[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.290584] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.034077] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   26.347273] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   27.682592] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
[   27.837488] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available)
Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
[   33.236698] random: nonblocking pool is initialized
2018/08/01 00:58:47 parsed 1 programs
2018/08/01 00:58:49 executed programs: 0
[   35.894695] IPVS: Creating netns size=2552 id=1
[   35.966594] IPVS: Creating netns size=2552 id=2
[   36.025739] IPVS: Creating netns size=2552 id=3
[   36.099949] IPVS: Creating netns size=2552 id=4
[   36.228528] IPVS: Creating netns size=2552 id=5
[   36.353792] IPVS: Creating netns size=2552 id=6
[   36.561600] IPVS: Creating netns size=2552 id=7
[   36.715236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   36.769553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   36.782986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   36.822778] IPVS: Creating netns size=2552 id=8
[   36.885283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.090655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.100395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.111555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.171852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.180104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.244900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.514929] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.532471] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.581110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.595277] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.664728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.694668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.750300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.772046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.819156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.830442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.883582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.898534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.935803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.945965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.993473] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   38.003210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.058780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   38.067497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.096175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.170319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.197626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.210556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.237359] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.291659] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.299507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.405233] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.475131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   38.548527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   38.630001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.645653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.668701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.692551] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.709451] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.734213] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   38.757816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.807783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.869424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.883535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   38.976105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.011965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.021807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.082883] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.091290] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.157816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.179966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.207058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.238755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   39.261141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.284317] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   39.326972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.587888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.661820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.712145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.769069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.593811] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.705765] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.790580] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.831758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.948802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.009850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.083188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   42.133516] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   42.296196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.352412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.482622] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   42.594780] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   42.673981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.821101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.048090] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   43.292943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/01 00:58:57 executed programs: 8
