[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.700358] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.225994] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   25.739694] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   26.712884] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available)
[   26.869356] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available)
Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
[   32.221675] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
2018/02/27 02:39:29 parsed 1 programs
2018/02/27 02:39:29 executed programs: 0
[   32.532942] IPVS: Creating netns size=2552 id=1
[   33.561415] ==================================================================
[   33.568789] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x1291/0x2550
[   33.575943] Read of size 4 at addr ffff8800baadf6c0 by task syz-executor0/4044
[   33.583266] 
[   33.584865] CPU: 1 PID: 4044 Comm: syz-executor0 Not tainted 4.4.118-g239a415 #26
[   33.592454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.601776]  0000000000000000 1c3444b8d3fc8d4b ffff8800baaded18 ffffffff81d0402d
[   33.609734]  ffffea0002eab7c0 ffff8800baadf6c0 0000000000000000 ffff8800baadf6c0
[   33.617691]  ffff8800ba13e030 ffff8800baaded50 ffffffff814fe103 ffff8800baadf6c0
[   33.625649] Call Trace:
[   33.628205]  [<ffffffff81d0402d>] dump_stack+0xc1/0x124
[   33.633533]  [<ffffffff814fe103>] print_address_description+0x73/0x260
[   33.640162]  [<ffffffff814fe615>] kasan_report+0x285/0x370
[   33.645751]  [<ffffffff832bef61>] ? xfrm_state_find+0x1291/0x2550
[   33.651951]  [<ffffffff814fe754>] __asan_report_load4_noabort+0x14/0x20
[   33.658679]  [<ffffffff832bef61>] xfrm_state_find+0x1291/0x2550
[   33.664704]  [<ffffffff832bdcd0>] ? xfrm_unregister_mode+0x200/0x200
[   33.671171]  [<ffffffff81234421>] ? check_usage_backwards+0x171/0x300
[   33.677715]  [<ffffffff812342b0>] ? check_usage_forwards+0x310/0x310
[   33.684177]  [<ffffffff832a52d8>] xfrm_tmpl_resolve+0x298/0xab0
[   33.690203]  [<ffffffff832a5040>] ? __xfrm_decode_session+0x100/0x100
[   33.696745]  [<ffffffff8123611b>] ? mark_lock+0x99b/0xfd0
[   33.702247]  [<ffffffff812342b0>] ? check_usage_forwards+0x310/0x310
[   33.708703]  [<ffffffff8123910f>] ? __lock_acquire+0x1cff/0x4b50
[   33.714812]  [<ffffffff81237f6f>] ? __lock_acquire+0xb5f/0x4b50
[   33.720839]  [<ffffffff832a5bc7>] xfrm_resolve_and_create_bundle+0xd7/0x1da0
[   33.727990]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   33.734968]  [<ffffffff832a5af0>] ? xfrm_tmpl_resolve+0xab0/0xab0
[   33.741168]  [<ffffffff8113bd3a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.747450]  [<ffffffff832a890c>] ? xfrm_sk_policy_lookup+0x22c/0x360
[   33.753995]  [<ffffffff832a9edb>] ? xfrm_expand_policies+0x25b/0x5c0
[   33.760453]  [<ffffffff832abda1>] xfrm_lookup+0x991/0xc10
[   33.765988]  [<ffffffff832ab410>] ? xfrm_bundle_lookup+0x11d0/0x11d0
[   33.772445]  [<ffffffff830ca905>] ? __ip_route_output_key_hash+0x7e5/0x2390
[   33.779509]  [<ffffffff830ca92c>] ? __ip_route_output_key_hash+0x80c/0x2390
[   33.786572]  [<ffffffff830cad70>] ? __ip_route_output_key_hash+0xc50/0x2390
[   33.793634]  [<ffffffff830ca120>] ? ip_rt_update_pmtu+0x8b0/0x8b0
[   33.799828]  [<ffffffff832acf29>] xfrm_lookup_route+0x39/0x1a0
[   33.805767]  [<ffffffff830ccf9f>] ip_route_output_flow+0x7f/0xa0
[   33.811879]  [<ffffffff831a21c9>] udp_sendmsg+0x1009/0x1c30
[   33.817555]  [<ffffffff831a1b5d>] ? udp_sendmsg+0x99d/0x1c30
[   33.823320]  [<ffffffff830e9da0>] ? ip_reply_glue_bits+0xc0/0xc0
[   33.829430]  [<ffffffff831a11c0>] ? udp_seq_next+0x80/0x80
