[   19.872334] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.122258] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   24.519544] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   25.467868] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available)
[   25.632521] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available)
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
[   31.024741] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
2018/03/20 08:38:07 parsed 1 programs
2018/03/20 08:38:07 executed programs: 0
[   31.364018] IPVS: Creating netns size=2552 id=1
[   31.395909] ==================================================================
[   31.403294] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x153f/0x3490
[   31.409843] Read of size 8160 at addr ffff8801c9cb5440 by task syz-executor0/3802
[   31.417430] 
[   31.419030] CPU: 1 PID: 3802 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29
[   31.426618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.435945]  0000000000000000 2741bd7cf3d4af70 ffff8801d962f6f8 ffffffff81d0408d
[   31.443917]  ffffea0007272d00 ffff8801c9cb5440 0000000000000000 ffff8801c9cb5600
[   31.451891]  ffff8801d962f938 ffff8801d962f730 ffffffff814fe143 ffff8801c9cb5440
[   31.459861] Call Trace:
[   31.462419]  [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[   31.467753]  [<ffffffff814fe143>] print_address_description+0x73/0x260
[   31.474385]  [<ffffffff814fe655>] kasan_report+0x285/0x370
[   31.479979]  [<ffffffff83445d9f>] ? pfkey_add+0x153f/0x3490
[   31.485660]  [<ffffffff814fd097>] check_memory_region+0x137/0x190
[   31.491858]  [<ffffffff814fd5d3>] memcpy+0x23/0x50
[   31.496755]  [<ffffffff83445d9f>] pfkey_add+0x153f/0x3490
[   31.502262]  [<ffffffff83444860>] ? pfkey_delete+0x370/0x370
[   31.508027]  [<ffffffff83447cf0>] ? pfkey_add+0x3490/0x3490
[   31.513705]  [<ffffffff82e03f4a>] ? __skb_clone+0x24a/0x7d0
[   31.519385]  [<ffffffff83444860>] ? pfkey_delete+0x370/0x370
[   31.525148]  [<ffffffff8344a45b>] pfkey_process+0x68b/0x750
[   31.530832]  [<ffffffff83449dd0>] ? pfkey_send_new_mapping+0x11b0/0x11b0
[   31.537641]  [<ffffffff8344bcb9>] pfkey_sendmsg+0x3a9/0x760
[   31.543322]  [<ffffffff8344b910>] ? pfkey_spdget+0x820/0x820
[   31.549089]  [<ffffffff82deba6a>] sock_sendmsg+0xca/0x110
[   31.554595]  [<ffffffff82ded641>] ___sys_sendmsg+0x6c1/0x7c0
[   31.560363]  [<ffffffff82decf80>] ? copy_msghdr_from_user+0x550/0x550
[   31.566912]  [<ffffffff814383e0>] ? __alloc_pages_direct_compact+0x250/0x250
[   31.574071]  [<ffffffff812e0bd4>] ? do_futex+0x3f4/0x15d0
[   31.579577]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   31.585342]  [<ffffffff812e07e0>] ? exit_robust_list+0x240/0x240
[   31.591459]  [<ffffffff8150e179>] ? do_huge_pmd_anonymous_page+0x549/0xa10
[   31.598443]  [<ffffffff81285eb7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   31.605167]  [<ffffffff81578953>] ? __fget_light+0xa3/0x1e0
[   31.610845]  [<ffffffff81578aa8>] ? __fdget+0x18/0x20
[   31.616007]  [<ffffffff82de9168>] ? sockfd_lookup_light+0x118/0x160
[   31.622386]  [<ffffffff82def693>] __sys_sendmsg+0xd3/0x190
[   31.627984]  [<ffffffff82def5c0>] ? SyS_shutdown+0x1b0/0x1b0
[   31.633754]  [<ffffffff812e2899>] ? compat_SyS_futex+0x1f9/0x2a0
[   31.639869]  [<ffffffff810dc6f0>] ? __do_page_fault+0x380/0xa00
[   31.645897]  [<ffffffff82eda56a>] compat_SyS_sendmsg+0x2a/0x40
[   31.651842]  [<ffffffff82eda540>] ? compat_SyS_getsockopt+0x2a0/0x2a0
[   31.658395]  [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[   31.664515]  [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
[   31.670540] 
[   31.672145] Allocated by task 3802:
[   31.675743]  [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[   31.681639]  [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[   31.687027]  [<ffffffff814fd47d>] kasan_kmalloc+0xad/0xe0
[   31.692661]  [<ffffffff814fdc54>] kasan_krealloc+0x64/0x80
