[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 40.795823] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.519586] random: sshd: uninitialized urandom read (32 bytes read) [ 43.954316] random: sshd: uninitialized urandom read (32 bytes read) [ 44.873510] random: sshd: uninitialized urandom read (32 bytes read) [ 45.134286] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. [ 50.913009] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 51.043944] ================================================================== [ 51.051332] BUG: KMSAN: uninit-value in xfrm_state_find+0x2761/0x50b0 [ 51.057906] CPU: 0 PID: 4754 Comm: syz-executor263 Not tainted 4.19.0-rc1+ #38 [ 51.065253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.074604] Call Trace: [ 51.077206] dump_stack+0x14b/0x190 [ 51.080839] kmsan_report+0x183/0x2b0 [ 51.084651] __msan_warning+0x70/0xc0 [ 51.088463] xfrm_state_find+0x2761/0x50b0 [ 51.092754] xfrm_resolve_and_create_bundle+0x9ff/0x4a40 [ 51.098215] ? task_kmsan_context_state+0x5e/0x110 [ 51.103170] ? list_locations+0x1420/0x1700 [ 51.107504] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 51.112864] ? xfrm_expand_policies+0xa57/0xb60 [ 51.117562] xfrm_lookup_with_ifid+0x600/0x3c50 [ 51.122286] xfrm_lookup_route+0x104/0x370 [ 51.126533] ip_route_output_flow+0x33f/0x3a0 [ 51.131053] udp_sendmsg+0x2b12/0x3b10 [ 51.134948] ? kmsan_set_origin+0x93/0x150 [ 51.139186] ? ip_copy_metadata+0x10a0/0x10a0 [ 51.143694] ? kmsan_internal_poison_shadow+0x14e/0x1b0 [ 51.149105] udpv6_sendmsg+0x13c6/0x43a0 [ 51.153183] ? __local_bh_enable_ip+0x37/0x150 [ 51.157760] ? _raw_spin_unlock_bh+0x4b/0x60 [ 51.162165] ? __local_bh_enable_ip+0x37/0x150 [ 51.166745] ? _raw_spin_unlock_bh+0x4b/0x60 [ 51.171154] ? udp_lib_get_port+0x2958/0x2de0 [ 51.175650] ? kmsan_set_origin_inline+0x6b/0x120 [ 51.180493] ? __local_bh_enable_ip+0x37/0x150 [ 51.185069] ? _raw_spin_unlock_bh+0x4b/0x60 [ 51.189502] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 51.194257] inet_sendmsg+0x49a/0x740 [ 51.198054] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 51.203430] ___sys_sendmsg+0xe70/0x1290 [ 51.207488] ? aa_label_sk_perm+0x725/0x850 [ 51.211808] ? inet_getname+0x490/0x490 [ 51.215826] __sys_sendmmsg+0x4ac/0x930 [ 51.219798] ? prepare_exit_to_usermode+0x46/0x410 [ 51.224717] ? syscall_return_slowpath+0xdb/0x700 [ 51.229569] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 51.235074] __x64_sys_sendmmsg+0x11c/0x170 [ 51.239411] ? __sys_sendmmsg+0x930/0x930 [ 51.243576] do_syscall_64+0x15b/0x220 [ 51.247496] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 51.252683] RIP: 0033:0x4403f9 [ 51.255874] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 51.274763] RSP: 002b:00007ffe840fcfe8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 51.282463] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9 [ 51.289723] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 51.296982] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 51.304246] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80 [ 51.311503] R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000 [ 51.318774] [ 51.320391] Local variable description: ----fl4_stack@udp_sendmsg [ 51.326607] Variable was created at: [ 51.330353] udp_sendmsg+0xbd/0x3b10 [ 51.334061] udpv6_sendmsg+0x13c6/0x43a0 [ 51.338125] ================================================================== [ 51.345467] Disabling lock debugging due to kernel taint [ 51.350900] Kernel panic - not syncing: panic_on_warn set ... [ 51.350900] [ 51.358258] CPU: 0 PID: 4754 Comm: syz-executor263 Tainted: G B 4.19.0-rc1+ #38 [ 51.366989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.376331] Call Trace: [ 51.378927] dump_stack+0x14b/0x190 [ 51.382571] panic+0x35d/0x8cb [ 51.385800] kmsan_report+0x2a8/0x2b0 [ 51.389618] __msan_warning+0x70/0xc0 [ 51.393424] xfrm_state_find+0x2761/0x50b0 [ 51.397688] xfrm_resolve_and_create_bundle+0x9ff/0x4a40 [ 51.403147] ? task_kmsan_context_state+0x5e/0x110 [ 51.408088] ? list_locations+0x1420/0x1700 [ 51.412422] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 51.417776] ? xfrm_expand_policies+0xa57/0xb60 [ 51.422451] xfrm_lookup_with_ifid+0x600/0x3c50 [ 51.427139] xfrm_lookup_route+0x104/0x370 [ 51.431380] ip_route_output_flow+0x33f/0x3a0 [ 51.435880] udp_sendmsg+0x2b12/0x3b10 [ 51.439767] ? kmsan_set_origin+0x93/0x150 [ 51.443995] ? ip_copy_metadata+0x10a0/0x10a0 [ 51.448486] ? kmsan_internal_poison_shadow+0x14e/0x1b0 [ 51.453878] udpv6_sendmsg+0x13c6/0x43a0 [ 51.457930] ? __local_bh_enable_ip+0x37/0x150 [ 51.462502] ? _raw_spin_unlock_bh+0x4b/0x60 [ 51.466913] ? __local_bh_enable_ip+0x37/0x150 [ 51.471491] ? _raw_spin_unlock_bh+0x4b/0x60 [ 51.475892] ? udp_lib_get_port+0x2958/0x2de0 [ 51.480389] ? kmsan_set_origin_inline+0x6b/0x120 [ 51.485232] ? __local_bh_enable_ip+0x37/0x150 [ 51.489806] ? _raw_spin_unlock_bh+0x4b/0x60 [ 51.494219] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 51.498964] inet_sendmsg+0x49a/0x740 [ 51.502756] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 51.508139] ___sys_sendmsg+0xe70/0x1290 [ 51.512207] ? aa_label_sk_perm+0x725/0x850 [ 51.516529] ? inet_getname+0x490/0x490 [ 51.520576] __sys_sendmmsg+0x4ac/0x930 [ 51.524582] ? prepare_exit_to_usermode+0x46/0x410 [ 51.529511] ? syscall_return_slowpath+0xdb/0x700 [ 51.534359] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 51.539817] __x64_sys_sendmmsg+0x11c/0x170 [ 51.544136] ? __sys_sendmmsg+0x930/0x930 [ 51.548275] do_syscall_64+0x15b/0x220 [ 51.552160] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 51.557338] RIP: 0033:0x4403f9 [ 51.560519] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 51.579426] RSP: 002b:00007ffe840fcfe8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 51.587126] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9 [ 51.594388] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 51.601646] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 51.608903] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80 [ 51.616165] R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000 [ 51.623760] Dumping ftrace buffer: [ 51.627287] (ftrace buffer empty) [ 51.630985] Kernel Offset: disabled [ 51.634606] Rebooting in 86400 seconds..