Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   10.639944] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.
[   10.707990] random: crng init done

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.435678] ==================================================================
[   35.436885] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x26a0/0x2910
[   35.438037] Read of size 4 at addr ffff8801cd59f6b0 by task syz-executor824/2054
[   35.439087] 
[   35.439324] CPU: 0 PID: 2054 Comm: syz-executor824 Not tainted 4.9.148+ #1
[   35.440295]  ffff8801cd59ee60 ffffffff81b44d01 0000000000000000 ffffea00073567c0
[   35.441535]  ffff8801cd59f6b0 0000000000000004 ffffffff82653050 ffff8801cd59ee98
[   35.442744]  ffffffff815020d5 0000000000000000 ffff8801cd59f6b0 ffff8801cd59f6b0
[   35.443942] Call Trace:
[   35.444430]  [<ffffffff81b44d01>] dump_stack+0xc1/0x120
[   35.445183]  [<ffffffff82653050>] ? xfrm_state_find+0x26a0/0x2910
[   35.446211]  [<ffffffff815020d5>] print_address_description+0x6f/0x238
[   35.447329]  [<ffffffff82653050>] ? xfrm_state_find+0x26a0/0x2910
[   35.448604]  [<ffffffff8150232a>] kasan_report.cold+0x8c/0x2ba
[   35.449606]  [<ffffffff814f4504>] __asan_report_load4_noabort+0x14/0x20
[   35.450792]  [<ffffffff82653050>] xfrm_state_find+0x26a0/0x2910
[   35.451805]  [<ffffffff82650c29>] ? xfrm_state_find+0x279/0x2910
[   35.452750]  [<ffffffff826509b0>] ? xfrm_unregister_mode+0x1a0/0x1a0
[   35.453729]  [<ffffffff81be614c>] ? depot_save_stack+0x19c/0x4a0
[   35.454770]  [<ffffffff81207265>] ? trace_hardirqs_on_caller+0x385/0x5a0
[   35.455701]  [<ffffffff828120a5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   35.459295]  [<ffffffff82638ad7>] xfrm_tmpl_resolve_one+0x1c7/0x7a0
[   35.465762]  [<ffffffff82638910>] ? xfrm_expand_policies.constprop.0+0x240/0x240
[   35.473284]  [<ffffffff81207a75>] ? __lock_acquire+0x5e5/0x4350
[   35.479318]  [<ffffffff822a55c5>] ? SyS_sendmmsg+0x35/0x60
[   35.484913]  [<ffffffff810056bd>] ? do_syscall_64+0x1ad/0x570
[   35.490774]  [<ffffffff82812993>] ? entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.497862]  [<ffffffff826392c6>] xfrm_resolve_and_create_bundle+0x216/0x1eb0
[   35.505110]  [<ffffffff81207490>] ? trace_hardirqs_on+0x10/0x10
[   35.511140]  [<ffffffff8120551e>] ? check_usage+0x14e/0x520
[   35.516841]  [<ffffffff826390b0>] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0
[   35.523407]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   35.530135]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   35.536954]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   35.543766]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   35.550579]  [<ffffffff8263bfff>] ? xfrm_sk_policy_lookup+0x29f/0x410
[   35.557135]  [<ffffffff8263c026>] ? xfrm_sk_policy_lookup+0x2c6/0x410
[   35.563687]  [<ffffffff8263bd60>] ? xfrm_selector_match+0xe00/0xe00
[   35.570111]  [<ffffffff82638858>] ? xfrm_expand_policies.constprop.0+0x188/0x240
[   35.577628]  [<ffffffff8263c370>] xfrm_lookup+0x200/0xaf0
[   35.583142]  [<ffffffff8263c170>] ? xfrm_sk_policy_lookup+0x410/0x410
[   35.589703]  [<ffffffff824868b0>] ? rt_set_nexthop.constprop.0+0xcd0/0xcd0
[   35.596702]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   35.603431]  [<ffffffff8263db18>] xfrm_lookup_route+0x38/0x140
[   35.609380]  [<ffffffff82488a23>] ip_route_output_flow+0x93/0xa0
[   35.615505]  [<ffffffff82568ed4>] udp_sendmsg+0x1494/0x1c60
[   35.621192]  [<ffffffff8256890a>] ? udp_sendmsg+0xeca/0x1c60
[   35.626987]  [<ffffffff824ac3d0>] ? ip_reply_glue_bits+0xb0/0xb0
[   35.633124]  [<ffffffff82567a40>] ? udp_v4_get_port+0x100/0x100
[   35.639155]  [<ffffffff81207490>] ? trace_hardirqs_on+0x10/0x10
[   35.645187]  [<ffffffff81206e91>] ? mark_held_locks+0xb1/0x100
