[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.150304] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.849487] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   24.405181] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   25.381346] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
executing program
[   31.727227] ==================================================================
[   31.734630] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2469/0x2510
[   31.741793] Read of size 4 at addr ffff8801d8fe7660 by task syz-executor119/3851
[   31.749295] 
[   31.750897] CPU: 0 PID: 3851 Comm: syz-executor119 Not tainted 4.4.138-g07c0138 #62
[   31.758660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.767984]  0000000000000000 c71915ee79e1eb22 ffff8801d8fe6ce0 ffffffff81e0ed0d
[   31.775979]  ffffea000763f9c0 ffff8801d8fe7660 0000000000000000 ffff8801d8fe7660
[   31.783984]  0000000000000003 ffff8801d8fe6d18 ffffffff81515a16 ffff8801d8fe7660
[   31.791957] Call Trace:
[   31.794520]  [<ffffffff81e0ed0d>] dump_stack+0xc1/0x124
[   31.799868]  [<ffffffff81515a16>] print_address_description+0x6c/0x216
[   31.806507]  [<ffffffff81515d35>] kasan_report.cold.7+0x175/0x2f7
[   31.812729]  [<ffffffff833e7419>] ? xfrm_state_find+0x2469/0x2510
[   31.818934]  [<ffffffff814f9804>] __asan_report_load4_noabort+0x14/0x20
[   31.825658]  [<ffffffff833e7419>] xfrm_state_find+0x2469/0x2510
[   31.831697]  [<ffffffff833e4fb0>] ? xfrm_unregister_mode+0x200/0x200
[   31.838162]  [<ffffffff812db753>] ? __module_text_address+0x13/0x140
[   31.844633]  [<ffffffff8122c883>] ? check_usage_backwards+0x123/0x2e0
[   31.851189]  [<ffffffff8122c760>] ? check_usage_forwards+0x2e0/0x2e0
[   31.857654]  [<ffffffff833c9dac>] xfrm_tmpl_resolve_one+0x1dc/0x850
[   31.864030]  [<ffffffff833c9bd0>] ? __xfrm_decode_session+0x100/0x100
[   31.870587]  [<ffffffff81227590>] ? usage_match+0x80/0x80
[   31.876095]  [<ffffffff8122d923>] ? mark_lock+0x7a3/0x1280
[   31.881693]  [<ffffffff8122c760>] ? check_usage_forwards+0x2e0/0x2e0
[   31.888153]  [<ffffffff81230833>] ? __lock_acquire+0x1803/0x5270
[   31.894281]  [<ffffffff833ca639>] xfrm_resolve_and_create_bundle+0x219/0x1ff0
[   31.901533]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   31.908520]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   31.915512]  [<ffffffff833ca420>] ? xfrm_tmpl_resolve_one+0x850/0x850
[   31.922067]  [<ffffffff8122fab6>] ? __lock_acquire+0xa86/0x5270
[   31.928106]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   31.934404]  [<ffffffff833cf868>] ? xfrm_sk_policy_lookup+0x228/0x350
[   31.940966]  [<ffffffff833d0d4d>] ? xfrm_expand_policies+0x25d/0x660
[   31.947433]  [<ffffffff833d25af>] xfrm_lookup+0x23f/0xb70
[   31.952949]  [<ffffffff833d2370>] ? xfrm_bundle_lookup+0x1220/0x1220
[   31.959417]  [<ffffffff831f2e27>] ? __ip_route_output_key_hash+0xb07/0x2380
[   31.966489]  [<ffffffff831f2e4e>] ? __ip_route_output_key_hash+0xb2e/0x2380
[   31.973565]  [<ffffffff831f2488>] ? __ip_route_output_key_hash+0x168/0x2380
[   31.980636]  [<ffffffff831f2320>] ? ip_rt_update_pmtu+0x8c0/0x8c0
[   31.986845]  [<ffffffff833d3df9>] xfrm_lookup_route+0x39/0x1b0
[   31.992789]  [<ffffffff831f51e0>] ip_route_output_flow+0x90/0xa0
[   31.998907]  [<ffffffff832d0f70>] udp_sendmsg+0x1480/0x1c70
[   32.004591]  [<ffffffff832d0105>] ? udp_sendmsg+0x615/0x1c70
[   32.010361]  [<ffffffff83212190>] ? ip_reply_glue_bits+0xc0/0xc0
[   32.016476]  [<ffffffff832cfaf0>] ? udp4_lib_lookup+0x60/0x60