[   46.872724] ==================================================================
[   46.880147] BUG: KASAN: use-after-free in selinux_socket_connect+0x48d/0x4b0
[   46.887325] Read of size 8 at addr ffff8800af6e2e78 by task syz-executor2/6597
[   46.894671] 
[   46.896295] CPU: 1 PID: 6597 Comm: syz-executor2 Not tainted 4.4.143-g7bbfac1 #13
[   46.903905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.913242]  0000000000000000 acd81c9a5c3cfa98 ffff8800b04ffad8 ffffffff81e1002d
[   46.921257]  ffffea0002bdb800 ffff8800af6e2e78 0000000000000000 ffff8800af6e2e78
[   46.929264]  ffff8800b04ffdc0 ffff8800b04ffb10 ffffffff81515ae6 ffff8800af6e2e78
[   46.937272] Call Trace:
[   46.939845]  [<ffffffff81e1002d>] dump_stack+0xc1/0x124
[   46.945196]  [<ffffffff81515ae6>] print_address_description+0x6c/0x216
[   46.951842]  [<ffffffff81515e05>] kasan_report.cold.7+0x175/0x2f7
[   46.958059]  [<ffffffff81c7082d>] ? selinux_socket_connect+0x48d/0x4b0
[   46.964720]  [<ffffffff814f98f4>] __asan_report_load8_noabort+0x14/0x20
[   46.971453]  [<ffffffff81c7082d>] selinux_socket_connect+0x48d/0x4b0
[   46.977929]  [<ffffffff81c703a0>] ? selinux_socket_setsockopt+0x80/0x80
[   46.984668]  [<ffffffff815106d0>] ? check_stack_object+0x110/0x150
[   46.990977]  [<ffffffff81c50e93>] security_socket_connect+0x83/0xc0
[   46.997362]  [<ffffffff82f20a63>] SYSC_connect+0x103/0x300
[   47.002962]  [<ffffffff82f20960>] ? SYSC_bind+0x280/0x280
[   47.008476]  [<ffffffff81582456>] ? mntput_no_expire+0xf6/0x680
[   47.014517]  [<ffffffff81582360>] ? mnt_get_count+0x170/0x170
[   47.020382]  [<ffffffff815677dd>] ? dput.part.26+0x16d/0x760
[   47.026167]  [<ffffffff8156769a>] ? dput.part.26+0x2a/0x760
[   47.032292]  [<ffffffff812d2910>] ? compat_SyS_get_robust_list+0x310/0x310
[   47.039282]  [<ffffffff8118be02>] ? task_work_run+0x152/0x190
[   47.045143]  [<ffffffff82f23454>] SyS_connect+0x24/0x30
[   47.050490]  [<ffffffff82f23430>] ? SyS_accept+0x30/0x30
[   47.055929]  [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
[   47.062081]  [<ffffffff838c66ea>] sysenter_flags_fixed+0xd/0x17
[   47.068109] 
[   47.069712] Allocated by task 6593:
[   47.073312]  [<ffffffff81033c86>] save_stack_trace+0x26/0x50
[   47.079223]  [<ffffffff814f89a3>] save_stack+0x43/0xd0
[   47.084599]  [<ffffffff814f8c87>] kasan_kmalloc+0xc7/0xe0
[   47.090243]  [<ffffffff814f53a4>] __kmalloc+0x124/0x310
[   47.095709]  [<ffffffff82f277c4>] sk_prot_alloc+0x204/0x300
[   47.101551]  [<ffffffff82f2d19a>] sk_alloc+0x3a/0x3a0
[   47.106839]  [<ffffffff835a5c03>] pppol2tp_create+0x33/0x1f0
[   47.112754]  [<ffffffff828f3996>] pppox_create+0xf6/0x200
[   47.118393]  [<ffffffff82f22620>] __sock_create+0x2f0/0x5f0
[   47.124199]  [<ffffffff82f22b50>] SyS_socket+0xf0/0x1b0
[   47.129669]  [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
[   47.135926]  [<ffffffff838c66ea>] sysenter_flags_fixed+0xd/0x17
[   47.142108] 
[   47.143713] Freed by task 6597:
[   47.146962]  [<ffffffff81033c86>] save_stack_trace+0x26/0x50
[   47.152859]  [<ffffffff814f89a3>] save_stack+0x43/0xd0
[   47.158258]  [<ffffffff814f92d2>] kasan_slab_free+0x72/0xc0
[   47.164082]  [<ffffffff814f67d4>] kfree+0xf4/0x310
[   47.169117]  [<ffffffff82f31647>] sk_destruct+0x407/0x4c0
[   47.174754]  [<ffffffff82f3174f>] __sk_free+0x4f/0x220
[   47.180137]  [<ffffffff82f31950>] sk_free+0x30/0x40
[   47.185265]  [<ffffffff835a91bf>] pppol2tp_session_sock_put+0x5f/0x70
[   47.191946]  [<ffffffff835a1a3c>] l2tp_tunnel_closeall+0x23c/0x350
[   47.198378]  [<ffffffff835a25cb>] l2tp_udp_encap_destroy+0x8b/0xf0
[   47.204809]  [<ffffffff83494781>] udpv6_destroy_sock+0xb1/0xd0
[   47.210881]  [<ffffffff82f319cd>] sk_common_release+0x6d/0x300
[   47.216958]  [<ffffffff83493435>] udp_lib_close+0x15/0x20
[   47.222590]  [<ffffffff832fae9f>] inet_release+0xff/0x1d0
[   47.228244]  [<ffffffff8341db60>] inet6_release+0x50/0x70
[   47.233891]  [<ffffffff82f1c0f6>] sock_release+0x96/0x1c0
[   47.239545]  [<ffffffff82f1c236>] sock_close+0x16/0x20
[   47.244929]  [<ffffffff81522ed5>] __fput+0x235/0x6f0
[   47.250140]  [<ffffffff81523415>] ____fput+0x15/0x20
[   47.255376]  [<ffffffff8118bdbf>] task_work_run+0x10f/0x190
[   47.261295]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   47.267794]  [<ffffffff81007090>] do_fast_syscall_32+0x620/0x8b0
[   47.274035]  [<ffffffff838c66ea>] sysenter_flags_fixed+0xd/0x17
[   47.280196] 
[   47.281829] The buggy address belongs to the object at ffff8800af6e2a80
[   47.281829]  which belongs to the cache kmalloc-2048 of size 2048
[   47.294635] The buggy address is located 1016 bytes inside of
[   47.294635]  2048-byte region [ffff8800af6e2a80, ffff8800af6e3280)
[   47.306657] The buggy address belongs to the page:
SeaBIOS (version 1.8.2-20171012_061934-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2     Max CPUs supported: 256
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2290: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...