[ 16.767348] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 17.313085] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 17.495957] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.306716] random: sshd: uninitialized urandom read (32 bytes read, 98 bits of entropy available) [ 18.484850] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available) Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. [ 23.892080] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) executing program [ 23.990740] ================================================================== [ 23.998127] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x1291/0x2550 [ 24.005286] Read of size 4 at addr ffff8801cca2f870 by task syzkaller098098/3314 [ 24.012782] [ 24.014381] CPU: 1 PID: 3314 Comm: syzkaller098098 Not tainted 4.4.107-g610c835 #12 [ 24.022143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.031465] 0000000000000000 38f9e41337ba656b ffff8801cca2eec8 ffffffff81d0457d [ 24.039419] ffffea0007328bc0 ffff8801cca2f870 0000000000000000 ffff8801cca2f870 [ 24.047387] ffff8800b6a757b0 ffff8801cca2ef00 ffffffff814fbb23 ffff8801cca2f870 [ 24.055345] Call Trace: [ 24.057899] [] dump_stack+0xc1/0x124 [ 24.063230] [] print_address_description+0x73/0x260 [ 24.069860] [] kasan_report+0x285/0x370 [ 24.075450] [] ? xfrm_state_find+0x1291/0x2550 [ 24.081667] [] __asan_report_load4_noabort+0x14/0x20 [ 24.088393] [] xfrm_state_find+0x1291/0x2550 [ 24.094421] [] ? get_page_from_freelist+0x7a8/0x1a70 [ 24.101140] [] ? xfrm_unregister_mode+0x200/0x200 [ 24.107601] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.114580] [] ? noop_count+0x40/0x40 [ 24.120005] [] ? check_usage_backwards+0x171/0x300 [ 24.126560] [] ? check_usage_forwards+0x310/0x310 [ 24.133019] [] xfrm_tmpl_resolve+0x298/0xab0 [ 24.139043] [] ? __xfrm_decode_session+0x100/0x100 [ 24.145588] [] ? mark_lock+0x99b/0xfd0 [ 24.151089] [] ? check_usage_forwards+0x310/0x310 [ 24.157548] [] ? __lock_acquire+0x1cff/0x4b50 [ 24.163667] [] ? __lock_acquire+0xb5f/0x4b50 [ 24.169700] [] ? save_stack_trace+0x26/0x50 [ 24.175647] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 24.182809] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.189794] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 24.196002] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.202303] [] ? xfrm_sk_policy_lookup+0x1e3/0x310 [ 24.208857] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 24.215316] [] xfrm_lookup+0x991/0xc10 [ 24.220818] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 24.227277] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 24.234350] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 24.241413] [] ? __ip_route_output_key_hash+0x16a/0x2390 [ 24.248475] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 24.254672] [] xfrm_lookup_route+0x39/0x1a0 [ 24.260607] [] ip_route_output_flow+0x7f/0xa0 [ 24.266718] [] udp_sendmsg+0x1009/0x1c30 [ 24.272394] [] ? udp_sendmsg+0x99d/0x1c30 [ 24.278157] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 24.284278] [] ? udp_seq_next+0x80/0x80 [ 24.289874] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.296852] [] ? mark_held_locks+0xaf/0x100 [ 24.302799] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.309085] [] udpv6_sendmsg+0x56d/0x2500 [ 24.314846] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.321137] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 24.327943] [] ? udp_lib_get_port+0x688/0xeb0 [ 24.334053] [] ? udp6_lib_lookup+0x60/0x60 [ 24.339902] [] ? ndisc_cleanup+0x40/0x40 [ 24.345587] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.351883] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 24.358690] [] ? release_sock+0x3be/0x510 [ 24.364461] [] ? trace_hardirqs_on+0xd/0x10 [ 24.370397] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.376684] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 24.382882] [] ? release_sock+0x3be/0x510 [ 24.388652] [] ? udp_v6_get_port+0xa7/0xd0 [ 24.394503] [] inet_sendmsg+0x2bc/0x4c0 [ 24.400101] [] ? inet_sendmsg+0x73/0x4c0 [ 24.405793] [] ? inet_recvmsg+0x4c0/0x4c0 [ 24.411554] [] sock_sendmsg+0xca/0x110 [ 24.417054] [] SYSC_sendto+0x2c8/0x340 [ 24.422555] [] ? SYSC_connect+0x310/0x310 [ 24.428328] [] ? handle_mm_fault+0xbf5/0x3190 [ 24.434447] [] ? _raw_spin_unlock+0x2c/0x50 [ 24.440388] [] ? handle_mm_fault+0x3f2/0x3190 [ 24.446499] [] ? __do_page_fault+0x380/0xa00 [ 24.452519] [] ? retint_user+0x18/0x20 [ 24.458028] [] SyS_sendto+0x40/0x50 [ 24.463274] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 24.469815] [ 24.471405] The buggy address belongs to the page: [ 24.476316] page:ffffea0007328bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 24.484421] flags: 0x8000000000000000() [ 24.488486] page dumped because: kasan: bad