Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   10.126312] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

D[   11.295406] random: crng init done
ebian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
executing program
syzkaller login: [   34.681133] ==================================================================
[   34.682280] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x269d/0x2920
[   34.683406] Read of size 4 at addr ffff8801ceb07650 by task syz-executor926/2052
[   34.684443] 
[   34.684702] CPU: 1 PID: 2052 Comm: syz-executor926 Not tainted 4.9.142+ #74
[   34.685657]  ffff8801ceb06cc0 ffffffff81b43969 ffffea00073ac1c0 ffff8801ceb07650
[   34.686925]  0000000000000000 ffff8801ceb07650 ffff8801ce0961f0 ffff8801ceb06cf8
[   34.688142]  ffffffff81500a28 ffff8801ceb07650 0000000000000004 0000000000000000
[   34.689366] Call Trace:
[   34.689764]  [<ffffffff81b43969>] dump_stack+0xc1/0x128
[   34.690504]  [<ffffffff81500a28>] print_address_description+0x6c/0x234
[   34.691439]  [<ffffffff81500e32>] kasan_report.cold.6+0x242/0x2fe
[   34.692395]  [<ffffffff8265856d>] ? xfrm_state_find+0x269d/0x2920
[   34.693346]  [<ffffffff814f30c4>] __asan_report_load4_noabort+0x14/0x20
[   34.694259]  [<ffffffff8265856d>] xfrm_state_find+0x269d/0x2920
[   34.695347]  [<ffffffff8265615e>] ? xfrm_state_find+0x28e/0x2920
[   34.696179]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.697154]  [<ffffffff82655ed0>] ? xfrm_unregister_mode+0x190/0x190
[   34.698048]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   34.698912]  [<ffffffff814f2a69>] ? kasan_slab_free+0x119/0x190
[   34.699786]  [<ffffffff81077c16>] ? save_stack_trace+0x16/0x20
[   34.700660]  [<ffffffff814f29fc>] ? kasan_slab_free+0xac/0x190
[   34.703646]  [<ffffffff814ef32e>] ? kmem_cache_free+0xbe/0x310
[   34.709598]  [<ffffffff822ba088>] ? kfree_skbmem+0x98/0x100
[   34.715282]  [<ffffffff822bb904>] ? kfree_skb+0xd4/0x340
[   34.720706]  [<ffffffff822bbbae>] ? kfree_skb_list+0x3e/0x60
[   34.726483]  [<ffffffff82318046>] ? __dev_queue_xmit+0x1746/0x1b90
[   34.732775]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.739502]  [<ffffffff8263df02>] xfrm_tmpl_resolve_one+0x1d2/0x7a0
[   34.745879]  [<ffffffff8263dd30>] ? xfrm_expand_policies.constprop.14+0x290/0x290
[   34.753594]  [<ffffffff81be6eff>] ? depot_save_stack+0x20f/0x470
[   34.759716]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   34.765874]  [<ffffffff814f2069>] ? kasan_kmalloc.part.1+0xc9/0xf0
[   34.772178]  [<ffffffff8263e6ef>] xfrm_resolve_and_create_bundle+0x21f/0x1e70
[   34.779424]  [<ffffffff8263e4d0>] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0
[   34.785974]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   34.792004]  [<ffffffff82317244>] ? __dev_queue_xmit+0x944/0x1b90
[   34.798208]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.804937]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   34.811751]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   34.818580]  [<ffffffff82641420>] ? xfrm_sk_policy_lookup+0x2a0/0x430
[   34.825148]  [<ffffffff82641447>] ? xfrm_sk_policy_lookup+0x2c7/0x430
[   34.831699]  [<ffffffff82641180>] ? xfrm_selector_match+0xe40/0xe40
[   34.838076]  [<ffffffff826417e9>] xfrm_lookup+0x239/0xc00
[   34.843587]  [<ffffffff826415b0>] ? xfrm_sk_policy_lookup+0x430/0x430
[   34.850204]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   34.857025]  [<ffffffff8248c2db>] ? __ip_route_output_key_hash+0xc7b/0x2090
[   34.864098]  [<ffffffff8248c302>] ? __ip_route_output_key_hash+0xca2/0x2090
[   34.871174]  [<ffffffff8248b7ca>] ? __ip_route_output_key_hash+0x16a/0x2090
[   34.878249]  [<ffffffff82691c17>] ? ip6_finish_output2+0x177/0x1d10
[   34.884626]  [<ffffffff8248b660>] ? rt_set_nexthop.constprop.13+0xcc0/0xcc0
[   34.891703]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.898425]  [<ffffffff82643049>] xfrm_lookup_route+0x39/0x140
[   34.904369]  [<ffffffff8248d780>] ip_route_output_flow+0x90/0xa0
[   34.910506]  [<ffffffff8256d0e9>] udp_sendmsg+0x13d9/0x1c60
