[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 30.146235] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.542147] random: sshd: uninitialized urandom read (32 bytes read) [ 33.992862] random: sshd: uninitialized urandom read (32 bytes read) [ 35.149199] random: sshd: uninitialized urandom read (32 bytes read) [ 43.813441] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. [ 49.383480] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 49.490231] ================================================================== [ 49.497630] BUG: KMSAN: uninit-value in xfrm_state_find+0x2b15/0x4f40 [ 49.504187] CPU: 0 PID: 4485 Comm: syz-executor171 Not tainted 4.17.0-rc3+ #93 [ 49.511518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.520847] Call Trace: [ 49.523414] dump_stack+0x185/0x1d0 [ 49.527015] ? xfrm_state_find+0x2b15/0x4f40 [ 49.531414] kmsan_report+0x142/0x240 [ 49.535194] __msan_warning_32+0x6c/0xb0 [ 49.539230] xfrm_state_find+0x2b15/0x4f40 [ 49.543461] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.548832] xfrm_resolve_and_create_bundle+0xc31/0x5270 [ 49.554269] ? __msan_poison_alloca+0x15c/0x1d0 [ 49.558924] ? xfrm_expand_policies+0x9a/0xb60 [ 49.563490] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 49.568844] xfrm_lookup+0x606/0x39d0 [ 49.572634] xfrm_lookup_route+0xfa/0x360 [ 49.576762] ip_route_output_flow+0x35b/0x3b0 [ 49.581237] udp_sendmsg+0x2289/0x33f0 [ 49.585099] ? kmsan_set_origin_inline+0x6b/0x120 [ 49.589914] ? ip_copy_metadata+0xee0/0xee0 [ 49.594217] udpv6_sendmsg+0x1291/0x3f40 [ 49.598255] ? __local_bh_enable_ip+0x3b/0x140 [ 49.602813] ? _raw_spin_unlock_bh+0x57/0x70 [ 49.607213] ? udp_lib_get_port+0x28e1/0x2d70 [ 49.611685] ? kmsan_set_origin_inline+0x6b/0x120 [ 49.616502] ? _raw_spin_unlock_bh+0x57/0x70 [ 49.620882] ? _raw_spin_unlock_bh+0x57/0x70 [ 49.625264] ? __local_bh_enable_ip+0x3b/0x140 [ 49.629821] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 49.634550] inet_sendmsg+0x48d/0x740 [ 49.638327] ? inet_getname+0x4a0/0x4a0 [ 49.642279] ___sys_sendmsg+0xec0/0x1310 [ 49.646314] ? __fdget+0x4e/0x60 [ 49.649662] __sys_sendmmsg+0x490/0x850 [ 49.653611] ? syscall_return_slowpath+0xe9/0x700 [ 49.658440] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 49.663344] ? syscall_return_slowpath+0xe9/0x700 [ 49.668168] __x64_sys_sendmmsg+0x11c/0x170 [ 49.672466] do_syscall_64+0x154/0x220 [ 49.676329] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.681494] RIP: 0033:0x43ffe9 [ 49.684658] RSP: 002b:00007ffe76e0c768 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 49.692346] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffe9 [ 49.699589] RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003 [ 49.706833] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 49.714087] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401910 [ 49.721332] R13: 00000000004019a0 R14: 0000000000000000 R15: 0000000000000000 [ 49.728580] [ 49.730180] Local variable description: ----fl4_stack@udp_sendmsg [ 49.736380] Variable was created at: [ 49.740067] udp_sendmsg+0xe5/0x33f0 [ 49.743840] udpv6_sendmsg+0x1291/0x3f40 [ 49.747869] ================================================================== [ 49.755196] Disabling lock debugging due to kernel taint [ 49.760617] Kernel panic - not syncing: panic_on_warn set ... [ 49.760617] [ 49.767967] CPU: 0 PID: 4485 Comm: syz-executor171 Tainted: G B 4.17.0-rc3+ #93 [ 49.776685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.786010] Call Trace: [ 49.788571] dump_stack+0x185/0x1d0 [ 49.792174] panic+0x39d/0x940 [ 49.795356] ? xfrm_state_find+0x2b15/0x4f40 [ 49.799749] kmsan_report+0x238/0x240 [ 49.803524] __msan_warning_32+0x6c/0xb0 [ 49.807557] xfrm_state_find+0x2b15/0x4f40 [ 49.811765] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.817117] xfrm_resolve_and_create_bundle+0xc31/0x5270 [ 49.822548] ? __msan_poison_alloca+0x15c/0x1d0 [ 49.827191] ? xfrm_expand_policies+0x9a/0xb60 [ 49.831746] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 49.837087] xfrm_lookup+0x606/0x39d0 [ 49.840871] xfrm_lookup_route+0xfa/0x360 [ 49.845010] ip_route_output_flow+0x35b/0x3b0 [ 49.849485] udp_sendmsg+0x2289/0x33f0 [ 49.853348] ? kmsan_set_origin_inline+0x6b/0x120 [ 49.858163] ? ip_copy_metadata+0xee0/0xee0 [ 49.862472] udpv6_sendmsg+0x1291/0x3f40 [ 49.866506] ? __local_bh_enable_ip+0x3b/0x140 [ 49.871061] ? _raw_spin_unlock_bh+0x57/0x70 [ 49.875459] ? udp_lib_get_port+0x28e1/0x2d70 [ 49.879936] ? kmsan_set_origin_inline+0x6b/0x120 [ 49.884756] ? _raw_spin_unlock_bh+0x57/0x70 [ 49.889147] ? _raw_spin_unlock_bh+0x57/0x70 [ 49.893531] ? __local_bh_enable_ip+0x3b/0x140 [ 49.898101] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 49.902833] inet_sendmsg+0x48d/0x740 [ 49.906610] ? inet_getname+0x4a0/0x4a0 [ 49.910565] ___sys_sendmsg+0xec0/0x1310 [ 49.914605] ? __fdget+0x4e/0x60 [ 49.917951] __sys_sendmmsg+0x490/0x850 [ 49.921900] ? syscall_return_slowpath+0xe9/0x700 [ 49.926719] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 49.931621] ? syscall_return_slowpath+0xe9/0x700 [ 49.936447] __x64_sys_sendmmsg+0x11c/0x170 [ 49.940744] do_syscall_64+0x154/0x220 [ 49.944615] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.949783] RIP: 0033:0x43ffe9 [ 49.952956] RSP: 002b:00007ffe76e0c768 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 49.960654] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffe9 [ 49.967897] RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003 [ 49.975141] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 49.982387] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401910 [ 49.989647] R13: 00000000004019a0 R14: 0000000000000000 R15: 0000000000000000 [ 49.997292] Dumping ftrace buffer: [ 50.000812] (ftrace buffer empty) [ 50.004502] Kernel Offset: disabled [ 50.008127] Rebooting in 86400 seconds..