access detected [ 24.494156] [ 24.495749] Memory state around the buggy address: [ 24.500641] ffff8801cca2f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.507962] ffff8801cca2f780: 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 [ 24.515295] >ffff8801cca2f800: 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 [ 24.522624] ^ [ 24.529603] ffff8801cca2f880: f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 [ 24.536933] ffff8801cca2f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.544254] ================================================================== [ 24.551576] Disabling lock debugging due to kernel taint [ 24.557018] Kernel panic - not syncing: panic_on_warn set ... [ 24.557018] [ 24.564358] CPU: 1 PID: 3314 Comm: syzkaller098098 Tainted: G B 4.4.107-g610c835 #12 [ 24.573334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.582665] 0000000000000000 38f9e41337ba656b ffff8801cca2ee20 ffffffff81d0457d [ 24.590615] ffffffff83fb2cde ffff8801cca2eef8 0000000000000000 ffff8801cca2f870 [ 24.598560] ffff8800b6a757b0 ffff8801cca2eee8 ffffffff8141774a 0000000041b58ab3 [ 24.606501] Call Trace: [ 24.609059] [] dump_stack+0xc1/0x124 [ 24.614388] [] panic+0x1aa/0x388 [ 24.619368] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 24.626261] [] ? add_taint+0x1c/0x50 [ 24.631590] [] kasan_end_report+0x50/0x50 [ 24.637353] [] kasan_report+0x15c/0x370 [ 24.642949] [] ? xfrm_state_find+0x1291/0x2550 [ 24.649146] [] __asan_report_load4_noabort+0x14/0x20 [ 24.655868] [] xfrm_state_find+0x1291/0x2550 [ 24.661892] [] ? get_page_from_freelist+0x7a8/0x1a70 [ 24.668611] [] ? xfrm_unregister_mode+0x200/0x200 [ 24.675072] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.682049] [] ? noop_count+0x40/0x40 [ 24.687465] [] ? check_usage_backwards+0x171/0x300 [ 24.694015] [] ? check_usage_forwards+0x310/0x310 [ 24.700483] [] xfrm_tmpl_resolve+0x298/0xab0 [ 24.706516] [] ? __xfrm_decode_session+0x100/0x100 [ 24.713060] [] ? mark_lock+0x99b/0xfd0 [ 24.718564] [] ? check_usage_forwards+0x310/0x310 [ 24.725035] [] ? __lock_acquire+0x1cff/0x4b50 [ 24.731143] [] ? __lock_acquire+0xb5f/0x4b50 [ 24.737165] [] ? save_stack_trace+0x26/0x50 [ 24.743104] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 24.750255] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.757233] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 24.763433] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.769718] [] ? xfrm_sk_policy_lookup+0x1e3/0x310 [ 24.776265] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 24.782721] [] xfrm_lookup+0x991/0xc10 [ 24.788222] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 24.794681] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 24.801756] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 24.808827] [] ? __ip_route_output_key_hash+0x16a/0x2390 [ 24.815891] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 24.822096] [] xfrm_lookup_route+0x39/0x1a0 [ 24.828039] [] ip_route_output_flow+0x7f/0xa0 [ 24.834150] [] udp_sendmsg+0x1009/0x1c30 [ 24.839832] [] ? udp_sendmsg+0x99d/0x1c30 [ 24.845595] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 24.851703] [] ? udp_seq_next+0x80/0x80 [ 24.857292] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.864269] [] ? mark_held_locks+0xaf/0x100 [ 24.870211] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.876496] [] udpv6_sendmsg+0x56d/0x2500 [ 24.882259] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.888556] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 24.895363] [] ? udp_lib_get_port+0x688/0xeb0 [ 24.901472] [] ? udp6_lib_lookup+0x60/0x60 [ 24.907330] [] ? ndisc_cleanup+0x40/0x40 [ 24.913007] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.919292] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 24.926098] [] ? release_sock+0x3be/0x510 [ 24.931862] [] ? trace_hardirqs_on+0xd/0x10 [ 24.937808] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 24.944092] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 24.950289] [] ? release_sock+0x3be/0x510 [ 24.956061] [] ? udp_v6_get_port+0xa7/0xd0 [ 24.961911] [] inet_sendmsg+0x2bc/0x4c0 [ 24.967500] [] ? inet_sendmsg+0x73/0x4c0 [ 24.973175] [] ? inet_recvmsg+0x4c0/0x4c0 [ 24.978946] [] sock_sendmsg+0xca/0x110 [ 24.984447] [] SYSC_sendto+0x2c8/0x340 [ 24.989948] [] ? SYSC_connect+0x310/0x310 [ 24.995712] [] ? handle_mm_fault+0xbf5/0x3190 [ 25.001822] [] ? _raw_spin_unlock+0x2c/0x50 [ 25.007758] [] ? handle_mm_fault+0x3f2/0x3190 [ 25.013870] [] ? __do_page_fault+0x380/0xa00 [ 25.019899] [] ? retint_user+0x18/0x20 [ 25.025409] [] SyS_sendto+0x40/0x50 [ 25.030657] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 25.037239] Dumping ftrace buffer: [ 25.040749] (ftrace buffer empty) [ 25.044427] Kernel Offset: disabled [ 25.048025] Rebooting in 86400 seconds..