[   32.022336]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.029320]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.036302]  [<ffffffff8122e4c7>] ? mark_held_locks+0xc7/0x130
[   32.042247]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.048539]  [<ffffffff834963ed>] udpv6_sendmsg+0x12cd/0x24c0
[   32.054395]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.060690]  [<ffffffff8122e8bb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   32.067526]  [<ffffffff832c73b8>] ? udp_lib_get_port+0x728/0xe10
[   32.073646]  [<ffffffff83495120>] ? udp6_lib_lookup2+0x990/0x990
[   32.079760]  [<ffffffff83490540>] ? ndisc_cleanup+0x40/0x40
[   32.085444]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.091736]  [<ffffffff8122e8bb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   32.098554]  [<ffffffff82f2b946>] ? release_sock+0x3b6/0x500
[   32.104326]  [<ffffffff8122eacd>] ? trace_hardirqs_on+0xd/0x10
[   32.110269]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.116560]  [<ffffffff838c1c10>] ? _raw_spin_unlock_bh+0x30/0x40
[   32.122772]  [<ffffffff82f2b946>] ? release_sock+0x3b6/0x500
[   32.128541]  [<ffffffff83494307>] ? udp_v6_get_port+0xa7/0xd0
[   32.134398]  [<ffffffff83300dd3>] inet_sendmsg+0x203/0x4d0
[   32.139995]  [<ffffffff83300c43>] ? inet_sendmsg+0x73/0x4d0
[   32.145679]  [<ffffffff83300bd0>] ? inet_recvmsg+0x4c0/0x4c0
[   32.151458]  [<ffffffff82f1e22c>] sock_sendmsg+0xcc/0x110
[   32.156965]  [<ffffffff82f1f9f1>] ___sys_sendmsg+0x441/0x880
[   32.162742]  [<ffffffff82f1f5b0>] ? copy_msghdr_from_user+0x550/0x550
[   32.169294]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.176281]  [<ffffffff81277487>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   32.183009]  [<ffffffff81578daf>] ? __fget_light+0x9f/0x1f0
[   32.188691]  [<ffffffff81578f18>] ? __fdget+0x18/0x20
[   32.193854]  [<ffffffff82f21fce>] __sys_sendmmsg+0x12e/0x2e0
[   32.199630]  [<ffffffff82f21ea0>] ? SyS_sendmsg+0x50/0x50
[   32.205141]  [<ffffffff81cb05b7>] ? selinux_netlbl_socket_setsockopt+0x97/0x340
[   32.212562]  [<ffffffff81cb0520>] ? selinux_netlbl_sock_rcv_skb+0x400/0x400
[   32.219633]  [<ffffffff83483838>] ? ipv6_setsockopt+0x68/0x130
[   32.225586]  [<ffffffff82f248ba>] ? sock_common_setsockopt+0x9a/0xe0
[   32.232050]  [<ffffffff82f217f5>] ? SyS_setsockopt+0x185/0x260
[   32.237999]  [<ffffffff8148870e>] ? vmacache_update+0xfe/0x130
[   32.243942]  [<ffffffff82f21670>] ? SyS_recv+0x40/0x40
[   32.249191]  [<ffffffff838c32d8>] ? retint_user+0x18/0x3c
[   32.254699]  [<ffffffff82f221b5>] SyS_sendmmsg+0x35/0x60
[   32.260123]  [<ffffffff838c2725>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   32.266671] 
[   32.268271] The buggy address belongs to the page:
[   32.273174] page:ffffea000763f9c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   32.281294] flags: 0x8000000000000000()
[   32.285357] page dumped because: kasan: bad access detected
[   32.291035] 
[   32.292632] Memory state around the buggy address:
[   32.298196]  ffff8801d8fe7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.305529]  ffff8801d8fe7580: 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00
[   32.312860] >ffff8801d8fe7600: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   32.320192]                                                        ^
[   32.326653]  ffff8801d8fe7680: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00
[   32.333983]  ffff8801d8fe7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.341309] ==================================================================
[   32.348637] Disabling lock debugging due to kernel taint
[   32.354089] Kernel panic - not syncing: panic_on_warn set ...
