random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available)
==================================================================
BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2596/0x3260 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:799 at addr ffff8801d35378b0
Read of size 4 by task syzkaller727451/3320
page:ffffea00074d4dc0 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x8000000000000000()
page dumped because: kasan: bad access detected
CPU: 0 PID: 3320 Comm: syzkaller727451 Not tainted 4.4.104-ged884eb #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 6712db20d9b49ae2 ffff8801d3536ef0 ffffffff81cc9b0f
 ffffed003a6a6f16 ffffed003a6a6f16 ffff8801d3536f78 ffffffff814db3d5
 0000000000000000 fffffbff00000000 ffffffff83281756 0000000000000296
Call Trace:
 [<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff814db3d5>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:151 [inline]
 [<ffffffff814db3d5>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
 [<ffffffff814db3d5>] kasan_report.part.2+0x445/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
 [<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 [<ffffffff83281756>] xfrm_state_find+0x2596/0x3260 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:799
 [<ffffffff83265833>] xfrm_tmpl_resolve_one /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:1443 [inline]
 [<ffffffff83265833>] xfrm_tmpl_resolve+0x263/0xa70 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:1487
 [<ffffffff832660fd>] xfrm_resolve_and_create_bundle+0xbd/0x1c10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:1835
 [<ffffffff8326bebe>] xfrm_lookup+0x80e/0xbc0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:2189
 [<ffffffff8326d17c>] xfrm_lookup_route+0x1c/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:2311
 [<ffffffff8307a229>] ip_route_output_flow+0x69/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/route.c:2420
 [<ffffffff8315ad28>] udp_sendmsg+0xf18/0x1ce0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/udp.c:1038
 [<ffffffff8333284a>] udpv6_sendmsg+0x51a/0x2360 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv6/udp.c:1178
 [<ffffffff8319093c>] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755
 [<ffffffff82d946f5>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d946f5>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95537>] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665
 [<ffffffff82d97869>] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633
 [<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d3537780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
 ffff8801d3537800: f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00
>ffff8801d3537880: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00
                                     ^
 ffff8801d3537900: 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00
 ffff8801d3537980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
==================================================================
BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_hash.h:90 [inline] at addr ffff8801d35378b0
BUG: KASAN: stack-out-of-bounds in xfrm_dst_hash /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:46 [inline] at addr ffff8801d35378b0
BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0xa2f/0x3260 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:799 at addr ffff8801d35378b0
Read of size 4 by task syzkaller727451/3320
page:ffffea00074d4dc0 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x8000000000000000()
page dumped because: kasan: bad access detected
CPU: 0 PID: 3320 Comm: syzkaller727451 Tainted: G    B           4.4.104-ged884eb #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 6712db20d9b49ae2 ffff8801d3536ef0 ffffffff81cc9b0f
 ffffed003a6a6f16 ffffed003a6a6f16 ffff8801d3536f78 ffffffff814db3d5
 0000000000000010 fffffbff00000000 ffffffff8327fbef 0000000000000296
Call Trace:
 [<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff814db3d5>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:151 [inline]
 [<ffffffff814db3d5>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
 [<ffffffff814db3d5>] kasan_report.part.2+0x445/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
 [<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 [<ffffffff8327fbef>] __xfrm_dst_hash /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_hash.h:90 [inline]
 [<ffffffff8327fbef>] xfrm_dst_hash /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:46 [inline]
 [<ffffffff8327fbef>] xfrm_state_find+0xa2f/0x3260 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:799
 [<ffffffff83265833>] xfrm_tmpl_resolve_one /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:1443 [inline]
 [<ffffffff83265833>] xfrm_tmpl_resolve+0x263/0xa70 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:1487
 [<ffffffff832660fd>] xfrm_resolve_and_create_bundle+0xbd/0x1c10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:1835
 [<ffffffff8326bebe>] xfrm_lookup+0x80e/0xbc0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:2189
 [<ffffffff8326d17c>] xfrm_lookup_route+0x1c/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_policy.c:2311
 [<ffffffff8307a229>] ip_route_output_flow+0x69/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/route.c:2420
 [<ffffffff8315ad28>] udp_sendmsg+0xf18/0x1ce0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/udp.c:1038
 [<ffffffff8333284a>] udpv6_sendmsg+0x51a/0x2360 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv6/udp.c:1178
 [<ffffffff8319093c>] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755
 [<ffffffff82d946f5>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d946f5>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95537>] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665
 [<ffffffff82d97869>] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633
 [<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d3537780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
 ffff8801d3537800: f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00
>ffff8801d3537880: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00