[   35.651134]  [<ffffffff810ee80a>] ? __local_bh_enable_ip+0x6a/0xe0
[   35.657425]  [<ffffffff81207a75>] ? __lock_acquire+0x5e5/0x4350
[   35.663456]  [<ffffffff82704c6f>] udpv6_sendmsg+0x12af/0x2430
[   35.669323]  [<ffffffff81207490>] ? trace_hardirqs_on+0x10/0x10
[   35.675355]  [<ffffffff81207400>] ? trace_hardirqs_on_caller+0x520/0x5a0
[   35.682185]  [<ffffffff827039c0>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   35.689111]  [<ffffffff827bbed0>] ? inet6_hash_connect+0xd0/0xd0
[   35.695229]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   35.701981]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   35.708826]  [<ffffffff822ae7a0>] ? release_sock+0x20/0x1c0
[   35.714511]  [<ffffffff810ee80a>] ? __local_bh_enable_ip+0x6a/0xe0
[   35.720808]  [<ffffffff81207265>] ? trace_hardirqs_on_caller+0x385/0x5a0
[   35.727626]  [<ffffffff822ae8cc>] ? release_sock+0x14c/0x1c0
[   35.733395]  [<ffffffff8120748d>] ? trace_hardirqs_on+0xd/0x10
[   35.739361]  [<ffffffff810ee80a>] ? __local_bh_enable_ip+0x6a/0xe0
[   35.745671]  [<ffffffff82812051>] ? _raw_spin_unlock_bh+0x31/0x40
[   35.751876]  [<ffffffff822ae8cc>] ? release_sock+0x14c/0x1c0
[   35.757649]  [<ffffffff82592192>] inet_sendmsg+0x202/0x4d0
[   35.763247]  [<ffffffff82592006>] ? inet_sendmsg+0x76/0x4d0
[   35.768938]  [<ffffffff82591f90>] ? inet_recvmsg+0x4d0/0x4d0
[   35.774707]  [<ffffffff822a04ee>] sock_sendmsg+0xbe/0x110
[   35.780216]  [<ffffffff822a1ea7>] ___sys_sendmsg+0x387/0x8b0
[   35.785989]  [<ffffffff822a1b20>] ? copy_msghdr_from_user+0x550/0x550
[   35.792549]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   35.799378]  [<ffffffff819f0294>] ? avc_has_perm+0x164/0x3a0
[   35.805148]  [<ffffffff819f0302>] ? avc_has_perm+0x1d2/0x3a0
[   35.810923]  [<ffffffff819f01dc>] ? avc_has_perm+0xac/0x3a0
[   35.816628]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   35.823452]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   35.830271]  [<ffffffff8156c962>] ? __fget_light+0x172/0x1f0
[   35.836040]  [<ffffffff8156c9fb>] ? __fdget+0x1b/0x20
[   35.841395]  [<ffffffff822a5324>] __sys_sendmmsg+0x164/0x3d0
[   35.847228]  [<ffffffff822a51c0>] ? SyS_sendmsg+0x50/0x50
[   35.852749]  [<ffffffff82811ffd>] ? _raw_spin_unlock+0x2d/0x50
[   35.858699]  [<ffffffff82705f16>] ? udpv6_setsockopt+0x56/0x90
[   35.864708]  [<ffffffff822a706a>] ? sock_common_setsockopt+0x9a/0xe0
[   35.871182]  [<ffffffff822a4a00>] ? SyS_recv+0x40/0x40
[   35.876435]  [<ffffffff810b1ab5>] ? __do_page_fault+0x545/0xa60
[   35.882547]  [<ffffffff822a55c5>] SyS_sendmmsg+0x35/0x60
[   35.887978]  [<ffffffff822a5590>] ? __sys_sendmmsg+0x3d0/0x3d0
[   35.893931]  [<ffffffff810056bd>] do_syscall_64+0x1ad/0x570
[   35.899617]  [<ffffffff82812993>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.906510] 
[   35.908118] The buggy address belongs to the page:
[   35.913023] page:ffffea00073567c0 count:0 mapcount:0 mapping:          (null) index:0x1
[   35.921255] flags: 0x4000000000000000()
[   35.925212] page dumped because: kasan: bad access detected
[   35.930909] 
[   35.932509] Memory state around the buggy address:
[   35.937415]  ffff8801cd59f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[   35.944744]  ffff8801cd59f600: f1 00 00 00 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00
[   35.952076] >ffff8801cd59f680: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00
[   35.959406]                                      ^
[   35.964308]  ffff8801cd59f700: 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00
[   35.971643]  ffff8801cd59f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.978973] ==================================================================
[   35.986316] Disabling lock debugging due to kernel taint
[   35.992043] Kernel panic - not syncing: panic_on_warn set ...