[   32.354089] 
[   32.361436] CPU: 0 PID: 3851 Comm: syz-executor119 Tainted: G    B           4.4.138-g07c0138 #62
[   32.370504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.379829]  0000000000000000 c71915ee79e1eb22 ffff8801d8fe6c40 ffffffff81e0ed0d
[   32.387802]  ffffffff841ed4ef 0000000000000004 0000000000000000 ffff8801d8fe7660
[   32.395784]  0000000000000003 ffff8801d8fe6d00 ffffffff8140a184 0000000041b58ab3
[   32.403760] Call Trace:
[   32.406320]  [<ffffffff81e0ed0d>] dump_stack+0xc1/0x124
[   32.411656]  [<ffffffff8140a184>] panic+0x19e/0x38d
[   32.416644]  [<ffffffff81409fe6>] ? add_taint.cold.4+0x16/0x16
[   32.422586]  [<ffffffff81515933>] kasan_end_report+0x47/0x4f
[   32.428361]  [<ffffffff81515d52>] kasan_report.cold.7+0x192/0x2f7
[   32.434579]  [<ffffffff833e7419>] ? xfrm_state_find+0x2469/0x2510
[   32.440785]  [<ffffffff814f9804>] __asan_report_load4_noabort+0x14/0x20
[   32.447507]  [<ffffffff833e7419>] xfrm_state_find+0x2469/0x2510
[   32.453536]  [<ffffffff833e4fb0>] ? xfrm_unregister_mode+0x200/0x200
[   32.460008]  [<ffffffff812db753>] ? __module_text_address+0x13/0x140
[   32.466487]  [<ffffffff8122c883>] ? check_usage_backwards+0x123/0x2e0
[   32.473047]  [<ffffffff8122c760>] ? check_usage_forwards+0x2e0/0x2e0
[   32.479511]  [<ffffffff833c9dac>] xfrm_tmpl_resolve_one+0x1dc/0x850
[   32.485888]  [<ffffffff833c9bd0>] ? __xfrm_decode_session+0x100/0x100
[   32.492448]  [<ffffffff81227590>] ? usage_match+0x80/0x80
[   32.497966]  [<ffffffff8122d923>] ? mark_lock+0x7a3/0x1280
[   32.503561]  [<ffffffff8122c760>] ? check_usage_forwards+0x2e0/0x2e0
[   32.510029]  [<ffffffff81230833>] ? __lock_acquire+0x1803/0x5270
[   32.516158]  [<ffffffff833ca639>] xfrm_resolve_and_create_bundle+0x219/0x1ff0
[   32.523411]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.530397]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.537381]  [<ffffffff833ca420>] ? xfrm_tmpl_resolve_one+0x850/0x850
[   32.543936]  [<ffffffff8122fab6>] ? __lock_acquire+0xa86/0x5270
[   32.549965]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.556254]  [<ffffffff833cf868>] ? xfrm_sk_policy_lookup+0x228/0x350
[   32.562805]  [<ffffffff833d0d4d>] ? xfrm_expand_policies+0x25d/0x660
[   32.569264]  [<ffffffff833d25af>] xfrm_lookup+0x23f/0xb70
[   32.574779]  [<ffffffff833d2370>] ? xfrm_bundle_lookup+0x1220/0x1220
[   32.581242]  [<ffffffff831f2e27>] ? __ip_route_output_key_hash+0xb07/0x2380
[   32.588310]  [<ffffffff831f2e4e>] ? __ip_route_output_key_hash+0xb2e/0x2380
[   32.595379]  [<ffffffff831f2488>] ? __ip_route_output_key_hash+0x168/0x2380
[   32.602448]  [<ffffffff831f2320>] ? ip_rt_update_pmtu+0x8c0/0x8c0
[   32.608656]  [<ffffffff833d3df9>] xfrm_lookup_route+0x39/0x1b0
[   32.614608]  [<ffffffff831f51e0>] ip_route_output_flow+0x90/0xa0
[   32.620745]  [<ffffffff832d0f70>] udp_sendmsg+0x1480/0x1c70
[   32.626442]  [<ffffffff832d0105>] ? udp_sendmsg+0x615/0x1c70
