ 39.574218] Variable was created at: [ 39.577915] udp_sendmsg+0xe5/0x33c0 [ 39.581604] udpv6_sendmsg+0x1291/0x3f40 [ 39.585646] ================================================================== [ 39.592976] Disabling lock debugging due to kernel taint [ 39.598400] Kernel panic - not syncing: panic_on_warn set ... [ 39.598400] [ 39.605750] CPU: 1 PID: 4464 Comm: syz-executor272 Tainted: G B 4.17.0+ #8 [ 39.614044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.623380] Call Trace: [ 39.625952] dump_stack+0x185/0x1d0 [ 39.629571] panic+0x3d0/0x990 [ 39.632748] kmsan_report+0x29e/0x2a0 [ 39.636529] __msan_warning_32+0x70/0xc0 [ 39.640568] xfrm_state_find+0x2541/0x4fa0 [ 39.644783] ? __save_stack_trace+0x90d/0xb00 [ 39.649268] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 39.654716] xfrm_resolve_and_create_bundle+0xc47/0x52d0 [ 39.660147] ? __sys_sendmmsg+0x490/0x850 [ 39.664269] ? __x64_sys_sendmmsg+0x11c/0x170 [ 39.668748] ? xfrm_lookup+0x4db/0x39f0 [ 39.672710] ? xfrm_expand_policies+0x9a/0xb60 [ 39.677272] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 39.682615] xfrm_lookup+0x606/0x39f0 [ 39.686393] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 39.691734] ? ip_route_output_key_hash_rcu+0x2ef0/0x3a90 [ 39.697251] xfrm_lookup_route+0xfa/0x360 [ 39.701379] ip_route_output_flow+0x35b/0x3b0 [ 39.705854] udp_sendmsg+0x2453/0x33c0 [ 39.709722] ? ip_copy_metadata+0xee0/0xee0 [ 39.714046] udpv6_sendmsg+0x1291/0x3f40 [ 39.718090] ? __local_bh_enable_ip+0x3b/0x140 [ 39.722651] ? _raw_spin_unlock_bh+0x57/0x70 [ 39.727050] ? udp_lib_get_port+0x291d/0x2dc0 [ 39.731533] ? kmsan_set_origin_inline+0x6b/0x120 [ 39.736355] ? _raw_spin_unlock_bh+0x57/0x70 [ 39.740743] ? _raw_spin_unlock_bh+0x57/0x70 [ 39.745130] ? __local_bh_enable_ip+0x3b/0x140 [ 39.749705] ? udpv6_queue_rcv_skb+0x1bb0/0x1bb0 [ 39.754436] inet_sendmsg+0x3fc/0x760 [ 39.758213] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 39.763556] ? inet_getname+0x4a0/0x4a0 [ 39.767510] ___sys_sendmsg+0xec8/0x1320 [ 39.771547] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 39.776977] ? __fdget+0x4e/0x60 [ 39.780324] __sys_sendmmsg+0x490/0x850 [ 39.784279] ? syscall_return_slowpath+0xe9/0x710 [ 39.789101] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 39.794008] ? syscall_return_slowpath+0xe9/0x710 [ 39.798840] __x64_sys_sendmmsg+0x11c/0x170 [ 39.803143] ? __sys_sendmmsg+0x850/0x850 [ 39.807276] do_syscall_64+0x15b/0x230 [ 39.811154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 39.816325] RIP: 0033:0x440049 [ 39.819496] RSP: 002b:00007ffffcfdcdf8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 39.827179] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440049 [ 39.834437] RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003 [ 39.841682] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 39.848929] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401970 [ 39.856185] R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000 [ 39.863883] Dumping ftrace buffer: [ 39.867406] (ftrace buffer empty) [ 39.871091] Kernel Offset: disabled [ 39.874693] Rebooting in 86400 seconds..