[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.950719] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.582830] random: sshd: uninitialized urandom read (32 bytes read) [ 35.183751] random: sshd: uninitialized urandom read (32 bytes read) [ 36.327288] random: sshd: uninitialized urandom read (32 bytes read) [ 36.538413] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. [ 42.040312] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 [ 42.150146] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 42.422997] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.429441] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.436772] device bridge_slave_0 entered promiscuous mode [ 42.457379] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.463793] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.471009] device bridge_slave_1 entered promiscuous mode [ 42.491616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.512771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.538812] ip (4508) used greatest stack depth: 53800 bytes left [ 42.572434] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.595954] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.684668] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.691950] team0: Port device team_slave_0 added [ 42.712157] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.719558] team0: Port device team_slave_1 added [ 42.740161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.763501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.786985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.810496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 42.986542] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.992973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.999746] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.006165] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 43.653941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.719079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.783697] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.790227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.797754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.860684] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 44.240373] ================================================================== [ 44.247779] BUG: KMSAN: uninit-value in xfrm_state_find+0x2b15/0x4f40 [ 44.254339] CPU: 0 PID: 4464 Comm: syz-executor988 Not tainted 4.17.0-rc3+ #93 [ 44.261672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.271002] Call Trace: [ 44.273710] dump_stack+0x185/0x1d0 [ 44.277315] ? xfrm_state_find+0x2b15/0x4f40 [ 44.281712] kmsan_report+0x142/0x240 [ 44.285489] __msan_warning_32+0x6c/0xb0 [ 44.289526] xfrm_state_find+0x2b15/0x4f40 [ 44.293741] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.299104] xfrm_resolve_and_create_bundle+0xc31/0x5270 [ 44.304539] ? __msan_poison_alloca+0x15c/0x1d0 [ 44.309188] ? xfrm_expand_policies+0x9a/0xb60 [ 44.313747] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 44.319097] xfrm_lookup+0x606/0x39d0 [ 44.322889] xfrm_lookup_route+0xfa/0x360 [ 44.327026] ip_route_output_flow+0x35b/0x3b0 [ 44.331509] udp_sendmsg+0x2289/0x33f0 [ 44.335376] ? kmsan_set_origin_inline+0x6b/0x120 [ 44.340210] ? ip_copy_metadata+0xee0/0xee0 [ 44.344520] udpv6_sendmsg+0x1291/0x3f40 [ 44.348558] ? __local_bh_enable_ip+0x3b/0x140 [ 44.353120] ? _raw_spin_unlock_bh+0x57/0x70 [ 44.357515] ? udp_lib_get_port+0x28e1/0x2d70 [ 44.361990] ? kmsan_set_origin_inline+0x6b/0x120 [ 44.366829] ? _raw_spin_unlock_bh+0x57/0x70 [ 44.371214] ? _raw_spin_unlock_bh+0x57/0x70 [ 44.375601] ? __local_bh_enable_ip+0x3b/0x140 [ 44.380162] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 44.384897] inet_sendmsg+0x48d/0x740 [ 44.388678] ? inet_getname+0x4a0/0x4a0 [ 44.392629] ___sys_sendmsg+0xec0/0x1310 [ 44.396670] ? __fdget+0x4e/0x60 [ 44.400029] __sys_sendmmsg+0x490/0x850 [ 44.403987] ? syscall_return_slowpath+0xe9/0x700 [ 44.408807] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 44.413711] ? syscall_return_slowpath+0xe9/0x700 [ 44.418535] __x64_sys_sendmmsg+0x11c/0x170 [ 44.422836] do_syscall_64+0x154/0x220 [ 44.426704] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.431879] RIP: 0033:0x4419c9 [ 44.435051] RSP: 002b:00007ffdb3fa4608 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 44.442742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004419c9 [ 44.450010] RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003 [ 44.457266] RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000 [ 44.464522] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004026c0 [ 44.471775] R13: 0000000000402750 R14: 0000000000000000 R15: 0000000000000000 [ 44.479029] [ 44.480641] Local variable description: ----fl4_stack@udp_sendmsg [ 44.486853] Variable was created at: [ 44.490547] udp_sendmsg+0xe5/0x33f0 [ 44.494248] udpv6_sendmsg+0x1291/0x3f40 [ 44.498280] ================================================================== [ 44.505612] Disabling lock debugging due to kernel taint [ 44.511040] Kernel panic - not syncing: panic_on_warn set ... [ 44.511040] [ 44.518386] CPU: 0 PID: 4464 Comm: syz-executor988 Tainted: G B 4.17.0-rc3+ #93 [ 44.527122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.536455] Call Trace: [ 44.539035] dump_stack+0x185/0x1d0 [ 44.542648] panic+0x39d/0x940 [ 44.545845] ? xfrm_state_find+0x2b15/0x4f40 [ 44.550233] kmsan_report+0x238/0x240 [ 44.554018] __msan_warning_32+0x6c/0xb0 [ 44.558076] xfrm_state_find+0x2b15/0x4f40 [ 44.562312] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.567661] xfrm_resolve_and_create_bundle+0xc31/0x5270 [ 44.573101] ? __msan_poison_alloca+0x15c/0x1d0 [ 44.577767] ? xfrm_expand_policies+0x9a/0xb60 [ 44.582340] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 44.587690] xfrm_lookup+0x606/0x39d0 [ 44.591476] xfrm_lookup_route+0xfa/0x360 [ 44.595604] ip_route_output_flow+0x35b/0x3b0 [ 44.600086] udp_sendmsg+0x2289/0x33f0 [ 44.603966] ? kmsan_set_origin_inline+0x6b/0x120 [ 44.608800] ? ip_copy_metadata+0xee0/0xee0 [ 44.613111] udpv6_sendmsg+0x1291/0x3f40 [ 44.617163] ? __local_bh_enable_ip+0x3b/0x140 [ 44.621739] ? _raw_spin_unlock_bh+0x57/0x70 [ 44.626149] ? udp_lib_get_port+0x28e1/0x2d70 [ 44.630624] ? kmsan_set_origin_inline+0x6b/0x120 [ 44.635444] ? _raw_spin_unlock_bh+0x57/0x70 [ 44.639833] ? _raw_spin_unlock_bh+0x57/0x70 [ 44.644219] ? __local_bh_enable_ip+0x3b/0x140 [ 44.648806] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 44.653542] inet_sendmsg+0x48d/0x740 [ 44.657321] ? inet_getname+0x4a0/0x4a0 [ 44.661275] ___sys_sendmsg+0xec0/0x1310 [ 44.665317] ? __fdget+0x4e/0x60 [ 44.668669] __sys_sendmmsg+0x490/0x850 [ 44.672621] ? syscall_return_slowpath+0xe9/0x700 [ 44.677443] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 44.682352] ? syscall_return_slowpath+0xe9/0x700 [ 44.687180] __x64_sys_sendmmsg+0x11c/0x170 [ 44.691490] do_syscall_64+0x154/0x220 [ 44.695357] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.700524] RIP: 0033:0x4419c9 [ 44.703690] RSP: 002b:00007ffdb3fa4608 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 44.711375] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004419c9 [ 44.718622] RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003 [ 44.725871] RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000 [ 44.733119] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004026c0 [ 44.740367] R13: 0000000000402750 R14: 0000000000000000 R15: 0000000000000000 [ 44.748307] Dumping ftrace buffer: [ 44.751836] (ftrace buffer empty) [ 44.755523] Kernel Offset: disabled [ 44.759125] Rebooting in 86400 seconds..