[   31.698377]  [<ffffffff814f6a52>] ksize+0x92/0xf0
[   31.703303]  [<ffffffff82e06b22>] __alloc_skb+0x132/0x600
[   31.708926]  [<ffffffff8344ba45>] pfkey_sendmsg+0x135/0x760
[   31.714722]  [<ffffffff82deba6a>] sock_sendmsg+0xca/0x110
[   31.720344]  [<ffffffff82ded641>] ___sys_sendmsg+0x6c1/0x7c0
[   31.726228]  [<ffffffff82def693>] __sys_sendmsg+0xd3/0x190
[   31.731940]  [<ffffffff82eda56a>] compat_SyS_sendmsg+0x2a/0x40
[   31.737997]  [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[   31.744229]  [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
[   31.750375] 
[   31.751973] Freed by task 1984:
[   31.755217]  [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[   31.761114]  [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[   31.766474]  [<ffffffff814fdad2>] kasan_slab_free+0x72/0xc0
[   31.772271]  [<ffffffff814fa56c>] kfree+0xfc/0x300
[   31.777285]  [<ffffffff82e05afd>] skb_release_data+0x2ed/0x3b0
[   31.783341]  [<ffffffff82e05c0a>] skb_release_all+0x4a/0x60
[   31.789141]  [<ffffffff82e06213>] consume_skb+0xf3/0x3d0
[   31.794675]  [<ffffffff82e2320a>] skb_free_datagram+0x1a/0xe0
[   31.800643]  [<ffffffff832e9654>] unix_dgram_recvmsg+0x8b4/0xdb0
[   31.806875]  [<ffffffff82de849c>] sock_recvmsg+0x8c/0xc0
[   31.812411]  [<ffffffff82dea1d4>] SYSC_recvfrom+0x204/0x330
[   31.818210]  [<ffffffff82deef40>] SyS_recvfrom+0x40/0x50
[   31.823758]  [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   31.830433] 
[   31.832032] The buggy address belongs to the object at ffff8801c9cb5400
[   31.832032]  which belongs to the cache kmalloc-512 of size 512
[   31.844658] The buggy address is located 64 bytes inside of
[   31.844658]  512-byte region [ffff8801c9cb5400, ffff8801c9cb5600)
[   31.856412] The buggy address belongs to the page:
[   31.862216] page:ffffea0007272d00 count:1 mapcount:-2146697203 mapping:          (null) index:0x0
[   31.862224] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   31.862228] IP: [<          (null)>]           (null)
[   31.862234] PGD 80000001cb319067 PUD 1c8ab3067 PMD 0 
[   31.862241] Oops: 0010 [#1] PREEMPT SMP KASAN
[   31.862246] Dumping ftrace buffer:
[   31.862249]    (ftrace buffer empty)
[   31.862252] Modules linked in:
[   31.862258] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.120-gd63fdf6 #29
[   31.862261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.862264] task: ffffffff84217840 task.stack: ffffffff84200000
[   31.862269] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
[   31.862272] RSP: 0018:ffff8801db207df0  EFLAGS: 00010006
[   31.862275] RAX: ffffffff84217840 RBX: ffff8801d92afd28 RCX: ffffffff812ad920
[   31.862279] RDX: 0000000000010000 RSI: ffffffff839fe520 RDI: ffff8801d92afd28
[   31.862282] RBP: ffff8801db207ee0 R08: 1ffff10038d22203 R09: 0000000000000001
[   31.862285] R10: 0000000000000000 R11: 1ffff1003b640f6a R12: 0000000000000000
[   31.862288] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8801db219640
[   31.862293] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   31.862296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.862299] CR2: 0000000000000000 CR3: 00000001d996e000 CR4: 0000000000160670
[   31.862305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.862308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.862309] Stack:
[   31.862317]  ffffffff812ad926 ffff88021fffd017 ffff88021fffd01b ffff88021fffd00f
[   31.862323]  1ffff1003b640fcb ffff8801db2196a0 ffffed003b640fca ffff8801db219700
[   31.862330]  0303fc0000000001 ffff8801db219678 ffffed003b6432d4 ffff8801db219718
[   31.862331] Call Trace:
[   31.862342]  <IRQ> 
[   31.862343]  [<ffffffff812ad926>] ? __hrtimer_run_queues+0x306/0xfe0
[   31.862348]  [<ffffffff812ad620>] ? hrtimer_fixup_init+0x70/0x70
[   31.862354]  [<ffffffff812afd91>] ? hrtimer_interrupt+0x131/0x440
[   31.862360]  [<ffffffff812afe06>] hrtimer_interrupt+0x1a6/0x440
[   31.862368]  [<ffffffff810b0dea>] local_apic_timer_interrupt+0x6a/0xb0
