[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.435125] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[   20.519973] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.
[   20.936929] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.967149] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
executing program
[   27.854129] ==================================================================
[   27.861522] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2469/0x2510
[   27.868677] Read of size 4 at addr ffff8800b0927660 by task syz-executor428/3746
[   27.876175] 
[   27.877775] CPU: 0 PID: 3746 Comm: syz-executor428 Not tainted 4.4.131-gaa3863d #41
[   27.885537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.894859]  0000000000000000 140daa782f011231 ffff8800b0926ce0 ffffffff81e0df8d
[   27.902830]  ffffea0002c249c0 ffff8800b0927660 0000000000000000 ffff8800b0927660
[   27.910793]  0000000000000003 ffff8800b0926d18 ffffffff8151520c ffff8800b0927660
[   27.918767] Call Trace:
[   27.921327]  [<ffffffff81e0df8d>] dump_stack+0xc1/0x124
[   27.926666]  [<ffffffff8151520c>] print_address_description+0x6c/0x216
[   27.933302]  [<ffffffff8151552b>] kasan_report.cold.7+0x175/0x2f7
[   27.939504]  [<ffffffff833e5289>] ? xfrm_state_find+0x2469/0x2510
[   27.945706]  [<ffffffff814f9004>] __asan_report_load4_noabort+0x14/0x20
[   27.952429]  [<ffffffff833e5289>] xfrm_state_find+0x2469/0x2510
[   27.958457]  [<ffffffff833e2e20>] ? xfrm_unregister_mode+0x200/0x200
[   27.964923]  [<ffffffff812db463>] ? __module_text_address+0x13/0x140
[   27.971385]  [<ffffffff8122c663>] ? check_usage_backwards+0x123/0x2e0
[   27.977934]  [<ffffffff8122c540>] ? check_usage_forwards+0x2e0/0x2e0
[   27.984395]  [<ffffffff833c7c1c>] xfrm_tmpl_resolve_one+0x1dc/0x850
[   27.990769]  [<ffffffff833c7a40>] ? __xfrm_decode_session+0x100/0x100
[   27.997314]  [<ffffffff81227370>] ? usage_match+0x80/0x80
[   28.002820]  [<ffffffff8122d703>] ? mark_lock+0x7a3/0x1280
[   28.008414]  [<ffffffff8122c540>] ? check_usage_forwards+0x2e0/0x2e0
[   28.014875]  [<ffffffff81230613>] ? __lock_acquire+0x1803/0x5270
[   28.020990]  [<ffffffff833c84a9>] xfrm_resolve_and_create_bundle+0x219/0x1ff0
[   28.028233]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.035217]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.042200]  [<ffffffff833c8290>] ? xfrm_tmpl_resolve_one+0x850/0x850
[   28.048750]  [<ffffffff8122f896>] ? __lock_acquire+0xa86/0x5270
[   28.054779]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.061067]  [<ffffffff833cd6d8>] ? xfrm_sk_policy_lookup+0x228/0x350
[   28.067622]  [<ffffffff833cebbd>] ? xfrm_expand_policies+0x25d/0x660
[   28.074081]  [<ffffffff833d041f>] xfrm_lookup+0x23f/0xb70
[   28.079586]  [<ffffffff833d01e0>] ? xfrm_bundle_lookup+0x1220/0x1220
[   28.086047]  [<ffffffff831f1637>] ? __ip_route_output_key_hash+0xb07/0x2380
[   28.093115]  [<ffffffff831f165e>] ? __ip_route_output_key_hash+0xb2e/0x2380
[   28.100182]  [<ffffffff831f0c98>] ? __ip_route_output_key_hash+0x168/0x2380
[   28.107250]  [<ffffffff831f0b30>] ? ip_rt_update_pmtu+0x8c0/0x8c0
[   28.113451]  [<ffffffff833d1c69>] xfrm_lookup_route+0x39/0x1b0
[   28.119390]  [<ffffffff831f39f0>] ip_route_output_flow+0x90/0xa0
[   28.125505]  [<ffffffff832ceec7>] udp_sendmsg+0x1497/0x1bb0
[   28.131190]  [<ffffffff832ce7fd>] ? udp_sendmsg+0xdcd/0x1bb0
[   28.136963]  [<ffffffff832107e0>] ? ip_reply_glue_bits+0xc0/0xc0
[   28.143077]  [<ffffffff832cda30>] ? udp4_lib_lookup+0x60/0x60
[   28.148932]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.155914]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.162902]  [<ffffffff8122e2a7>] ? mark_held_locks+0xc7/0x130
