[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.850897] random: sshd: uninitialized urandom read (32 bytes read, 30 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 19.969709] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.260301] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [ 21.266823] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) [ 31.455486] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. executing program [ 36.970140] ================================================================== [ 36.977553] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x1291/0x2550 [ 36.984715] Read of size 4 at addr ffff8801c8d57740 by task syzkaller524275/3754 [ 36.992226] [ 36.993868] CPU: 1 PID: 3754 Comm: syzkaller524275 Not tainted 4.4.125-g38f41ec #63 [ 37.001632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.010959] 0000000000000000 148fc05ae6051807 ffff8801c8d56d98 ffffffff81d067bd [ 37.018927] ffffea00072355c0 ffff8801c8d57740 0000000000000000 ffff8801c8d57740 [ 37.026919] ffff8801c8fb02b0 ffff8801c8d56dd0 ffffffff814fea83 ffff8801c8d57740 [ 37.034889] Call Trace: [ 37.037453] [] dump_stack+0xc1/0x124 [ 37.042793] [] print_address_description+0x73/0x260 [ 37.049429] [] kasan_report+0x285/0x370 [ 37.055034] [] ? xfrm_state_find+0x1291/0x2550 [ 37.061241] [] __asan_report_load4_noabort+0x14/0x20 [ 37.067968] [] xfrm_state_find+0x1291/0x2550 [ 37.074003] [] ? xfrm_unregister_mode+0x200/0x200 [ 37.080479] [] ? check_usage_backwards+0x171/0x300 [ 37.087047] [] ? check_usage_forwards+0x310/0x310 [ 37.093608] [] xfrm_tmpl_resolve+0x298/0xab0 [ 37.099642] [] ? __xfrm_decode_session+0x100/0x100 [ 37.106194] [] ? mark_lock+0x99b/0xfd0 [ 37.111705] [] ? check_usage_forwards+0x310/0x310 [ 37.118168] [] ? __lock_acquire+0x1cff/0x4b50 [ 37.124287] [] ? __lock_acquire+0xb5f/0x4b50 [ 37.130315] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 37.137477] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 37.144472] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 37.150676] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 37.156966] [] ? xfrm_sk_policy_lookup+0x22c/0x360 [ 37.163522] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 37.169985] [] xfrm_lookup+0x991/0xc10 [ 37.175498] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 37.181965] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 37.189123] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 37.196192] [] ? __ip_route_output_key_hash+0xc50/0x2390 [ 37.203262] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 37.209464] [] xfrm_lookup_route+0x39/0x1a0 [ 37.215431] [] ip_route_output_flow+0x7f/0xa0 [ 37.221548] [] udp_sendmsg+0x1009/0x1c30 [ 37.227230] [] ? udp_sendmsg+0x99d/0x1c30 [ 37.233004] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 37.239133] [] ? udp_seq_next+0x80/0x80 [ 37.244732] [] ? do_ipv6_setsockopt.isra.8+0x23fc/0x3030 [ 37.251809] [] ? mark_held_locks+0xaf/0x100 [ 37.257754] [] ? __lock_acquire+0xb5f/0x4b50 [ 37.263802] [] ? mark_held_locks+0xaf/0x100 [ 37.269750] [] ? quarantine_put+0xab/0x180 [ 37.275632] [] udpv6_sendmsg+0x56d/0x2500 [ 37.281402] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 37.288387] [] ? udp6_lib_lookup+0x60/0x60 [ 37.294246] [] ? sock_has_perm+0x1c1/0x400 [ 37.300100] [] ? sock_has_perm+0x29f/0x400 [ 37.305956] [] ? sock_has_perm+0x9f/0x400 [ 37.311730] [] ? inet_sendmsg+0x201/0x4c0 [ 37.317496] [] inet_sendmsg+0x2bc/0x4c0 [ 37.323090] [] ? inet_sendmsg+0x73/0x4c0 [ 37.328771] [] ? inet_recvmsg+0x4c0/0x4c0 [ 37.334539] [] sock_sendmsg+0xca/0x110 [ 37.340045] [] ___sys_sendmsg+0x6c1/0x7c0 [ 37.345813] [] ? udp_v6_get_port+0xd0/0xd0 [ 37.351671] [] ? copy_msghdr_from_user+0x550/0x550 [ 37.358221] [] ? sock_has_perm+0x1c1/0x400 [ 37.364077] [] ? sock_has_perm+0x29f/0x400 [ 37.369930] [] ? sock_has_perm+0x9f/0x400 [ 37.375698] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 37.382769] [] ? selinux_netlbl_socket_setsockopt+0x117/0x320 [ 37.390288] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.397018] [] ? __fget_light+0xa3/0x1e0 [ 37.402699] [] ? __fdget+0x18/0x20 [ 37.407859] [] __sys_sendmsg+0xd3/0x190 [ 37.413454] [] ? SyS_shutdown+0x1b0/0x1b0 [ 37.419218] [] ? sock_common_setsockopt+0x95/0xd0 [ 37.425680] [] ? SyS_setsockopt+0x17f/0x250 [ 37.431620] [] ? vmacache_update+0xfe/0x130 [ 37.437562] [] SyS_sendmsg+0x2d/0x50 [ 37.442897] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 37.449445] [ 37.451041] The buggy address belongs to the page: [ 37.455942] page:ffffea00072355c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 37.464051] flags: 0x8000000000000000() [ 37.468128] page dumped because: kasan: bad access detected [ 37.473804] [ 