[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.273477] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.442696] random: crng init done Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. executing program [ 30.379165] ================================================================== [ 30.386591] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x271d/0x2790 [ 30.393761] Read of size 4 at addr ffff8801ce4a7650 by task syz-executor189/2057 [ 30.401618] [ 30.403235] CPU: 1 PID: 2057 Comm: syz-executor189 Not tainted 4.9.129+ #97 [ 30.410312] ffff8801ce4a6cc8 ffffffff81b36939 ffffea00073929c0 ffff8801ce4a7650 [ 30.419115] 0000000000000000 ffff8801ce4a7650 ffff8801ce837cf0 ffff8801ce4a6d00 [ 30.428686] ffffffff8150072d ffff8801ce4a7650 0000000000000004 0000000000000000 [ 30.436786] Call Trace: [ 30.439358] [] dump_stack+0xc1/0x128 [ 30.444809] [] print_address_description+0x6c/0x234 [ 30.451476] [] kasan_report.cold.6+0x242/0x2fe [ 30.457813] [] ? xfrm_state_find+0x271d/0x2790 [ 30.464152] [] __asan_report_load4_noabort+0x14/0x20 [ 30.470964] [] xfrm_state_find+0x271d/0x2790 [ 30.470969] [] ? xfrm_state_find+0x253/0x2790 [ 30.470974] [] ? xfrm_unregister_mode+0x190/0x190 [ 30.470980] [] ? trace_hardirqs_on+0x10/0x10 [ 30.470988] [] ? _find_next_bit.part.0+0xe0/0x120 [ 30.470993] [] ? __unwind_start+0x14d/0x3b0 [ 30.470997] [] ? find_next_bit+0x43/0x50 [ 30.471002] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.471007] [] xfrm_tmpl_resolve_one+0x1d2/0x7a0 [ 30.471017] [] ? xfrm_expand_policies.constprop.14+0x290/0x290 [ 30.471023] [] ? depot_save_stack+0x20f/0x470 [ 30.471027] [] ? __lock_acquire+0x654/0x4a10 [ 30.471032] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 30.471036] [] xfrm_resolve_and_create_bundle+0x219/0x1da0 [ 30.471041] [] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0 [ 30.471045] [] ? trace_hardirqs_on+0x10/0x10 [ 30.471049] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.471053] [] ? check_preemption_disabled+0x3b/0x170 [ 30.471060] [] ? check_preemption_disabled+0x3b/0x170 [ 30.471065] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 30.471070] [] ? xfrm_sk_policy_lookup+0x269/0x3c0 [ 30.471073] [] ? xfrm_selector_match+0xe40/0xe40 [ 30.471078] [] ? xfrm_expand_policies.constprop.14+0x1c1/0x290 [ 30.471082] [] xfrm_lookup+0x238/0xb70 [ 30.471089] [] ? schedule_timeout_uninterruptible+0x72/0x90 [ 30.471094] [] ? xfrm_sk_policy_lookup+0x3c0/0x3c0 [ 30.471098] [] ? check_preemption_disabled+0x3b/0x170 [ 30.471104] [] ? __ip_route_output_key_hash+0xc7b/0x2090 [ 30.471108] [] ? __ip_route_output_key_hash+0xca2/0x2090 [ 30.471112] [] ? __ip_route_output_key_hash+0x16a/0x2090 [ 30.471116] [] ? rt_set_nexthop.constprop.13+0xcc0/0xcc0 [ 30.471120] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.471124] [] xfrm_lookup_route+0x39/0x140 [ 30.471128] [] ip_route_output_flow+0x90/0xa0 [ 30.471134] [] udp_sendmsg+0x13cd/0x1c50 [ 30.471137] [] ? udp_sendmsg+0xe9f/0x1c50 [ 30.471142] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 30.471146] [] ? udp_v4_get_port+0x100/0x100 [ 30.471150] [] ? trace_hardirqs_on+0x10/0x10 [ 30.471156] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.471160] [] ? trace_hardirqs_on_caller+0x266/0x590 [ 30.471166] [] udpv6_sendmsg+0x127d/0x2430 [ 30.471170] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.471175] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 30.471179] [] ? udp_seq_next+0x80/0x80 [ 30.471183] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.471186] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.471190] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.471194] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.471200] [] ? release_sock+0x14e/0x1c0 [ 30.471203] [] ? trace_hardirqs_on+0xd/0x10 [ 30.471207] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.471212] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 30.471215] [] ? release_sock+0x14e/0x1c0 [ 30.471220] [] inet_sendmsg+0x203/0x4d0 [ 30.471224] [] ? inet_sendmsg+0x73/0x4d0 [ 30.471228] [] ? inet_recvmsg+0x4c0/0x4c0 [ 30.471235] [] sock_sendmsg+0xbb/0x110 [ 30.471240] [] ___sys_sendmsg+0x47a/0x840 [ 30.471244] [] ? copy_msghdr_from_user+0x530/0x530 [ 30.471248] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.471253] [] ? check_preemption_disabled+0x3b/0x170 [ 30.471259] [] ? avc_has_perm+0x15a/0x3a0 [ 30.471265] [] ? __fget_light+0x169/0x1f0 [ 30.471268] [] ? __fdget+0x18/0x20 [ 30.471272] [] __sys_sendmmsg+0x161/0x3d0 [ 30.471276] [] ? SyS_sendmsg+0x50/0x50 [ 30.471280] [] ? _raw_spin_unlock+0x2c/0x50 [ 30.471284] [] ? handle_mm_fault+0x54b/0x2350 [ 30.471288] [] ? __fd_install+0x20f/0x5d0 [ 30.471293] [] ? ipv6_setsockopt+0x68/0x130 [ 30.471297] [] ? sock_common_setsockopt+0x9a/0xe0 [ 30.471300] [] ? SyS_setsockopt+0x185/0x260 [ 30.471304] [] ? SyS_recv+0x40/0x40 [ 30.471308] [] ? __do_page_fault+0x554/0xa60 [ 30.471311] [] SyS_sendmmsg+0x35/0x60 [ 30.471315] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 30.471319] [] do_syscall_64+0x19f/0x550 [ 30.471323] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 30.471326] [ 30.471328] The buggy address belongs to the page: [ 30.471334] page:ffffea00073929c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 30.471336] flags: 0x4000000000000000() [ 30.471338] page dumped because: kasan: bad access detected [ 30.471338] [ 30.471340] Memory state around the buggy address: [ 30.471344] ffff8801ce4a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 30.471347] ffff8801ce4a7580: f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 [ 30.471350] >ffff8801ce4a7600: f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 [ 30.471352] ^ [ 30.471354] ffff8801ce4a7680: 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 [ 30.471357] ffff8801ce4a7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.471358] ================================================================== [ 30.471359] Disabling lock debugging due to kernel taint [ 30.474879] Kernel panic - not syncing: panic_on_warn set ... [ 30.474879] [ 30.474885] CPU: 1 PID: 2057 Comm: syz-executor189 Tainted: G B 4.9.129+ #97 [ 30.474893] ffff8801ce4a6c28 ffffffff81b36939 ffffffff82e356c8 00000000ffffffff [ 30.474898] 0000000000000000 0000000000000001 ffff8801ce837cf0 ffff8801ce4a6ce8 [ 30.474904] ffffffff813f6775 0000000041b58ab3 ffffffff82e296cb ffffffff813f65b6 [ 30.474905] Call Trace: [ 30.474914] [] dump_stack+0xc1/0x128 [ 30.474920] [] panic+0x1bf/0x39f [ 30.474924] [] ? add_taint.cold.6+0x16/0x16 [ 30.474930] [] ? ___preempt_schedule+0x16/0x18 [ 30.474935] [] kasan_end_report+0x47/0x4f [ 30.474939] [] kasan_report.cold.6+0x76/0x2fe [ 30.474944] [] ? xfrm_state_find+0x271d/0x2790 [ 30.474948] [] __asan_report_load4_noabort+0x14/0x20 [ 30.474952] [] xfrm_state_find+0x271d/0x2790 [ 30.474956] [] ? xfrm_state_find+0x253/0x2790 [ 30.474960] [] ? xfrm_unregister_mode+0x190/0x190 [ 30.474964] [] ? trace_hardirqs_on+0x10/0x10 [ 30.474969] [] ? _find_next_bit.part.0+0xe0/0x120 [ 30.474973] [] ? __unwind_start+0x14d/0x3b0 [ 30.474977] [] ? find_next_bit+0x43/0x50 [ 30.474980] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.474985] [] xfrm_tmpl_resolve_one+0x1d2/0x7a0 [ 30.474989] [] ? xfrm_expand_policies.constprop.14+0x290/0x290 [ 30.474993] [] ? depot_save_stack+0x20f/0x470 [ 30.474997] [] ? __lock_acquire+0x654/0x4a10 [ 30.475001] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 30.475005] [] xfrm_resolve_and_create_bundle+0x219/0x1da0 [ 30.475010] [] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0 [ 30.475014] [] ? trace_hardirqs_on+0x10/0x10 [ 30.475017] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.475022] [] ? check_preemption_disabled+0x3b/0x170 [ 30.475026] [] ? check_preemption_disabled+0x3b/0x170 [ 30.475030] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 30.475034] [] ? xfrm_sk_policy_lookup+0x269/0x3c0 [ 30.475038] [] ? xfrm_selector_match+0xe40/0xe40 [ 30.475042] [] ? xfrm_expand_policies.constprop.14+0x1c1/0x290 [ 30.475046] [] xfrm_lookup+0x238/0xb70 [ 30.475051] [] ? schedule_timeout_uninterruptible+0x72/0x90 [ 30.475055] [] ? xfrm_sk_policy_lookup+0x3c0/0x3c0 [ 30.475061] [] ? check_preemption_disabled+0x3b/0x170 [ 30.475066] [] ? __ip_route_output_key_hash+0xc7b/0x2090 [ 30.475070] [] ? __ip_route_output_key_hash+0xca2/0x2090 [ 30.475074] [] ? __ip_route_output_key_hash+0x16a/0x2090 [ 30.475078] [] ? rt_set_nexthop.constprop.13+0xcc0/0xcc0 [ 30.475082] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.475086] [] xfrm_lookup_route+0x39/0x140 [ 30.475090] [] ip_route_output_flow+0x90/0xa0 [ 30.475094] [] udp_sendmsg+0x13cd/0x1c50 [ 30.475097] [] ? udp_sendmsg+0xe9f/0x1c50 [ 30.475102] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 30.475106] [] ? udp_v4_get_port+0x100/0x100 [ 30.475110] [] ? trace_hardirqs_on+0x10/0x10 [ 30.475114] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.475118] [] ? trace_hardirqs_on_caller+0x266/0x590 [ 30.475123] [] udpv6_sendmsg+0x127d/0x2430 [ 30.475127] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.475132] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 30.475135] [] ? udp_seq_next+0x80/0x80 [ 30.475139] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.475143] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.475147] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.475151] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.475155] [] ? release_sock+0x14e/0x1c0 [ 30.475158] [] ? trace_hardirqs_on+0xd/0x10 [ 30.475162] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.475166] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 30.475170] [] ? release_sock+0x14e/0x1c0 [ 30.475174] [] inet_sendmsg+0x203/0x4d0 [ 30.475178] [] ? inet_sendmsg+0x73/0x4d0 [ 30.475182] [] ? inet_recvmsg+0x4c0/0x4c0 [ 30.475187] [] sock_sendmsg+0xbb/0x110 [ 30.475191] [] ___sys_sendmsg+0x47a/0x840 [ 30.475195] [] ? copy_msghdr_from_user+0x530/0x530 [ 30.475199] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.475203] [] ? check_preemption_disabled+0x3b/0x170 [ 30.475208] [] ? avc_has_perm+0x15a/0x3a0 [ 30.475212] [] ? __fget_light+0x169/0x1f0 [ 30.475216] [] ? __fdget+0x18/0x20 [ 30.475220] [] __sys_sendmmsg+0x161/0x3d0 [ 30.475224] [] ? SyS_sendmsg+0x50/0x50 [ 30.475228] [] ? _raw_spin_unlock+0x2c/0x50 [ 30.475232] [] ? handle_mm_fault+0x54b/0x2350 [ 30.475235] [] ? __fd_install+0x20f/0x5d0 [ 30.475240] [] ? ipv6_setsockopt+0x68/0x130 [ 30.475244] [] ? sock_common_setsockopt+0x9a/0xe0 [ 30.475247] [] ? SyS_setsockopt+0x185/0x260 [ 30.475251] [] ? SyS_recv+0x40/0x40 [ 30.475255] [] ? __do_page_fault+0x554/0xa60 [ 30.475258] [] SyS_sendmmsg+0x35/0x60 [ 30.475262] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 30.475265] [] do_syscall_64+0x19f/0x550 [ 30.475269] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 30.477407] Kernel Offset: disabled [ 31.722447] Rebooting in 86400 seconds..