[   35.992043] 
[   35.999399] CPU: 0 PID: 2054 Comm: syz-executor824 Tainted: G    B           4.9.148+ #1
[   36.007602]  ffff8801cd59eda0 ffffffff81b44d01 ffff8801cd59ee00 ffffffff82e433a2
[   36.015599]  00000000ffffffff 0000000000000000 ffffffff82653050 ffff8801cd59ee80
[   36.023571]  ffffffff813f727a 0000000041b58ab3 ffffffff82e354ca ffffffff813f70a1
[   36.031570] Call Trace:
[   36.034134]  [<ffffffff81b44d01>] dump_stack+0xc1/0x120
[   36.039472]  [<ffffffff82653050>] ? xfrm_state_find+0x26a0/0x2910
[   36.045674]  [<ffffffff813f727a>] panic+0x1d9/0x3bd
[   36.050666]  [<ffffffff813f70a1>] ? add_taint.cold+0x16/0x16
[   36.056439]  [<ffffffff828043ff>] ? preempt_schedule_common+0x4f/0xe0
[   36.062991]  [<ffffffff82653050>] ? xfrm_state_find+0x26a0/0x2910
[   36.069197]  [<ffffffff828044b6>] ? preempt_schedule+0x26/0x30
[   36.075142]  [<ffffffff81002226>] ? ___preempt_schedule+0x16/0x18
[   36.081363]  [<ffffffff81501fef>] kasan_end_report+0x47/0x4f
[   36.087135]  [<ffffffff81502347>] kasan_report.cold+0xa9/0x2ba
[   36.093094]  [<ffffffff814f4504>] __asan_report_load4_noabort+0x14/0x20
[   36.099818]  [<ffffffff82653050>] xfrm_state_find+0x26a0/0x2910
[   36.105848]  [<ffffffff82650c29>] ? xfrm_state_find+0x279/0x2910
[   36.111968]  [<ffffffff826509b0>] ? xfrm_unregister_mode+0x1a0/0x1a0
[   36.118435]  [<ffffffff81be614c>] ? depot_save_stack+0x19c/0x4a0
[   36.124553]  [<ffffffff81207265>] ? trace_hardirqs_on_caller+0x385/0x5a0
[   36.131367]  [<ffffffff828120a5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   36.138281]  [<ffffffff82638ad7>] xfrm_tmpl_resolve_one+0x1c7/0x7a0
[   36.144661]  [<ffffffff82638910>] ? xfrm_expand_policies.constprop.0+0x240/0x240
[   36.152166]  [<ffffffff81207a75>] ? __lock_acquire+0x5e5/0x4350
[   36.158198]  [<ffffffff822a55c5>] ? SyS_sendmmsg+0x35/0x60
[   36.163803]  [<ffffffff810056bd>] ? do_syscall_64+0x1ad/0x570
[   36.169664]  [<ffffffff82812993>] ? entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   36.176738]  [<ffffffff826392c6>] xfrm_resolve_and_create_bundle+0x216/0x1eb0
[   36.183984]  [<ffffffff81207490>] ? trace_hardirqs_on+0x10/0x10
[   36.190018]  [<ffffffff8120551e>] ? check_usage+0x14e/0x520
[   36.195702]  [<ffffffff826390b0>] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0
[   36.202269]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   36.209027]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   36.215868]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   36.222682]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   36.229511]  [<ffffffff8263bfff>] ? xfrm_sk_policy_lookup+0x29f/0x410
[   36.236081]  [<ffffffff8263c026>] ? xfrm_sk_policy_lookup+0x2c6/0x410
[   36.242649]  [<ffffffff8263bd60>] ? xfrm_selector_match+0xe00/0xe00
[   36.249031]  [<ffffffff82638858>] ? xfrm_expand_policies.constprop.0+0x188/0x240
[   36.256542]  [<ffffffff8263c370>] xfrm_lookup+0x200/0xaf0
[   36.262066]  [<ffffffff8263c170>] ? xfrm_sk_policy_lookup+0x410/0x410
[   36.268761]  [<ffffffff824868b0>] ? rt_set_nexthop.constprop.0+0xcd0/0xcd0
[   36.275781]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   36.282593]  [<ffffffff8263db18>] xfrm_lookup_route+0x38/0x140
[   36.288556]  [<ffffffff82488a23>] ip_route_output_flow+0x93/0xa0