37.475401] Memory state around the buggy address: [ 37.480299] ffff8801c8d57600: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 37.487628] ffff8801c8d57680: f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 [ 37.494956] >ffff8801c8d57700: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 [ 37.502285] ^ [ 37.507706] ffff8801c8d57780: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 [ 37.515047] ffff8801c8d57800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.522377] ================================================================== [ 37.529715] Disabling lock debugging due to kernel taint [ 37.535189] Kernel panic - not syncing: panic_on_warn set ... [ 37.535189] [ 37.542527] CPU: 1 PID: 3754 Comm: syzkaller524275 Tainted: G B 4.4.125-g38f41ec #63 [ 37.551505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.560828] 0000000000000000 148fc05ae6051807 ffff8801c8d56cf0 ffffffff81d067bd [ 37.568799] ffffffff83fb764d ffff8801c8d56dc8 0000000000000000 ffff8801c8d57740 [ 37.576764] ffff8801c8fb02b0 ffff8801c8d56db8 ffffffff8141b46a 0000000041b58ab3 [ 37.584736] Call Trace: [ 37.587294] [] dump_stack+0xc1/0x124 [ 37.592629] [] panic+0x1aa/0x388 [ 37.597617] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 37.604602] [] ? add_taint+0x1c/0x50 [ 37.610035] [] kasan_end_report+0x50/0x50 [ 37.615809] [] kasan_report+0x15c/0x370 [ 37.621406] [] ? xfrm_state_find+0x1291/0x2550 [ 37.627610] [] __asan_report_load4_noabort+0x14/0x20 [ 37.634334] [] xfrm_state_find+0x1291/0x2550 [ 37.640361] [] ? xfrm_unregister_mode+0x200/0x200 [ 37.646826] [] ? check_usage_backwards+0x171/0x300 [ 37.653392] [] ? check_usage_forwards+0x310/0x310 [ 37.659866] [] xfrm_tmpl_resolve+0x298/0xab0 [ 37.665895] [] ? __xfrm_decode_session+0x100/0x100 [ 37.672465] [] ? mark_lock+0x99b/0xfd0 [ 37.677976] [] ? check_usage_forwards+0x310/0x310 [ 37.684439] [] ? __lock_acquire+0x1cff/0x4b50 [ 37.690554] [] ? __lock_acquire+0xb5f/0x4b50 [ 37.696586] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 37.703743] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 37.710726] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 37.716931] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 37.723224] [] ? xfrm_sk_policy_lookup+0x22c/0x360 [ 37.729774] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 37.736239] [] xfrm_lookup+0x991/0xc10 [ 37.741747] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 37.748212] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 37.755285] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 37.762380] [] ? __ip_route_output_key_hash+0xc50/0x2390 [ 37.769624] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 37.776428] [] xfrm_lookup_route+0x39/0x1a0 [ 37.782378] [] ip_route_output_flow+0x7f/0xa0 [ 37.788498] [] udp_sendmsg+0x1009/0x1c30 [ 37.794179] [] ? udp_sendmsg+0x99d/0x1c30 [ 37.799959] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 37.806089] [] ? udp_seq_next+0x80/0x80 [ 37.811689] [] ? do_ipv6_setsockopt.isra.8+0x23fc/0x3030 [ 37.818762] [] ? mark_held_locks+0xaf/0x100 [ 37.824706] [] ? __lock_acquire+0xb5f/0x4b50 [ 37.830736] [] ? mark_held_locks+0xaf/0x100 [ 37.836679] [] ? quarantine_put+0xab/0x180 [ 37.842534] [] udpv6_sendmsg+0x56d/0x2500 [ 37.848301] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 37.855288] [] ? udp6_lib_lookup+0x60/0x60 [ 37.861148] [] ? sock_has_perm+0x1c1/0x400 [ 37.867001] [] ? sock_has_perm+0x29f/0x400 [ 37.872854] [] ? sock_has_perm+0x9f/0x400 [ 37.878631] [] ? inet_sendmsg+0x201/0x4c0 [ 37.884400] [] inet_sendmsg+0x2bc/0x4c0 [ 37.889995] [] ? inet_sendmsg+0x73/0x4c0 [ 37.895678] [] ? inet_recvmsg+0x4c0/0x4c0 [ 37.901448] [] sock_sendmsg+0xca/0x110 [ 37.906958] [] ___sys_sendmsg+0x6c1/0x7c0 [ 37.912730] [] ? udp_v6_get_port+0xd0/0xd0 [ 37.918583] [] ? copy_msghdr_from_user+0x550/0x550 [ 37.925136] [] ? sock_has_perm+0x1c1/0x400 [ 37.930994] [] ? sock_has_perm+0x29f/0x400 [ 37.936847] [] ? sock_has_perm+0x9f/0x400 [ 37.942631] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 37.949703] [] ? selinux_netlbl_socket_setsockopt+0x117/0x320 [ 37.957229] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.963958] [] ? __fget_light+0xa3/0x1e0 [ 37.969637] [] ? __fdget+0x18/0x20 [ 37.974796] [] __sys_sendmsg+0xd3/0x190 [ 37.980389] [] ? SyS_shutdown+0x1b0/0x1b0 [ 37.986161] [] ? sock_common_setsockopt+0x95/0xd0 [ 37.992628] [] ? SyS_setsockopt+0x17f/0x250 [ 37.998571] [] ? vmacache_update+0xfe/0x130 [ 38.004515] [] SyS_sendmsg+0x2d/0x50 [ 38.009859] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 38.016882] Dumping ftrace buffer: [ 38.020397] (ftrace buffer empty) [ 38.024087] Kernel Offset: disabled [ 38.027683] Rebooting in 86400 seconds..