[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.217627] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.516260] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 20.777197] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.632688] random: sshd: uninitialized urandom read (32 bytes read, 90 bits of entropy available) [ 21.795955] random: sshd: uninitialized urandom read (32 bytes read, 94 bits of entropy available) Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. [ 27.179382] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available) executing program [ 27.277014] ================================================================== [ 27.284387] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x1291/0x2550 [ 27.291542] Read of size 4 at addr ffff8800ae82f740 by task syzkaller986476/3702 [ 27.299041] [ 27.300645] CPU: 1 PID: 3702 Comm: syzkaller986476 Not tainted 4.4.118-g239a415 #25 [ 27.308411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.317739] 0000000000000000 8595945b330a3625 ffff8800ae82ed98 ffffffff81d0402d [ 27.325705] ffffea0002ba0bc0 ffff8800ae82f740 0000000000000000 ffff8800ae82f740 [ 27.333675] ffff8801c990cf30 ffff8800ae82edd0 ffffffff814fe103 ffff8800ae82f740 [ 27.341643] Call Trace: [ 27.344200] [] dump_stack+0xc1/0x124 [ 27.349536] [] print_address_description+0x73/0x260 [ 27.356168] [] kasan_report+0x285/0x370 [ 27.361761] [] ? xfrm_state_find+0x1291/0x2550 [ 27.367959] [] __asan_report_load4_noabort+0x14/0x20 [ 27.374677] [] xfrm_state_find+0x1291/0x2550 [ 27.380705] [] ? is_module_text_address+0x2a/0x50 [ 27.387164] [] ? __kernel_text_address+0x6b/0xa0 [ 27.393537] [] ? xfrm_unregister_mode+0x200/0x200 [ 27.399996] [] ? check_usage_backwards+0x171/0x300 [ 27.406545] [] ? check_usage_forwards+0x310/0x310 [ 27.413013] [] xfrm_tmpl_resolve+0x298/0xab0 [ 27.419052] [] ? __xfrm_decode_session+0x100/0x100 [ 27.425603] [] ? mark_lock+0x99b/0xfd0 [ 27.431105] [] ? check_usage_forwards+0x310/0x310 [ 27.437564] [] ? __lock_acquire+0x1cff/0x4b50 [ 27.443675] [] ? __lock_acquire+0xb5f/0x4b50 [ 27.449701] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 27.456853] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.463840] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 27.470057] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 27.476356] [] ? xfrm_sk_policy_lookup+0x22c/0x360 [ 27.482905] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 27.489362] [] xfrm_lookup+0x991/0xc10 [ 27.494866] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 27.501324] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 27.508402] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 27.515470] [] ? __ip_route_output_key_hash+0xc50/0x2390 [ 27.522537] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 27.528734] [] xfrm_lookup_route+0x39/0x1a0 [ 27.534671] [] ip_route_output_flow+0x7f/0xa0 [ 27.540782] [] udp_sendmsg+0x1009/0x1c30 [ 27.546459] [] ? udp_sendmsg+0x99d/0x1c30 [ 27.552222] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 27.558335] [] ? udp_seq_next+0x80/0x80 [ 27.563927] [] ? do_ipv6_setsockopt.isra.8+0x23fc/0x3030 [ 27.570993] [] ? __lock_acquire+0xb5f/0x4b50 [ 27.577025] [] ? mark_held_locks+0xaf/0x100 [ 27.582967] [] udpv6_sendmsg+0x56d/0x2500 [ 27.588733] [] ? avc_has_perm+0x296/0x500 [ 27.594498] [] ? udp6_lib_lookup+0x60/0x60 [ 27.600350] [] ? avc_has_perm_noaudit+0x460/0x460 [ 27.606809] [] ? sock_has_perm+0x1c1/0x400 [ 27.612659] [] ? sock_has_perm+0x29f/0x400 [ 27.618517] [] ? sock_has_perm+0x9f/0x400 [ 27.624287] [] ? inet_sendmsg+0x201/0x4c0 [ 27.630050] [] inet_sendmsg+0x2bc/0x4c0 [ 27.635642] [] ? inet_sendmsg+0x73/0x4c0 [ 27.641325] [] ? inet_recvmsg+0x4c0/0x4c0 [ 27.647093] [] sock_sendmsg+0xca/0x110 [ 27.652596] [] ___sys_sendmsg+0x6c1/0x7c0 [ 27.658363] [] ? copy_msghdr_from_user+0x550/0x550 [ 27.664908] [] ? avc_has_perm_noaudit+0x460/0x460 [ 27.671368] [] ? sock_has_perm+0x1c1/0x400 [ 27.677218] [] ? sock_has_perm+0x29f/0x400 [ 27.683070] [] ? sock_has_perm+0x9f/0x400 [ 27.688833] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 27.695902] [] ? selinux_netlbl_socket_setsockopt+0x117/0x320 [ 27.703405] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 27.710126] [] ? __fget_light+0xa3/0x1e0 [ 27.715803] [] ? __fdget+0x18/0x20 [ 27.720960] [] __sys_sendmsg+0xd3/0x190 [ 27.726551] [] ? SyS_shutdown+0x1b0/0x1b0 [ 27.732322] [] ? sock_common_setsockopt+0x95/0xd0 [ 27.738788] [] ? SyS_setsockopt+0x17f/0x250 [ 27.744732] [] ? vmacache_update+0xfe/0x130 [ 27.750675] [] SyS_sendmsg+0x2d/0x50 [ 27.756008] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 27.762551] [ 27.764145] The buggy address belongs to the page: [ 27.769043] page:ffffea0002ba0bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.777149] flags: 0x4000000000000000() [ 27.781201] page dumped because: kasan: bad access detected [ 27.786874] [ 27.788469] Memory state around the buggy address: [ 27.793364] ffff8800ae82f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 27.800689] ffff8800ae82f680: f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 [ 27.808015] >ffff8800ae82f700: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 [ 27.815339] ^ [ 27.820756] ffff8800ae82f780: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 [ 27.828082] ffff8800ae82f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.835409] ================================================================== [ 27.842733] Disabling lock debugging due to kernel taint [ 27.848192] Kernel panic - not syncing: panic_on_warn set ... [ 27.848192] [ 27.855531] CPU: 1 PID: 3702 Comm: syzkaller986476 Tainted: G B 4.4.118-g239a415 #25 [ 27.864504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.873824] 0000000000000000 8595945b330a3625 ffff8800ae82ecf0 ffffffff81d0402d [ 27.881821] ffffffff83fb58a5 ffff8800ae82edc8 0000000000000000 ffff8800ae82f740 [ 27.889796] ffff8801c990cf30 ffff8800ae82edb8 ffffffff8141aaea 0000000041b58ab3 [ 27.897781] Call Trace: [ 27.900341] [] dump_stack+0xc1/0x124 [ 27.905681] [] panic+0x1aa/0x388 [ 27.910669] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 27.917562] [] ? add_taint+0x1c/0x50 [ 27.922891] [] kasan_end_report+0x50/0x50 [ 27.928654] [] kasan_report+0x15c/0x370 [ 27.934244] [] ? xfrm_state_find+0x1291/0x2550 [ 27.940445] [] __asan_report_load4_noabort+0x14/0x20 [ 27.947162] [] xfrm_state_find+0x1291/0x2550 [ 