[   33.835020]  [<ffffffff81035d96>] ? save_stack_trace+0x26/0x50
[   33.840956]  [<ffffffff814fd173>] ? save_stack+0x43/0xd0
[   33.846373]  [<ffffffff814fda92>] ? kasan_slab_free+0x72/0xc0
[   33.852221]  [<ffffffff814fa52c>] ? kfree+0xfc/0x300
[   33.857297]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   33.863235]  [<ffffffff81237f6f>] ? __lock_acquire+0xb5f/0x4b50
[   33.869260]  [<ffffffff8337040d>] udpv6_sendmsg+0x56d/0x2500
[   33.875028]  [<ffffffff81b4ca06>] ? avc_has_perm+0x296/0x500
[   33.880790]  [<ffffffff8336fea0>] ? udp6_lib_lookup+0x60/0x60
[   33.886638]  [<ffffffff81b4c770>] ? avc_has_perm_noaudit+0x460/0x460
[   33.893098]  [<ffffffff81b686a1>] ? sock_has_perm+0x1c1/0x400
[   33.898948]  [<ffffffff81b6877f>] ? sock_has_perm+0x29f/0x400
[   33.904796]  [<ffffffff81b6857f>] ? sock_has_perm+0x9f/0x400
[   33.910562]  [<ffffffff831d6bc1>] ? inet_sendmsg+0x201/0x4c0
[   33.916323]  [<ffffffff831d6c7c>] inet_sendmsg+0x2bc/0x4c0
[   33.921911]  [<ffffffff831d6a33>] ? inet_sendmsg+0x73/0x4c0
[   33.927587]  [<ffffffff831d69c0>] ? inet_recvmsg+0x4c0/0x4c0
[   33.933352]  [<ffffffff82deb9ba>] sock_sendmsg+0xca/0x110
[   33.938857]  [<ffffffff82ded591>] ___sys_sendmsg+0x6c1/0x7c0
[   33.944620]  [<ffffffff82deced0>] ? copy_msghdr_from_user+0x550/0x550
[   33.951167]  [<ffffffff812e0b94>] ? do_futex+0x3f4/0x15d0
[   33.956672]  [<ffffffff81b4c770>] ? avc_has_perm_noaudit+0x460/0x460
[   33.963129]  [<ffffffff812e07a0>] ? exit_robust_list+0x240/0x240
[   33.969241]  [<ffffffff81b686a1>] ? sock_has_perm+0x1c1/0x400
[   33.975092]  [<ffffffff81b6877f>] ? sock_has_perm+0x29f/0x400
[   33.980942]  [<ffffffff81b6857f>] ? sock_has_perm+0x9f/0x400
[   33.986705]  [<ffffffff81285eb7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.993431]  [<ffffffff815788f3>] ? __fget_light+0xa3/0x1e0
[   33.999105]  [<ffffffff81578a48>] ? __fdget+0x18/0x20
[   34.004258]  [<ffffffff82de90b8>] ? sockfd_lookup_light+0x118/0x160
[   34.010630]  [<ffffffff82def5e3>] __sys_sendmsg+0xd3/0x190
[   34.016219]  [<ffffffff82def510>] ? SyS_shutdown+0x1b0/0x1b0
[   34.021983]  [<ffffffff812e2859>] ? compat_SyS_futex+0x1f9/0x2a0
[   34.028094]  [<ffffffff82ed8f10>] ? scm_detach_fds_compat+0x3c0/0x3c0
[   34.034644]  [<ffffffff8148bc2e>] ? vmacache_update+0xfe/0x130
[   34.040581]  [<ffffffff82ed946a>] compat_SyS_sendmsg+0x2a/0x40
[   34.046516]  [<ffffffff82ed9440>] ? compat_SyS_getsockopt+0x2a0/0x2a0
[   34.053059]  [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[   34.059172]  [<ffffffff837743ea>] sysenter_flags_fixed+0xd/0x17
[   34.065194] 
[   34.066788] The buggy address belongs to the page:
[   34.071684] page:ffffea0002eab7c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   34.079787] flags: 0x4000000000000000()
[   34.083854] page dumped because: kasan: bad access detected
[   34.089538] 
[   34.091133] Memory state around the buggy address:
[   34.096026]  ffff8800baadf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[   34.103349]  ffff8800baadf600: f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2
[   34.110672] >ffff8800baadf680: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00
[   34.117995]                                            ^
[   34.123413]  ffff8800baadf700: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00
[   34.130736]  ffff8800baadf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.138058] ==================================================================
[   34.145381] Disabling lock debugging due to kernel taint
[   34.150842] Kernel panic - not syncing: panic_on_warn set ...