[   34.916190]  [<ffffffff8256cbaf>] ? udp_sendmsg+0xe9f/0x1c60
[   34.921974]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   34.928004]  [<ffffffff826a311d>] ? ip6_finish_output+0x35d/0x980
[   34.934210]  [<ffffffff824b1090>] ? ip_reply_glue_bits+0xb0/0xb0
[   34.940330]  [<ffffffff8256bd10>] ? udp_v4_get_port+0x100/0x100
[   34.946362]  [<ffffffff82643071>] ? xfrm_lookup_route+0x61/0x140
[   34.952481]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   34.958509]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.965236]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.971962]  [<ffffffff827099ed>] udpv6_sendmsg+0x127d/0x2430
[   34.977821]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   34.983853]  [<ffffffff82708770>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   34.990751]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   34.996783]  [<ffffffff819f5d71>] ? sock_has_perm+0x1c1/0x3e0
[   35.002717]  [<ffffffff819f5e43>] ? sock_has_perm+0x293/0x3e0
[   35.008583]  [<ffffffff819f5c4f>] ? sock_has_perm+0x9f/0x3e0
[   35.014357]  [<ffffffff819f5bb0>] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0
[   35.021868]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.028593]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.035509]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.042328]  [<ffffffff825964b3>] ? inet_sendmsg+0x143/0x4d0
[   35.048106]  [<ffffffff82596573>] inet_sendmsg+0x203/0x4d0
[   35.053709]  [<ffffffff825963e3>] ? inet_sendmsg+0x73/0x4d0
[   35.059395]  [<ffffffff82596370>] ? inet_recvmsg+0x4c0/0x4c0
[   35.065169]  [<ffffffff822a18bb>] sock_sendmsg+0xbb/0x110
[   35.070681]  [<ffffffff822a331a>] ___sys_sendmsg+0x47a/0x840
[   35.076450]  [<ffffffff822a2ea0>] ? copy_msghdr_from_user+0x530/0x530
[   35.083002]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.089034]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.095073]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.101109]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.107205]  [<ffffffff8274fb00>] ? ip6_datagram_send_ctl+0x10f0/0x10f0
[   35.113950]  [<ffffffff822a6821>] __sys_sendmmsg+0x161/0x3d0
[   35.119733]  [<ffffffff822a66c0>] ? SyS_sendmsg+0x50/0x50
[   35.125249]  [<ffffffff822afe1e>] ? release_sock+0x14e/0x1c0
[   35.131033]  [<ffffffff82751caa>] ? ip6_datagram_connect+0x3a/0x50
[   35.137336]  [<ffffffff8259488e>] ? inet_dgram_connect+0x11e/0x200
[   35.143844]  [<ffffffff822a50f3>] ? SyS_connect+0x203/0x310
[   35.149543]  [<ffffffff822a86fa>] ? sock_common_setsockopt+0x9a/0xe0
[   35.156060]  [<ffffffff822a6015>] ? SyS_setsockopt+0x185/0x260
[   35.162102]  [<ffffffff822a5e90>] ? SyS_recv+0x40/0x40
[   35.167371]  [<ffffffff810b2c84>] ? __do_page_fault+0x554/0xa60
[   35.173415]  [<ffffffff822a6ac5>] SyS_sendmmsg+0x35/0x60
[   35.178842]  [<ffffffff822a6a90>] ? __sys_sendmmsg+0x3d0/0x3d0
[   35.184795]  [<ffffffff810056ef>] do_syscall_64+0x19f/0x550
[   35.190486]  [<ffffffff82818b13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.197383] 
[   35.198986] The buggy address belongs to the page:
[   35.203889] page:ffffea00073ac1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   35.212129] flags: 0x4000000000000000()
[   35.216073] page dumped because: kasan: bad access detected
[   35.221752] 
[   35.223351] Memory state around the buggy address:
[   35.228252]  ffff8801ceb07500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   35.235585]  ffff8801ceb07580: f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2
[   35.242917] >ffff8801ceb07600: f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00
[   35.250247]                                                  ^
[   35.256190]  ffff8801ceb07680: 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00
[   35.263530]  ffff8801ceb07700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.270868] ==================================================================
[   35.278195] Disabling lock debugging due to kernel taint
[   35.284154] Kernel panic - not syncing: panic_on_warn set ...
