[ 17.293131] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.606635] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 22.100227] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 22.884351] random: sshd: uninitialized urandom read (32 bytes read, 98 bits of entropy available) [ 23.062214] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available) Warning: Permanently added 'ci-android-44-kasan-gce-4,10.128.0.41' (ECDSA) to the list of known hosts. [ 28.980205] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) executing program [ 29.079887] ================================================================== [ 29.087267] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x1291/0x2550 [ 29.094421] Read of size 4 at addr ffff8800b456fb50 by task syzkaller894577/3321 [ 29.101916] [ 29.103510] CPU: 0 PID: 3321 Comm: syzkaller894577 Not tainted 4.4.107-g610c835 #12 [ 29.111264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.120584] 0000000000000000 0213edbc6d2e0606 ffff8800b456f1a8 ffffffff81d0457d [ 29.128551] ffffea0002d15bc0 ffff8800b456fb50 0000000000000000 ffff8800b456fb50 [ 29.136492] ffff8801d1ba8b30 ffff8800b456f1e0 ffffffff814fbb23 ffff8800b456fb50 [ 29.144436] Call Trace: [ 29.146990] [] dump_stack+0xc1/0x124 [ 29.152321] [] print_address_description+0x73/0x260 [ 29.158952] [] kasan_report+0x285/0x370 [ 29.164547] [] ? xfrm_state_find+0x1291/0x2550 [ 29.170744] [] __asan_report_load4_noabort+0x14/0x20 [ 29.177459] [] xfrm_state_find+0x1291/0x2550 [ 29.183481] [] ? xfrm_unregister_mode+0x200/0x200 [ 29.189945] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.196934] [] ? check_usage_backwards+0x171/0x300 [ 29.203482] [] ? check_usage_forwards+0x310/0x310 [ 29.209942] [] xfrm_tmpl_resolve+0x298/0xab0 [ 29.215964] [] ? __xfrm_decode_session+0x100/0x100 [ 29.222505] [] ? mark_lock+0x99b/0xfd0 [ 29.228010] [] ? check_usage_forwards+0x310/0x310 [ 29.234481] [] ? __lock_acquire+0x1cff/0x4b50 [ 29.240599] [] ? __lock_acquire+0xb5f/0x4b50 [ 29.246621] [] ? save_stack_trace+0x26/0x50 [ 29.252575] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 29.259750] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.266746] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 29.273644] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 29.279844] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.286133] [] ? xfrm_sk_policy_lookup+0x1e3/0x310 [ 29.292677] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 29.299141] [] xfrm_lookup+0x991/0xc10 [ 29.304650] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 29.311114] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 29.318178] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 29.325243] [] ? __ip_route_output_key_hash+0x16a/0x2390 [ 29.332309] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.338594] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 29.344789] [] xfrm_lookup_route+0x39/0x1a0 [ 29.350725] [] ip_route_output_flow+0x7f/0xa0 [ 29.356834] [] udp_sendmsg+0x1009/0x1c30 [ 29.362509] [] ? udp_sendmsg+0x99d/0x1c30 [ 29.368277] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 29.374394] [] ? udp_seq_next+0x80/0x80 [ 29.379985] [] ? ip4_datagram_connect+0x50/0x50 [ 29.386270] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.392553] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.398844] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 29.405046] [] ? release_sock+0x3be/0x510 [ 29.410811] [] ? udp_v4_get_port+0x139/0x180 [ 29.416834] [] inet_sendmsg+0x2bc/0x4c0 [ 29.422422] [] ? inet_sendmsg+0x73/0x4c0 [ 29.428095] [] ? inet_recvmsg+0x4c0/0x4c0 [ 29.433858] [] sock_sendmsg+0xca/0x110 [ 29.439361] [] SYSC_sendto+0x2c8/0x340 [ 29.444870] [] ? SYSC_connect+0x310/0x310 [ 29.450639] [] ? _raw_spin_unlock+0x2c/0x50 [ 29.456579] [] ? do_huge_pmd_anonymous_page+0x3dd/0xa10 [ 29.463556] [] ? handle_mm_fault+0x3f2/0x3190 [ 29.469667] [] ? __do_page_fault+0x380/0xa00 [ 29.475697] [] ? retint_user+0x18/0x20 [ 29.481198] [] SyS_sendto+0x40/0x50 [ 29.486439] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 29.492980] [ 29.494575] The buggy address belongs to the page: [ 29.499468] page:ffffea0002d15bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 29.507570] flags: 0x4000000000000000() [ 