[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 60.984381] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 62.638435] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.097350] random: sshd: uninitialized urandom read (32 bytes read) [ 64.479745] random: sshd: uninitialized urandom read (32 bytes read) [ 64.954723] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. [ 70.893079] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 71.122938] ================================================================== [ 71.130359] BUG: KMSAN: uninit-value in xfrm_state_find+0x2723/0x4ae0 [ 71.136936] CPU: 0 PID: 4855 Comm: syz-executor277 Not tainted 4.19.0-rc4+ #61 [ 71.144291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.153660] Call Trace: [ 71.156241] dump_stack+0x2f6/0x430 [ 71.159893] kmsan_report+0x183/0x2b0 [ 71.163700] __msan_warning+0x70/0xc0 [ 71.167502] xfrm_state_find+0x2723/0x4ae0 [ 71.171738] ? task_kmsan_context_state+0x5e/0x110 [ 71.176889] ? _raw_spin_lock_irqsave+0x21a/0x310 [ 71.181784] ? xfrm_lookup_with_ifid+0x9c7/0x3e60 [ 71.186628] xfrm_resolve_and_create_bundle+0xa06/0x49a0 [ 71.192090] ? udp_sendmsg+0x2c6a/0x3cd0 [ 71.196190] ? _raw_spin_lock_irqsave+0x21a/0x310 [ 71.201082] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 71.206446] ? xfrm_expand_policies+0xa57/0xb60 [ 71.211140] xfrm_lookup_with_ifid+0x9c7/0x3e60 [ 71.215856] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 71.221239] ? ip_route_output_key_hash_rcu+0x30b5/0x3b00 [ 71.226790] xfrm_lookup_route+0x104/0x370 [ 71.231057] ip_route_output_flow+0x33f/0x3a0 [ 71.235580] udp_sendmsg+0x2c6a/0x3cd0 [ 71.239466] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 71.244913] ? ip_copy_metadata+0x16f0/0x16f0 [ 71.249415] ? __msan_get_context_state+0x9/0x30 [ 71.254168] ? INIT_INT+0xc/0x30 [ 71.257583] udpv6_sendmsg+0x12e2/0x4cf0 [ 71.261644] ? __local_bh_enable_ip+0x37/0x150 [ 71.266221] ? _raw_spin_unlock_bh+0x4b/0x60 [ 71.270646] ? __local_bh_enable_ip+0x37/0x150 [ 71.275246] ? _raw_spin_unlock_bh+0x4b/0x60 [ 71.279681] ? udp_lib_get_port+0x2958/0x2de0 [ 71.284192] ? __msan_poison_alloca+0x17c/0x200 [ 71.288858] ? _raw_spin_unlock_bh+0x4b/0x60 [ 71.293292] ? udpv6_queue_rcv_skb+0x1dd0/0x1dd0 [ 71.298068] inet_sendmsg+0x4c5/0x7d0 [ 71.301883] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 71.307247] ? ndisc_netdev_event+0x4f0/0x540 [ 71.311772] ___sys_sendmsg+0xe70/0x1290 [ 71.315843] ? inet_getname+0x490/0x490 [ 71.319839] ? kmsan_set_origin_inline+0x6b/0x120 [ 71.324699] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 71.330070] ? __fdget+0x21e/0x410 [ 71.333620] __sys_sendmmsg+0x4ac/0x930 [ 71.337591] ? __msan_poison_alloca+0x17c/0x200 [ 71.342264] ? prepare_exit_to_usermode+0x46/0x410 [ 71.347198] ? syscall_return_slowpath+0xf3/0x790 [ 71.352093] __se_sys_sendmmsg+0xbd/0xe0 [ 71.356183] __x64_sys_sendmmsg+0x56/0x70 [ 71.360370] do_syscall_64+0xb8/0x100 [ 71.364175] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 71.369362] RIP: 0033:0x4403f9 [ 71.372549] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.391463] RSP: 002b:00007ffca93ab3b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 71.399170] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9 [ 71.406450] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 71.413737] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 71.421007] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80 [ 71.428286] R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000 [ 71.435557] [ 71.437184] Local variable description: ----fl4_stack@udp_sendmsg [ 71.443398] Variable was created at: [ 71.447106] udp_sendmsg+0x105/0x3cd0 [ 71.450900] udpv6_sendmsg+0x12e2/0x4cf0 [ 71.454960] ================================================================== [ 71.462406] Disabling lock debugging due to kernel taint [ 71.467841] Kernel panic - not syncing: panic_on_warn set ... [ 71.467841] [ 71.475198] CPU: 0 PID: 4855 Comm: syz-executor277 Tainted: G B 4.19.0-rc4+ #61 [ 71.483932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.493309] Call Trace: [ 71.495890] dump_stack+0x2f6/0x430 [ 71.499536] panic+0x54c/0xaf7 [ 71.502758] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 71.508229] kmsan_report+0x2a8/0x2b0 [ 71.512098] __msan_warning+0x70/0xc0 [ 71.515915] xfrm_state_find+0x2723/0x4ae0 [ 71.520162] ? task_kmsan_context_state+0x5e/0x110 [ 71.525101] ? _raw_spin_lock_irqsave+0x21a/0x310 [ 71.529961] ? xfrm_lookup_with_ifid+0x9c7/0x3e60 [ 71.534814] xfrm_resolve_and_create_bundle+0xa06/0x49a0 [ 71.540264] ? udp_sendmsg+0x2c6a/0x3cd0 [ 71.544369] ? _raw_spin_lock_irqsave+0x21a/0x310 [ 71.549239] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 71.554604] ? xfrm_expand_policies+0xa57/0xb60 [ 71.559303] xfrm_lookup_with_ifid+0x9c7/0x3e60 [ 71.563992] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 71.569383] ? ip_route_output_key_hash_rcu+0x30b5/0x3b00 [ 71.574931] xfrm_lookup_route+0x104/0x370 [ 71.579178] ip_route_output_flow+0x33f/0x3a0 [ 71.583696] udp_sendmsg+0x2c6a/0x3cd0 [ 71.587583] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 71.593050] ? ip_copy_metadata+0x16f0/0x16f0 [ 71.597572] ? __msan_get_context_state+0x9/0x30 [ 71.602327] ? INIT_INT+0xc/0x30 [ 71.605741] udpv6_sendmsg+0x12e2/0x4cf0 [ 71.609806] ? __local_bh_enable_ip+0x37/0x150 [ 71.614396] ? _raw_spin_unlock_bh+0x4b/0x60 [ 71.618804] ? __local_bh_enable_ip+0x37/0x150 [ 71.623386] ? _raw_spin_unlock_bh+0x4b/0x60 [ 71.627796] ? udp_lib_get_port+0x2958/0x2de0 [ 71.632319] ? __msan_poison_alloca+0x17c/0x200 [ 71.637031] ? _raw_spin_unlock_bh+0x4b/0x60 [ 71.641473] ? udpv6_queue_rcv_skb+0x1dd0/0x1dd0 [ 71.646223] inet_sendmsg+0x4c5/0x7d0 [ 71.650054] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 71.655432] ? ndisc_netdev_event+0x4f0/0x540 [ 71.659931] ___sys_sendmsg+0xe70/0x1290 [ 71.664018] ? inet_getname+0x490/0x490 [ 71.668031] ? kmsan_set_origin_inline+0x6b/0x120 [ 71.672926] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 71.678293] ? __fdget+0x21e/0x410 [ 71.681841] __sys_sendmmsg+0x4ac/0x930 [ 71.685821] ? __msan_poison_alloca+0x17c/0x200 [ 71.690511] ? prepare_exit_to_usermode+0x46/0x410 [ 71.695454] ? syscall_return_slowpath+0xf3/0x790 [ 71.700328] __se_sys_sendmmsg+0xbd/0xe0 [ 71.704407] __x64_sys_sendmmsg+0x56/0x70 [ 71.708554] do_syscall_64+0xb8/0x100 [ 71.712352] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 71.717553] RIP: 0033:0x4403f9 [ 71.720742] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.739638] RSP: 002b:00007ffca93ab3b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 71.747358] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9 [ 71.754622] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 71.761884] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 71.769147] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80 [ 71.776406] R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000 [ 71.783998] Kernel Offset: disabled [ 71.787631] Rebooting in 86400 seconds..