[   28.168841]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.175130]  [<ffffffff834940bd>] udpv6_sendmsg+0x12cd/0x24c0
[   28.180988]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.187278]  [<ffffffff8122e69b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   28.194087]  [<ffffffff832c52f8>] ? udp_lib_get_port+0x728/0xe10
[   28.200200]  [<ffffffff83492df0>] ? udp6_lib_lookup2+0x990/0x990
[   28.206316]  [<ffffffff8348e210>] ? ndisc_cleanup+0x40/0x40
[   28.212007]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.218297]  [<ffffffff8122e69b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   28.225106]  [<ffffffff82f2a456>] ? release_sock+0x3b6/0x500
[   28.230872]  [<ffffffff8122e8ad>] ? trace_hardirqs_on+0xd/0x10
[   28.236810]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.243103]  [<ffffffff838bf370>] ? _raw_spin_unlock_bh+0x30/0x40
[   28.249303]  [<ffffffff82f2a456>] ? release_sock+0x3b6/0x500
[   28.255074]  [<ffffffff83491fd7>] ? udp_v6_get_port+0xa7/0xd0
[   28.260930]  [<ffffffff832fec53>] inet_sendmsg+0x203/0x4d0
[   28.266529]  [<ffffffff832feac3>] ? inet_sendmsg+0x73/0x4d0
[   28.272212]  [<ffffffff832fea50>] ? inet_recvmsg+0x4c0/0x4c0
[   28.277981]  [<ffffffff82f1cd3c>] sock_sendmsg+0xcc/0x110
[   28.283490]  [<ffffffff82f1e501>] ___sys_sendmsg+0x441/0x880
[   28.289260]  [<ffffffff82f1e0c0>] ? copy_msghdr_from_user+0x550/0x550
[   28.295809]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.302793]  [<ffffffff81277267>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   28.309517]  [<ffffffff8157839f>] ? __fget_light+0x9f/0x1f0
[   28.315196]  [<ffffffff81578508>] ? __fdget+0x18/0x20
[   28.320365]  [<ffffffff82f20ade>] __sys_sendmmsg+0x12e/0x2e0
[   28.326134]  [<ffffffff82f209b0>] ? SyS_sendmsg+0x50/0x50
[   28.331640]  [<ffffffff81caf837>] ? selinux_netlbl_socket_setsockopt+0x97/0x340
[   28.339061]  [<ffffffff81caf7a0>] ? selinux_netlbl_sock_rcv_skb+0x400/0x400
[   28.346131]  [<ffffffff83481508>] ? ipv6_setsockopt+0x68/0x130
[   28.352070]  [<ffffffff82f233ca>] ? sock_common_setsockopt+0x9a/0xe0
[   28.358537]  [<ffffffff82f20305>] ? SyS_setsockopt+0x185/0x260
[   28.364480]  [<ffffffff814880de>] ? vmacache_update+0xfe/0x130
[   28.370418]  [<ffffffff82f20180>] ? SyS_recv+0x40/0x40
[   28.375672]  [<ffffffff838c0a18>] ? retint_user+0x18/0x3c
[   28.381177]  [<ffffffff82f20cc5>] SyS_sendmmsg+0x35/0x60
[   28.386597]  [<ffffffff838bfe65>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   28.393142] 
[   28.394737] The buggy address belongs to the page:
[   28.399636] page:ffffea0002c249c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   28.407742] flags: 0x4000000000000000()
[   28.411801] page dumped because: kasan: bad access detected
[   28.417475] 
[   28.419073] Memory state around the buggy address:
[   28.423970]  ffff8800b0927500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.431299]  ffff8800b0927580: 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00
[   28.438636] >ffff8800b0927600: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   28.445970]                                                        ^
[   28.452429]  ffff8800b0927680: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00
[   28.459756]  ffff8800b0927700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.467081] ==================================================================
[   28.474407] Disabling lock debugging due to kernel taint
[   28.479868] Kernel panic - not syncing: panic_on_warn set ...