29.511615] page dumped because: kasan: bad access detected [ 29.517287] [ 29.518880] Memory state around the buggy address: [ 29.523774] ffff8800b456fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 29.531099] ffff8800b456fa80: f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 [ 29.538421] >ffff8800b456fb00: f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 [ 29.545743] ^ [ 29.551676] ffff8800b456fb80: 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 [ 29.558998] ffff8800b456fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.566742] ================================================================== [ 29.574067] Disabling lock debugging due to kernel taint [ 29.579508] Kernel panic - not syncing: panic_on_warn set ... [ 29.579508] [ 29.586848] CPU: 0 PID: 3321 Comm: syzkaller894577 Tainted: G B 4.4.107-g610c835 #12 [ 29.595822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.605148] 0000000000000000 0213edbc6d2e0606 ffff8800b456f100 ffffffff81d0457d [ 29.613099] ffffffff83fb2cde ffff8800b456f1d8 0000000000000000 ffff8800b456fb50 [ 29.621049] ffff8801d1ba8b30 ffff8800b456f1c8 ffffffff8141774a 0000000041b58ab3 [ 29.628995] Call Trace: [ 29.631551] [] dump_stack+0xc1/0x124 [ 29.636878] [] panic+0x1aa/0x388 [ 29.641858] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 29.648747] [] ? add_taint+0x1c/0x50 [ 29.654073] [] kasan_end_report+0x50/0x50 [ 29.659832] [] kasan_report+0x15c/0x370 [ 29.665419] [] ? xfrm_state_find+0x1291/0x2550 [ 29.671615] [] __asan_report_load4_noabort+0x14/0x20 [ 29.678334] [] xfrm_state_find+0x1291/0x2550 [ 29.684356] [] ? xfrm_unregister_mode+0x200/0x200 [ 29.690812] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.697788] [] ? check_usage_backwards+0x171/0x300 [ 29.704331] [] ? check_usage_forwards+0x310/0x310 [ 29.710790] [] xfrm_tmpl_resolve+0x298/0xab0 [ 29.716812] [] ? __xfrm_decode_session+0x100/0x100 [ 29.723361] [] ? mark_lock+0x99b/0xfd0 [ 29.728862] [] ? check_usage_forwards+0x310/0x310 [ 29.735318] [] ? __lock_acquire+0x1cff/0x4b50 [ 29.741428] [] ? __lock_acquire+0xb5f/0x4b50 [ 29.747450] [] ? save_stack_trace+0x26/0x50 [ 29.753385] [] xfrm_resolve_and_create_bundle+0xd7/0x1da0 [ 29.760535] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.767525] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 29.774432] [] ? xfrm_tmpl_resolve+0xab0/0xab0 [ 29.780643] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.786936] [] ? xfrm_sk_policy_lookup+0x1e3/0x310 [ 29.793481] [] ? xfrm_expand_policies+0x25b/0x5c0 [ 29.799937] [] xfrm_lookup+0x991/0xc10 [ 29.805438] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 29.811899] [] ? __ip_route_output_key_hash+0x7e5/0x2390 [ 29.818969] [] ? __ip_route_output_key_hash+0x80c/0x2390 [ 29.826037] [] ? __ip_route_output_key_hash+0x16a/0x2390 [ 29.833111] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.839394] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 29.845598] [] xfrm_lookup_route+0x39/0x1a0 [ 29.851537] [] ip_route_output_flow+0x7f/0xa0 [ 29.857646] [] udp_sendmsg+0x1009/0x1c30 [ 29.863320] [] ? udp_sendmsg+0x99d/0x1c30 [ 29.869083] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 29.875194] [] ? udp_seq_next+0x80/0x80 [ 29.880782] [] ? ip4_datagram_connect+0x50/0x50 [ 29.887066] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.893352] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 29.899636] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 29.905836] [] ? release_sock+0x3be/0x510 [ 29.911603] [] ? udp_v4_get_port+0x139/0x180 [ 29.917627] [] inet_sendmsg+0x2bc/0x4c0 [ 29.923221] [] ? inet_sendmsg+0x73/0x4c0 [ 29.928902] [] ? inet_recvmsg+0x4c0/0x4c0 [ 29.934665] [] sock_sendmsg+0xca/0x110 [ 29.940168] [] SYSC_sendto+0x2c8/0x340 [ 29.945668] [] ? SYSC_connect+0x310/0x310 [ 29.951432] [] ? _raw_spin_unlock+0x2c/0x50 [ 29.957369] [] ? do_huge_pmd_anonymous_page+0x3dd/0xa10 [ 29.964350] [] ? handle_mm_fault+0x3f2/0x3190 [ 29.970461] [] ? __do_page_fault+0x380/0xa00 [ 29.976489] [] ? retint_user+0x18/0x20 [ 29.982009] [] SyS_sendto+0x40/0x50 [ 29.987252] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 29.993838] Dumping ftrace buffer: [ 29.997348] (ftrace buffer empty) [ 30.001026] Kernel Offset: disabled [ 30.004616] Rebooting in 86400 seconds..