[   32.632222]  [<ffffffff83212190>] ? ip_reply_glue_bits+0xc0/0xc0
[   32.638340]  [<ffffffff832cfaf0>] ? udp4_lib_lookup+0x60/0x60
[   32.644199]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.651190]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.658174]  [<ffffffff8122e4c7>] ? mark_held_locks+0xc7/0x130
[   32.664135]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.670438]  [<ffffffff834963ed>] udpv6_sendmsg+0x12cd/0x24c0
[   32.676447]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.682776]  [<ffffffff8122e8bb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   32.689605]  [<ffffffff832c73b8>] ? udp_lib_get_port+0x728/0xe10
[   32.695734]  [<ffffffff83495120>] ? udp6_lib_lookup2+0x990/0x990
[   32.701861]  [<ffffffff83490540>] ? ndisc_cleanup+0x40/0x40
[   32.707545]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.713836]  [<ffffffff8122e8bb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   32.720653]  [<ffffffff82f2b946>] ? release_sock+0x3b6/0x500
[   32.726429]  [<ffffffff8122eacd>] ? trace_hardirqs_on+0xd/0x10
[   32.732375]  [<ffffffff8113da4a>] ? __local_bh_enable_ip+0x6a/0xd0
[   32.738665]  [<ffffffff838c1c10>] ? _raw_spin_unlock_bh+0x30/0x40
[   32.744870]  [<ffffffff82f2b946>] ? release_sock+0x3b6/0x500
[   32.750642]  [<ffffffff83494307>] ? udp_v6_get_port+0xa7/0xd0
[   32.756518]  [<ffffffff83300dd3>] inet_sendmsg+0x203/0x4d0
[   32.762123]  [<ffffffff83300c43>] ? inet_sendmsg+0x73/0x4d0
[   32.767806]  [<ffffffff83300bd0>] ? inet_recvmsg+0x4c0/0x4c0
[   32.773592]  [<ffffffff82f1e22c>] sock_sendmsg+0xcc/0x110
[   32.779211]  [<ffffffff82f1f9f1>] ___sys_sendmsg+0x441/0x880
[   32.784988]  [<ffffffff82f1f5b0>] ? copy_msghdr_from_user+0x550/0x550
[   32.791551]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[   32.798535]  [<ffffffff81277487>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   32.805261]  [<ffffffff81578daf>] ? __fget_light+0x9f/0x1f0
[   32.810966]  [<ffffffff81578f18>] ? __fdget+0x18/0x20
[   32.816140]  [<ffffffff82f21fce>] __sys_sendmmsg+0x12e/0x2e0
[   32.821921]  [<ffffffff82f21ea0>] ? SyS_sendmsg+0x50/0x50
[   32.827445]  [<ffffffff81cb05b7>] ? selinux_netlbl_socket_setsockopt+0x97/0x340
[   32.835026]  [<ffffffff81cb0520>] ? selinux_netlbl_sock_rcv_skb+0x400/0x400
[   32.842105]  [<ffffffff83483838>] ? ipv6_setsockopt+0x68/0x130
[   32.848050]  [<ffffffff82f248ba>] ? sock_common_setsockopt+0x9a/0xe0
[   32.854516]  [<ffffffff82f217f5>] ? SyS_setsockopt+0x185/0x260
[   32.860548]  [<ffffffff8148870e>] ? vmacache_update+0xfe/0x130
[   32.866498]  [<ffffffff82f21670>] ? SyS_recv+0x40/0x40
[   32.871748]  [<ffffffff838c32d8>] ? retint_user+0x18/0x3c
[   32.877257]  [<ffffffff82f221b5>] SyS_sendmmsg+0x35/0x60
[   32.882695]  [<ffffffff838c2725>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   32.889767] Dumping ftrace buffer:
[   32.893284]    (ftrace buffer empty)
[   32.896984] Kernel Offset: disabled
[   32.900595] Rebooting in 86400 seconds..