[   28.479868] 
[   28.487211] CPU: 0 PID: 3746 Comm: syz-executor428 Tainted: G    B           4.4.131-gaa3863d #41
[   28.496518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.505842]  0000000000000000 140daa782f011231 ffff8800b0926c40 ffffffff81e0df8d
[   28.513813]  ffffffff841ed0a7 0000000000000004 0000000000000000 ffff8800b0927660
[   28.521783]  0000000000000003 ffff8800b0926d00 ffffffff81409d84 0000000041b58ab3
[   28.529762] Call Trace:
[   28.532323]  [<ffffffff81e0df8d>] dump_stack+0xc1/0x124
[   28.537656]  [<ffffffff81409d84>] panic+0x19e/0x38d
[   28.542641]  [<ffffffff81409be6>] ? add_taint.cold.4+0x16/0x16
[   28.548589]  [<ffffffff81515129>] kasan_end_report+0x47/0x4f
[   28.554355]  [<ffffffff81515548>] kasan_report.cold.7+0x192/0x2f7
[   28.560558]  [<ffffffff833e5289>] ? xfrm_state_find+0x2469/0x2510
[   28.566759]  [<ffffffff814f9004>] __asan_report_load4_noabort+0x14/0x20
[   28.573480]  [<ffffffff833e5289>] xfrm_state_find+0x2469/0x2510
[   28.579506]  [<ffffffff833e2e20>] ? xfrm_unregister_mode+0x200/0x200
[   28.585969]  [<ffffffff812db463>] ? __module_text_address+0x13/0x140
[   28.592431]  [<ffffffff8122c663>] ? check_usage_backwards+0x123/0x2e0
[   28.598980]  [<ffffffff8122c540>] ? check_usage_forwards+0x2e0/0x2e0
[   28.605440]  [<ffffffff833c7c1c>] xfrm_tmpl_resolve_one+0x1dc/0x850
[   28.611815]  [<ffffffff833c7a40>] ? __xfrm_decode_session+0x100/0x100
[   28.618368]  [<ffffffff81227370>] ? usage_match+0x80/0x80
[   28.623875]  [<ffffffff8122d703>] ? mark_lock+0x7a3/0x1280
[   28.629470]  [<ffffffff8122c540>] ? check_usage_forwards+0x2e0/0x2e0
[   28.635948]  [<ffffffff81230613>] ? __lock_acquire+0x1803/0x5270
[   28.642061]  [<ffffffff833c84a9>] xfrm_resolve_and_create_bundle+0x219/0x1ff0
[   28.649305]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.656291]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.663272]  [<ffffffff833c8290>] ? xfrm_tmpl_resolve_one+0x850/0x850
[   28.669823]  [<ffffffff8122f896>] ? __lock_acquire+0xa86/0x5270
[   28.675853]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.682143]  [<ffffffff833cd6d8>] ? xfrm_sk_policy_lookup+0x228/0x350
[   28.688693]  [<ffffffff833cebbd>] ? xfrm_expand_policies+0x25d/0x660
[   28.695152]  [<ffffffff833d041f>] xfrm_lookup+0x23f/0xb70
[   28.700659]  [<ffffffff833d01e0>] ? xfrm_bundle_lookup+0x1220/0x1220
[   28.707123]  [<ffffffff831f1637>] ? __ip_route_output_key_hash+0xb07/0x2380
[   28.714193]  [<ffffffff831f165e>] ? __ip_route_output_key_hash+0xb2e/0x2380
[   28.721260]  [<ffffffff831f0c98>] ? __ip_route_output_key_hash+0x168/0x2380
[   28.728329]  [<ffffffff831f0b30>] ? ip_rt_update_pmtu+0x8c0/0x8c0
[   28.734530]  [<ffffffff833d1c69>] xfrm_lookup_route+0x39/0x1b0
[   28.740471]  [<ffffffff831f39f0>] ip_route_output_flow+0x90/0xa0
[   28.746583]  [<ffffffff832ceec7>] udp_sendmsg+0x1497/0x1bb0
[   28.752263]  [<ffffffff832ce7fd>] ? udp_sendmsg+0xdcd/0x1bb0