27.953191] [] ? is_module_text_address+0x2a/0x50 [ 27.959653] [] ? __kernel_text_address+0x6b/0xa0 [ 27.966028] [] ? xfrm_unregister_mode+0x200/0x200 [ 27.972489] [] ? check_usage_backwards+0x171/0x300 [ 27.979036] [] ? check_usage_forwards+0x310/0x310 [ 27.985495] [] xfrm_tmpl_resolve+0x298/0xab0 [ 27.991520] [] ? __xfrm_decode_session+0x100/0x100 [ 27.998067] [] ? mark_lock+0x99b/0xfd0 [ 28.003571] [] ? check_usage_forwards+0x310/0x310 [ 28.010034] [] ? __lock_acquire+0x1cff/0x4b50 [ 28.016146] [] ? __lock_acquire+0xb5f/0x4b50 [ 28.022173] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 28.029329] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.036315] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 28.042516] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 28.048801] [] ? xfrm_sk_policy_lookup+0x22c/0x360 [ 28.055347] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 28.061805] [] xfrm_lookup+0x991/0xc10 [ 28.067312] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 28.073770] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 28.080838] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 28.087905] [] ? __ip_route_output_key_hash+0xc50/0x2390 [ 28.094972] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 28.101170] [] xfrm_lookup_route+0x39/0x1a0 [ 28.107107] [] ip_route_output_flow+0x7f/0xa0 [ 28.113220] [] udp_sendmsg+0x1009/0x1c30 [ 28.118899] [] ? udp_sendmsg+0x99d/0x1c30 [ 28.124668] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 28.130781] [] ? udp_seq_next+0x80/0x80 [ 28.136373] [] ? do_ipv6_setsockopt.isra.8+0x23fc/0x3030 [ 28.143439] [] ? __lock_acquire+0xb5f/0x4b50 [ 28.149464] [] ? mark_held_locks+0xaf/0x100 [ 28.155407] [] udpv6_sendmsg+0x56d/0x2500 [ 28.161174] [] ? avc_has_perm+0x296/0x500 [ 28.166941] [] ? udp6_lib_lookup+0x60/0x60 [ 28.172790] [] ? avc_has_perm_noaudit+0x460/0x460 [ 28.179250] [] ? sock_has_perm+0x1c1/0x400 [ 28.185103] [] ? sock_has_perm+0x29f/0x400 [ 28.190955] [] ? sock_has_perm+0x9f/0x400 [ 28.196724] [] ? inet_sendmsg+0x201/0x4c0 [ 28.202489] [] inet_sendmsg+0x2bc/0x4c0 [ 28.208082] [] ? inet_sendmsg+0x73/0x4c0 [ 28.213761] [] ? inet_recvmsg+0x4c0/0x4c0 [ 28.219525] [] sock_sendmsg+0xca/0x110 [ 28.225032] [] ___sys_sendmsg+0x6c1/0x7c0 [ 28.230803] [] ? copy_msghdr_from_user+0x550/0x550 [ 28.237357] [] ? avc_has_perm_noaudit+0x460/0x460 [ 28.243816] [] ? sock_has_perm+0x1c1/0x400 [ 28.249668] [] ? sock_has_perm+0x29f/0x400 [ 28.255519] [] ? sock_has_perm+0x9f/0x400 [ 28.261283] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 28.268353] [] ? selinux_netlbl_socket_setsockopt+0x117/0x320 [ 28.275858] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 28.282577] [] ? __fget_light+0xa3/0x1e0 [ 28.288256] [] ? __fdget+0x18/0x20 [ 28.293415] [] __sys_sendmsg+0xd3/0x190 [ 28.299007] [] ? SyS_shutdown+0x1b0/0x1b0 [ 28.304772] [] ? sock_common_setsockopt+0x95/0xd0 [ 28.311232] [] ? SyS_setsockopt+0x17f/0x250 [ 28.317173] [] ? vmacache_update+0xfe/0x130 [ 28.323110] [] SyS_sendmsg+0x2d/0x50 [ 28.328443] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.335431] Dumping ftrace buffer: [ 28.338944] (ftrace buffer empty) [ 28.342623] Kernel Offset: disabled [ 28.346220] Rebooting in 86400 seconds..