[   35.284154] 
[   35.291551] CPU: 1 PID: 2052 Comm: syz-executor926 Tainted: G    B           4.9.142+ #74
[   35.299838]  ffff8801ceb06c20 ffffffff81b43969 ffffffff82e3a808 00000000ffffffff
[   35.307829]  0000000000000000 0000000000000001 ffff8801ce0961f0 ffff8801ceb06ce0
[   35.315819]  ffffffff813f71f5 0000000041b58ab3 ffffffff82e2e803 ffffffff813f7036
[   35.323808] Call Trace:
[   35.326368]  [<ffffffff81b43969>] dump_stack+0xc1/0x128
[   35.331705]  [<ffffffff813f71f5>] panic+0x1bf/0x39f
[   35.336694]  [<ffffffff813f7036>] ? add_taint.cold.5+0x16/0x16
[   35.342640]  [<ffffffff810022b6>] ? ___preempt_schedule+0x16/0x18
[   35.348846]  [<ffffffff81500945>] kasan_end_report+0x47/0x4f
[   35.354619]  [<ffffffff81500c66>] kasan_report.cold.6+0x76/0x2fe
[   35.360738]  [<ffffffff8265856d>] ? xfrm_state_find+0x269d/0x2920
[   35.366945]  [<ffffffff814f30c4>] __asan_report_load4_noabort+0x14/0x20
[   35.373673]  [<ffffffff8265856d>] xfrm_state_find+0x269d/0x2920
[   35.379706]  [<ffffffff8265615e>] ? xfrm_state_find+0x28e/0x2920
[   35.385823]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.392554]  [<ffffffff82655ed0>] ? xfrm_unregister_mode+0x190/0x190
[   35.399024]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.405058]  [<ffffffff814f2a69>] ? kasan_slab_free+0x119/0x190
[   35.411093]  [<ffffffff81077c16>] ? save_stack_trace+0x16/0x20
[   35.417038]  [<ffffffff814f29fc>] ? kasan_slab_free+0xac/0x190
[   35.422986]  [<ffffffff814ef32e>] ? kmem_cache_free+0xbe/0x310
[   35.428932]  [<ffffffff822ba088>] ? kfree_skbmem+0x98/0x100
[   35.434615]  [<ffffffff822bb904>] ? kfree_skb+0xd4/0x340
[   35.440039]  [<ffffffff822bbbae>] ? kfree_skb_list+0x3e/0x60
[   35.445809]  [<ffffffff82318046>] ? __dev_queue_xmit+0x1746/0x1b90
[   35.452102]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.458829]  [<ffffffff8263df02>] xfrm_tmpl_resolve_one+0x1d2/0x7a0
[   35.465313]  [<ffffffff8263dd30>] ? xfrm_expand_policies.constprop.14+0x290/0x290
[   35.472910]  [<ffffffff81be6eff>] ? depot_save_stack+0x20f/0x470
[   35.479032]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   35.485062]  [<ffffffff814f2069>] ? kasan_kmalloc.part.1+0xc9/0xf0
[   35.491355]  [<ffffffff8263e6ef>] xfrm_resolve_and_create_bundle+0x21f/0x1e70
[   35.498611]  [<ffffffff8263e4d0>] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0
[   35.505213]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.511259]  [<ffffffff82317244>] ? __dev_queue_xmit+0x944/0x1b90
[   35.517465]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.524206]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.531028]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.537848]  [<ffffffff82641420>] ? xfrm_sk_policy_lookup+0x2a0/0x430
[   35.544487]  [<ffffffff82641447>] ? xfrm_sk_policy_lookup+0x2c7/0x430
[   35.551048]  [<ffffffff82641180>] ? xfrm_selector_match+0xe40/0xe40
[   35.557430]  [<ffffffff826417e9>] xfrm_lookup+0x239/0xc00
[   35.562945]  [<ffffffff826415b0>] ? xfrm_sk_policy_lookup+0x430/0x430
[   35.569503]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.576337]  [<ffffffff8248c2db>] ? __ip_route_output_key_hash+0xc7b/0x2090
[   35.583428]  [<ffffffff8248c302>] ? __ip_route_output_key_hash+0xca2/0x2090
[   35.590498]  [<ffffffff8248b7ca>] ? __ip_route_output_key_hash+0x16a/0x2090
[   35.597579]  [<ffffffff82691c17>] ? ip6_finish_output2+0x177/0x1d10
[   35.603965]  [<ffffffff8248b660>] ? rt_set_nexthop.constprop.13+0xcc0/0xcc0