[   28.758031]  [<ffffffff832107e0>] ? ip_reply_glue_bits+0xc0/0xc0
[   28.764148]  [<ffffffff832cda30>] ? udp4_lib_lookup+0x60/0x60
[   28.770003]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.776986]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.783967]  [<ffffffff8122e2a7>] ? mark_held_locks+0xc7/0x130
[   28.789914]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.796204]  [<ffffffff834940bd>] udpv6_sendmsg+0x12cd/0x24c0
[   28.802057]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.808343]  [<ffffffff8122e69b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   28.815152]  [<ffffffff832c52f8>] ? udp_lib_get_port+0x728/0xe10
[   28.821265]  [<ffffffff83492df0>] ? udp6_lib_lookup2+0x990/0x990
[   28.827383]  [<ffffffff8348e210>] ? ndisc_cleanup+0x40/0x40
[   28.833064]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.839352]  [<ffffffff8122e69b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   28.846509]  [<ffffffff82f2a456>] ? release_sock+0x3b6/0x500
[   28.852285]  [<ffffffff8122e8ad>] ? trace_hardirqs_on+0xd/0x10
[   28.858223]  [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[   28.864512]  [<ffffffff838bf370>] ? _raw_spin_unlock_bh+0x30/0x40
[   28.870710]  [<ffffffff82f2a456>] ? release_sock+0x3b6/0x500
[   28.876480]  [<ffffffff83491fd7>] ? udp_v6_get_port+0xa7/0xd0
[   28.882334]  [<ffffffff832fec53>] inet_sendmsg+0x203/0x4d0
[   28.887929]  [<ffffffff832feac3>] ? inet_sendmsg+0x73/0x4d0
[   28.893611]  [<ffffffff832fea50>] ? inet_recvmsg+0x4c0/0x4c0
[   28.899379]  [<ffffffff82f1cd3c>] sock_sendmsg+0xcc/0x110
[   28.904885]  [<ffffffff82f1e501>] ___sys_sendmsg+0x441/0x880
[   28.910651]  [<ffffffff82f1e0c0>] ? copy_msghdr_from_user+0x550/0x550
[   28.917202]  [<ffffffff8122ee10>] ? debug_check_no_locks_freed+0x210/0x210
[   28.924184]  [<ffffffff81277267>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   28.930905]  [<ffffffff8157839f>] ? __fget_light+0x9f/0x1f0
[   28.936588]  [<ffffffff81578508>] ? __fdget+0x18/0x20
[   28.941749]  [<ffffffff82f20ade>] __sys_sendmmsg+0x12e/0x2e0
[   28.947521]  [<ffffffff82f209b0>] ? SyS_sendmsg+0x50/0x50
[   28.953033]  [<ffffffff81caf837>] ? selinux_netlbl_socket_setsockopt+0x97/0x340
[   28.960460]  [<ffffffff81caf7a0>] ? selinux_netlbl_sock_rcv_skb+0x400/0x400
[   28.967532]  [<ffffffff83481508>] ? ipv6_setsockopt+0x68/0x130
[   28.973473]  [<ffffffff82f233ca>] ? sock_common_setsockopt+0x9a/0xe0
[   28.979935]  [<ffffffff82f20305>] ? SyS_setsockopt+0x185/0x260
[   28.985878]  [<ffffffff814880de>] ? vmacache_update+0xfe/0x130
[   28.991817]  [<ffffffff82f20180>] ? SyS_recv+0x40/0x40
[   28.997065]  [<ffffffff838c0a18>] ? retint_user+0x18/0x3c
[   29.002580]  [<ffffffff82f20cc5>] SyS_sendmmsg+0x35/0x60
[   29.007998]  [<ffffffff838bfe65>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   29.015150] Dumping ftrace buffer:
[   29.018672]    (ftrace buffer empty)
[   29.022351] Kernel Offset: disabled
[   29.025947] Rebooting in 86400 seconds..