[   36.294679]  [<ffffffff82568ed4>] udp_sendmsg+0x1494/0x1c60
[   36.300366]  [<ffffffff8256890a>] ? udp_sendmsg+0xeca/0x1c60
[   36.306138]  [<ffffffff824ac3d0>] ? ip_reply_glue_bits+0xb0/0xb0
[   36.312258]  [<ffffffff82567a40>] ? udp_v4_get_port+0x100/0x100
[   36.318289]  [<ffffffff81207490>] ? trace_hardirqs_on+0x10/0x10
[   36.324320]  [<ffffffff81206e91>] ? mark_held_locks+0xb1/0x100
[   36.330265]  [<ffffffff810ee80a>] ? __local_bh_enable_ip+0x6a/0xe0
[   36.336592]  [<ffffffff81207a75>] ? __lock_acquire+0x5e5/0x4350
[   36.342624]  [<ffffffff82704c6f>] udpv6_sendmsg+0x12af/0x2430
[   36.348482]  [<ffffffff81207490>] ? trace_hardirqs_on+0x10/0x10
[   36.354510]  [<ffffffff81207400>] ? trace_hardirqs_on_caller+0x520/0x5a0
[   36.361330]  [<ffffffff827039c0>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   36.368234]  [<ffffffff827bbed0>] ? inet6_hash_connect+0xd0/0xd0
[   36.374350]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   36.381078]  [<ffffffff81243621>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   36.387804]  [<ffffffff822ae7a0>] ? release_sock+0x20/0x1c0
[   36.393486]  [<ffffffff810ee80a>] ? __local_bh_enable_ip+0x6a/0xe0
[   36.399776]  [<ffffffff81207265>] ? trace_hardirqs_on_caller+0x385/0x5a0
[   36.406589]  [<ffffffff822ae8cc>] ? release_sock+0x14c/0x1c0
[   36.412358]  [<ffffffff8120748d>] ? trace_hardirqs_on+0xd/0x10
[   36.418314]  [<ffffffff810ee80a>] ? __local_bh_enable_ip+0x6a/0xe0
[   36.424604]  [<ffffffff82812051>] ? _raw_spin_unlock_bh+0x31/0x40
[   36.430810]  [<ffffffff822ae8cc>] ? release_sock+0x14c/0x1c0
[   36.436594]  [<ffffffff82592192>] inet_sendmsg+0x202/0x4d0
[   36.442199]  [<ffffffff82592006>] ? inet_sendmsg+0x76/0x4d0
[   36.447883]  [<ffffffff82591f90>] ? inet_recvmsg+0x4d0/0x4d0
[   36.453680]  [<ffffffff822a04ee>] sock_sendmsg+0xbe/0x110
[   36.459191]  [<ffffffff822a1ea7>] ___sys_sendmsg+0x387/0x8b0
[   36.464963]  [<ffffffff822a1b20>] ? copy_msghdr_from_user+0x550/0x550
[   36.471522]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   36.478352]  [<ffffffff819f0294>] ? avc_has_perm+0x164/0x3a0
[   36.484125]  [<ffffffff819f0302>] ? avc_has_perm+0x1d2/0x3a0
[   36.489896]  [<ffffffff819f01dc>] ? avc_has_perm+0xac/0x3a0
[   36.495582]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   36.502393]  [<ffffffff81ba900c>] ? check_preemption_disabled+0x3c/0x200
[   36.509205]  [<ffffffff8156c962>] ? __fget_light+0x172/0x1f0
[   36.514972]  [<ffffffff8156c9fb>] ? __fdget+0x1b/0x20
[   36.520150]  [<ffffffff822a5324>] __sys_sendmmsg+0x164/0x3d0
[   36.525921]  [<ffffffff822a51c0>] ? SyS_sendmsg+0x50/0x50
[   36.531497]  [<ffffffff82811ffd>] ? _raw_spin_unlock+0x2d/0x50
[   36.537451]  [<ffffffff82705f16>] ? udpv6_setsockopt+0x56/0x90
[   36.543397]  [<ffffffff822a706a>] ? sock_common_setsockopt+0x9a/0xe0
[   36.549862]  [<ffffffff822a4a00>] ? SyS_recv+0x40/0x40
[   36.555114]  [<ffffffff810b1ab5>] ? __do_page_fault+0x545/0xa60
[   36.561148]  [<ffffffff822a55c5>] SyS_sendmmsg+0x35/0x60
[   36.566575]  [<ffffffff822a5590>] ? __sys_sendmmsg+0x3d0/0x3d0
[   36.572520]  [<ffffffff810056bd>] do_syscall_64+0x1ad/0x570
[   36.578212]  [<ffffffff82812993>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   36.585542] Kernel Offset: disabled
[   36.589164] Rebooting in 86400 seconds..