[   34.150842] 
[   34.158175] CPU: 1 PID: 4044 Comm: syz-executor0 Tainted: G    B           4.4.118-g239a415 #26
[   34.166974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.176294]  0000000000000000 1c3444b8d3fc8d4b ffff8800baadec70 ffffffff81d0402d
[   34.184249]  ffffffff83fb58a5 ffff8800baaded48 0000000000000000 ffff8800baadf6c0
[   34.192206]  ffff8800ba13e030 ffff8800baaded38 ffffffff8141aaea 0000000041b58ab3
[   34.200172] Call Trace:
[   34.202726]  [<ffffffff81d0402d>] dump_stack+0xc1/0x124
[   34.208063]  [<ffffffff8141aaea>] panic+0x1aa/0x388
[   34.213043]  [<ffffffff8141a940>] ? percpu_up_read.constprop.45+0xe1/0xe1
[   34.219933]  [<ffffffff8112d2bc>] ? add_taint+0x1c/0x50
[   34.225263]  [<ffffffff814fe070>] kasan_end_report+0x50/0x50
[   34.231039]  [<ffffffff814fe4ec>] kasan_report+0x15c/0x370
[   34.236628]  [<ffffffff832bef61>] ? xfrm_state_find+0x1291/0x2550
[   34.242829]  [<ffffffff814fe754>] __asan_report_load4_noabort+0x14/0x20
[   34.249554]  [<ffffffff832bef61>] xfrm_state_find+0x1291/0x2550
[   34.255576]  [<ffffffff832bdcd0>] ? xfrm_unregister_mode+0x200/0x200
[   34.262037]  [<ffffffff81234421>] ? check_usage_backwards+0x171/0x300
[   34.268581]  [<ffffffff812342b0>] ? check_usage_forwards+0x310/0x310
[   34.275042]  [<ffffffff832a52d8>] xfrm_tmpl_resolve+0x298/0xab0
[   34.281064]  [<ffffffff832a5040>] ? __xfrm_decode_session+0x100/0x100
[   34.287607]  [<ffffffff8123611b>] ? mark_lock+0x99b/0xfd0
[   34.293109]  [<ffffffff812342b0>] ? check_usage_forwards+0x310/0x310
[   34.299566]  [<ffffffff8123910f>] ? __lock_acquire+0x1cff/0x4b50
[   34.305674]  [<ffffffff81237f6f>] ? __lock_acquire+0xb5f/0x4b50
[   34.311700]  [<ffffffff832a5bc7>] xfrm_resolve_and_create_bundle+0xd7/0x1da0
[   34.318855]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   34.325833]  [<ffffffff832a5af0>] ? xfrm_tmpl_resolve+0xab0/0xab0
[   34.332035]  [<ffffffff8113bd3a>] ? __local_bh_enable_ip+0x6a/0xd0
[   34.338322]  [<ffffffff832a890c>] ? xfrm_sk_policy_lookup+0x22c/0x360
[   34.344865]  [<ffffffff832a9edb>] ? xfrm_expand_policies+0x25b/0x5c0
[   34.351324]  [<ffffffff832abda1>] xfrm_lookup+0x991/0xc10
[   34.356826]  [<ffffffff832ab410>] ? xfrm_bundle_lookup+0x11d0/0x11d0
[   34.363285]  [<ffffffff830ca905>] ? __ip_route_output_key_hash+0x7e5/0x2390
[   34.370350]  [<ffffffff830ca92c>] ? __ip_route_output_key_hash+0x80c/0x2390
[   34.377412]  [<ffffffff830cad70>] ? __ip_route_output_key_hash+0xc50/0x2390
[   34.384476]  [<ffffffff830ca120>] ? ip_rt_update_pmtu+0x8b0/0x8b0
[   34.390671]  [<ffffffff832acf29>] xfrm_lookup_route+0x39/0x1a0
[   34.396606]  [<ffffffff830ccf9f>] ip_route_output_flow+0x7f/0xa0
[   34.402718]  [<ffffffff831a21c9>] udp_sendmsg+0x1009/0x1c30
[   34.408392]  [<ffffffff831a1b5d>] ? udp_sendmsg+0x99d/0x1c30