[   31.862376]  [<ffffffff837765b6>] smp_apic_timer_interrupt+0x76/0xa0
[   31.862382]  [<ffffffff83775510>] apic_timer_interrupt+0xa0/0xb0
[   31.862393]  <EOI> 
[   31.862393]  [<ffffffff810d0536>] ? native_safe_halt+0x6/0x10
[   31.862400]  [<ffffffff81027e85>] default_idle+0x55/0x3c0
[   31.862405]  [<ffffffff810293fa>] arch_cpu_idle+0xa/0x10
[   31.862413]  [<ffffffff81221468>] default_idle_call+0x48/0x70
[   31.862418]  [<ffffffff81221b6d>] cpu_startup_entry+0x5fd/0x8f0
[   31.862424]  [<ffffffff83772f3a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   31.862430]  [<ffffffff81221570>] ? call_cpuidle+0xe0/0xe0
[   31.862436]  [<ffffffff837608b9>] rest_init+0x189/0x190
[   31.862444]  [<ffffffff84822811>] start_kernel+0x6b9/0x6ee
[   31.862449]  [<ffffffff84822158>] ? thread_stack_cache_init+0xb/0xb
[   31.862456]  [<ffffffff84821120>] ? early_idt_handler_array+0x120/0x120
[   31.862461]  [<ffffffff84821120>] ? early_idt_handler_array+0x120/0x120
[   31.862467]  [<ffffffff84821312>] x86_64_start_reservations+0x2a/0x2c
[   31.862473]  [<ffffffff84821454>] x86_64_start_kernel+0x140/0x163
[   31.862480] Code:  Bad RIP value.
[   31.862483] RIP  [<          (null)>]           (null)
[   31.862485]  RSP <ffff8801db207df0>
[   31.862487] CR2: 0000000000000000
[   31.862492] ---[ end trace 298fae24965c8dc7 ]---
[   31.862496] Kernel panic - not syncing: Fatal exception in interrupt
[   32.198593] flags: 0xffff8801db219c40(active|reserved|private|private_2|swapcache|mappedtodisk|uncached)
[   32.209152] page dumped because: VM_BUG_ON_PAGE(PageSlab(page))
[   32.215195] ------------[ cut here ]------------
[   32.219921] kernel BUG at include/linux/mm.h:460!
[   32.224733] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[   32.230562] Dumping ftrace buffer:
[   32.234072]    (ftrace buffer empty)
[   32.237754] Modules linked in:
[   32.241041] CPU: 1 PID: 3802 Comm: syz-executor0 Tainted: G      D         4.4.120-gd63fdf6 #29
[   32.249848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.259174] task: ffff8800bb000000 task.stack: ffff8801d9628000
[   32.265203] RIP: 0010:[<ffffffff814909c1>]  [<ffffffff814909c1>] dump_page_badflags+0x191/0x250
[   32.274145] RSP: 0018:ffff8801d9237268  EFLAGS: 00010096
[   32.279565] RAX: ffff8800bb000000 RBX: ffffea0007272d00 RCX: ffffffff8149099c
[   32.286808] RDX: 0000000000000000 RSI: ffffffff839fe520 RDI: ffff8800bb0008cc
[   32.294049] RBP: ffff8801d9237298 R08: 0000000000000001 R09: 0000000000000000
[   32.301292] R10: 0000000000000002 R11: fffffbfff0ad7e20 R12: 0000000000000000
[   32.308537] R13: ffffffff838a9060 R14: 0000000000000000 R15: 0000000000000000
[   32.315779] FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:000000000878d900
[   32.323977] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   32.329833] CR2: 0000000020327f68 CR3: 00000001c4fd4000 CR4: 0000000000160670
[   32.337077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   32.344321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   32.351567] Stack:
[   32.353688]  0000000000000000 ffffea0007272d00 0000000000000000 ffffffff838a9060
[   32.361688]  0000000000000000 0000000000000000 ffff8801d92372d8 ffffffff814909c1
[   32.369667]  0000000000000000 ffffea0007272d00 0000000000000000 ffffffff838a9060
[   32.377642] Call Trace:
[   32.380196]  <UNK> 
[   32.382227] Code: 46 e8 b4 03 ed ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a0 03 ed ff 31 d2 48 c7 c6 60 90 8a 83 48 89 df e8 6f fe ff ff <0f> 0b e8 b8 dd 06 00 e9 21 ff ff ff 89 4d d4 e8 ab dd 06 00 8b 
[   32.409372] RIP  [<ffffffff814909c1>] dump_page_badflags+0x191/0x250
[   32.415960]  RSP <ffff8801d9237268>
[   32.419562] ---[ end trace 298fae24965c8dc8 ]---
[   32.952948] Shutting down cpus with NMI
[   32.957365] Dumping ftrace buffer:
[   32.960874]    (ftrace buffer empty)
[   32.964552] Kernel Offset: disabled
[   32.968147] Rebooting in 86400 seconds..