[   35.611045]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.617878]  [<ffffffff82643049>] xfrm_lookup_route+0x39/0x140
[   35.623833]  [<ffffffff8248d780>] ip_route_output_flow+0x90/0xa0
[   35.629956]  [<ffffffff8256d0e9>] udp_sendmsg+0x13d9/0x1c60
[   35.635648]  [<ffffffff8256cbaf>] ? udp_sendmsg+0xe9f/0x1c60
[   35.641423]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   35.647569]  [<ffffffff826a311d>] ? ip6_finish_output+0x35d/0x980
[   35.653791]  [<ffffffff824b1090>] ? ip_reply_glue_bits+0xb0/0xb0
[   35.659919]  [<ffffffff8256bd10>] ? udp_v4_get_port+0x100/0x100
[   35.665956]  [<ffffffff82643071>] ? xfrm_lookup_route+0x61/0x140
[   35.672087]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   35.678127]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.684864]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.691596]  [<ffffffff827099ed>] udpv6_sendmsg+0x127d/0x2430
[   35.697473]  [<ffffffff81207ad4>] ? __lock_acquire+0x654/0x4a10
[   35.703504]  [<ffffffff82708770>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   35.710405]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.716440]  [<ffffffff819f5d71>] ? sock_has_perm+0x1c1/0x3e0
[   35.722297]  [<ffffffff819f5e43>] ? sock_has_perm+0x293/0x3e0
[   35.728155]  [<ffffffff819f5c4f>] ? sock_has_perm+0x9f/0x3e0
[   35.733928]  [<ffffffff819f5bb0>] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0
[   35.741436]  [<ffffffff81243d57>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   35.748163]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.754974]  [<ffffffff81ba886b>] ? check_preemption_disabled+0x3b/0x200
[   35.761802]  [<ffffffff825964b3>] ? inet_sendmsg+0x143/0x4d0
[   35.767573]  [<ffffffff82596573>] inet_sendmsg+0x203/0x4d0
[   35.773169]  [<ffffffff825963e3>] ? inet_sendmsg+0x73/0x4d0
[   35.778852]  [<ffffffff82596370>] ? inet_recvmsg+0x4c0/0x4c0
[   35.784630]  [<ffffffff822a18bb>] sock_sendmsg+0xbb/0x110
[   35.790147]  [<ffffffff822a331a>] ___sys_sendmsg+0x47a/0x840
[   35.795924]  [<ffffffff822a2ea0>] ? copy_msghdr_from_user+0x530/0x530
[   35.802586]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.808630]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.814662]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.820694]  [<ffffffff81207480>] ? trace_hardirqs_on+0x10/0x10
[   35.826732]  [<ffffffff8274fb00>] ? ip6_datagram_send_ctl+0x10f0/0x10f0
[   35.833457]  [<ffffffff822a6821>] __sys_sendmmsg+0x161/0x3d0
[   35.839250]  [<ffffffff822a66c0>] ? SyS_sendmsg+0x50/0x50
[   35.844769]  [<ffffffff822afe1e>] ? release_sock+0x14e/0x1c0
[   35.850550]  [<ffffffff82751caa>] ? ip6_datagram_connect+0x3a/0x50
[   35.856848]  [<ffffffff8259488e>] ? inet_dgram_connect+0x11e/0x200
[   35.863142]  [<ffffffff822a50f3>] ? SyS_connect+0x203/0x310
[   35.868829]  [<ffffffff822a86fa>] ? sock_common_setsockopt+0x9a/0xe0
[   35.875290]  [<ffffffff822a6015>] ? SyS_setsockopt+0x185/0x260
[   35.881265]  [<ffffffff822a5e90>] ? SyS_recv+0x40/0x40
[   35.886516]  [<ffffffff810b2c84>] ? __do_page_fault+0x554/0xa60
[   35.892556]  [<ffffffff822a6ac5>] SyS_sendmmsg+0x35/0x60
[   35.897999]  [<ffffffff822a6a90>] ? __sys_sendmmsg+0x3d0/0x3d0
[   35.903959]  [<ffffffff810056ef>] do_syscall_64+0x19f/0x550
[   35.909687]  [<ffffffff82818b13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.916996] Kernel Offset: disabled
[   35.920599] Rebooting in 86400 seconds..