[   34.414153]  [<ffffffff830e9da0>] ? ip_reply_glue_bits+0xc0/0xc0
[   34.420260]  [<ffffffff831a11c0>] ? udp_seq_next+0x80/0x80
[   34.425855]  [<ffffffff81035d96>] ? save_stack_trace+0x26/0x50
[   34.431792]  [<ffffffff814fd173>] ? save_stack+0x43/0xd0
[   34.437209]  [<ffffffff814fda92>] ? kasan_slab_free+0x72/0xc0
[   34.443058]  [<ffffffff814fa52c>] ? kfree+0xfc/0x300
[   34.448128]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   34.454063]  [<ffffffff81237f6f>] ? __lock_acquire+0xb5f/0x4b50
[   34.460087]  [<ffffffff8337040d>] udpv6_sendmsg+0x56d/0x2500
[   34.465853]  [<ffffffff81b4ca06>] ? avc_has_perm+0x296/0x500
[   34.471616]  [<ffffffff8336fea0>] ? udp6_lib_lookup+0x60/0x60
[   34.477468]  [<ffffffff81b4c770>] ? avc_has_perm_noaudit+0x460/0x460
[   34.483927]  [<ffffffff81b686a1>] ? sock_has_perm+0x1c1/0x400
[   34.489777]  [<ffffffff81b6877f>] ? sock_has_perm+0x29f/0x400
[   34.495629]  [<ffffffff81b6857f>] ? sock_has_perm+0x9f/0x400
[   34.501394]  [<ffffffff831d6bc1>] ? inet_sendmsg+0x201/0x4c0
[   34.507159]  [<ffffffff831d6c7c>] inet_sendmsg+0x2bc/0x4c0
[   34.512752]  [<ffffffff831d6a33>] ? inet_sendmsg+0x73/0x4c0
[   34.518427]  [<ffffffff831d69c0>] ? inet_recvmsg+0x4c0/0x4c0
[   34.524192]  [<ffffffff82deb9ba>] sock_sendmsg+0xca/0x110
[   34.529695]  [<ffffffff82ded591>] ___sys_sendmsg+0x6c1/0x7c0
[   34.535457]  [<ffffffff82deced0>] ? copy_msghdr_from_user+0x550/0x550
[   34.542001]  [<ffffffff812e0b94>] ? do_futex+0x3f4/0x15d0
[   34.547505]  [<ffffffff81b4c770>] ? avc_has_perm_noaudit+0x460/0x460
[   34.553963]  [<ffffffff812e07a0>] ? exit_robust_list+0x240/0x240
[   34.560073]  [<ffffffff81b686a1>] ? sock_has_perm+0x1c1/0x400
[   34.566036]  [<ffffffff81b6877f>] ? sock_has_perm+0x29f/0x400
[   34.571889]  [<ffffffff81b6857f>] ? sock_has_perm+0x9f/0x400
[   34.577656]  [<ffffffff81285eb7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.584373]  [<ffffffff815788f3>] ? __fget_light+0xa3/0x1e0
[   34.590050]  [<ffffffff81578a48>] ? __fdget+0x18/0x20
[   34.595207]  [<ffffffff82de90b8>] ? sockfd_lookup_light+0x118/0x160
[   34.601580]  [<ffffffff82def5e3>] __sys_sendmsg+0xd3/0x190
[   34.607169]  [<ffffffff82def510>] ? SyS_shutdown+0x1b0/0x1b0
[   34.612933]  [<ffffffff812e2859>] ? compat_SyS_futex+0x1f9/0x2a0
[   34.619042]  [<ffffffff82ed8f10>] ? scm_detach_fds_compat+0x3c0/0x3c0
[   34.625585]  [<ffffffff8148bc2e>] ? vmacache_update+0xfe/0x130
[   34.631521]  [<ffffffff82ed946a>] compat_SyS_sendmsg+0x2a/0x40
[   34.637470]  [<ffffffff82ed9440>] ? compat_SyS_getsockopt+0x2a0/0x2a0
[   34.644016]  [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[   34.650134]  [<ffffffff837743ea>] sysenter_flags_fixed+0xd/0x17
[   34.656525] Dumping ftrace buffer:
[   34.660035]    (ftrace buffer empty)
[   34.663721] Kernel Offset: disabled
[   34.667313] Rebooting in 86400 seconds..