Starting mcstransd: 
[   20.810843] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.920527] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   24.324259] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   25.280743] random: nonblocking pool is initialized
Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts.
executing program
[   31.008124] ==================================================================
[   31.015523] BUG: KASAN: use-after-free in ip6_xmit+0x1a2c/0x1a70
[   31.021651] Read of size 8 at addr ffff8801d487e3d8 by task syzkaller306006/3765
[   31.029162] 
[   31.030788] CPU: 1 PID: 3765 Comm: syzkaller306006 Not tainted 4.4.120-gd63fdf6 #28
[   31.030791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.030800]  0000000000000000 e99685ed58ae712c ffff8800ad4d77e0 ffffffff81d0408d
[   31.030807]  ffffea0007521f80 ffff8801d487e3d8 0000000000000000 ffff8801d487e3d8
[   31.030815]  0000000000000040 ffff8800ad4d7818 ffffffff814fe143 ffff8801d487e3d8
[   31.030816] Call Trace:
[   31.030827]  [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[   31.030836]  [<ffffffff814fe143>] print_address_description+0x73/0x260
[   31.030842]  [<ffffffff814fe655>] kasan_report+0x285/0x370
[   31.030850]  [<ffffffff8330649c>] ? ip6_xmit+0x1a2c/0x1a70
[   31.030856]  [<ffffffff814fe7b4>] __asan_report_load8_noabort+0x14/0x20
[   31.030863]  [<ffffffff8330649c>] ip6_xmit+0x1a2c/0x1a70
[   31.030870]  [<ffffffff814fa56c>] ? kfree+0xfc/0x300
[   31.030878]  [<ffffffff82e1099b>] ? pskb_expand_head+0x28b/0x980
[   31.030885]  [<ffffffff83459a1e>] ? l2tp_xmit_skb+0xa5e/0xea0
[   31.030893]  [<ffffffff83304a70>] ? ip6_finish_output2+0x1c60/0x1c60
[   31.030901]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   31.030909]  [<ffffffff830c2091>] ? ipv4_dst_check+0x111/0x160
[   31.030916]  [<ffffffff82df2c88>] ? __sk_dst_check+0x148/0x260
[   31.030927]  [<ffffffff833c70f6>] inet6_csk_xmit+0x246/0x480
[   31.030932]  [<ffffffff833c6fb0>] ? inet6_csk_xmit+0x100/0x480
[   31.030939]  [<ffffffff833c6eb0>] ? inet6_csk_update_pmtu+0x160/0x160
[   31.030945]  [<ffffffff83418d76>] ? udp6_set_csum+0x336/0xa80
[   31.030950]  [<ffffffff83459bef>] l2tp_xmit_skb+0xc2f/0xea0
[   31.030955]  [<ffffffff834666d4>] pppol2tp_sendmsg+0x584/0x7f0
[   31.030963]  [<ffffffff81b68adf>] ? selinux_socket_sendmsg+0x3f/0x50
[   31.030968]  [<ffffffff83466150>] ? pppol2tp_release+0x310/0x310
[   31.030974]  [<ffffffff82deba6a>] sock_sendmsg+0xca/0x110
[   31.030980]  [<ffffffff82dec9b8>] SYSC_sendto+0x2c8/0x340
[   31.030986]  [<ffffffff82dec6f0>] ? SYSC_connect+0x310/0x310
[   31.030993]  [<ffffffff82df437c>] ? lock_sock_nested+0xdc/0x120
[   31.030998]  [<ffffffff833b95ba>] ? ip6_datagram_connect+0x3a/0x50
[   31.031007]  [<ffffffff831d0a22>] ? inet_dgram_connect+0x172/0x1f0
[   31.031013]  [<ffffffff82dec5f2>] ? SYSC_connect+0x212/0x310
[   31.031021]  [<ffffffff83774518>] ? retint_user+0x18/0x3c
[   31.031027]  [<ffffffff82deeeb0>] SyS_sendto+0x40/0x50
[   31.031033]  [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   31.031035] 
[   31.031038] Allocated by task 3752:
[   31.031048]  [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[   31.031055]  [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[   31.031061]  [<ffffffff814fd47d>] kasan_kmalloc+0xad/0xe0
[   31.031066]  [<ffffffff814fda52>] kasan_slab_alloc+0x12/0x20
[   31.031073]  [<ffffffff814f912a>] kmem_cache_alloc+0xba/0x290
[   31.031079]  [<ffffffff82e6964f>] dst_alloc+0x11f/0x1a0
[   31.031086]  [<ffffffff830c27d8>] rt_dst_alloc+0x78/0x430
[   31.031093]  [<ffffffff830cbc6e>] __ip_route_output_key_hash+0xa4e/0x2390
[   31.031101]  [<ffffffff83195fc5>] __ip4_datagram_connect+0xa15/0x1150
[   31.031107]  [<ffffffff833b8109>] __ip6_datagram_connect+0x4d9/0x1950
[   31.031113]  [<ffffffff833b95af>] ip6_datagram_connect+0x2f/0x50
[   31.031119]  [<ffffffff831d0a1b>] inet_dgram_connect+0x16b/0x1f0
[   31.031126]  [<ffffffff82dec596>] SYSC_connect+0x1b6/0x310
[   31.031132]  [<ffffffff82deee04>] SyS_connect+0x24/0x30
[   31.031139]  [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   31.031140] 
[   31.031142] Freed by task 0:
[   31.031148]  [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[   31.031155]  [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[   31.031161]  [<ffffffff814fdad2>] kasan_slab_free+0x72/0xc0
[   31.031167]  [<ffffffff814fa217>] kmem_cache_free+0xc7/0x320
[   31.031173]  [<ffffffff82e6a2ee>] dst_destroy+0x20e/0x330
[   31.031179]  [<ffffffff82e6a935>] dst_destroy_rcu+0x15/0x40
[   31.031185]  [<ffffffff812950d4>] rcu_process_callbacks+0x7f4/0x14a0
[   31.031192]  [<ffffffff83776e57>] __do_softirq+0x227/0xa38
[   31.031193] 
[   31.031197] The buggy address belongs to the object at ffff8801d487e3c0
[   31.031197]  which belongs to the cache ip_dst_cache of size 208
[   31.031202] The buggy address is located 24 bytes inside of
[   31.031202]  208-byte region [ffff8801d487e3c0, ffff8801d487e490)
[   31.031204] The buggy address belongs to the page:
[   31.048197] INFO: trying to register non-static key.
[   31.048199] the code is fine but needs lockdep annotation.
[   31.048200] turning off the locking correctness validator.
[   31.048208] CPU: 0 PID: 3766 Comm: init Not tainted 4.4.120-gd63fdf6 #28
[   31.048211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.048219]  0000000000000000 4d7c7077c580dec6 ffff8800addefa20 ffffffff81d0408d
[   31.048224]  ffffffff85153f60 0000000000000000 ffff8801c66e3000 ffff8800ab807dd8
[   31.048230]  0000000000000000 ffff8800addefa30 ffffffff8141adb3 ffff8800addefbd8
[   31.048232] Call Trace:
[   31.048244]  [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[   31.048253]  [<ffffffff8141adb3>] register_lock_class.part.26+0x32/0x36
[   31.048261]  [<ffffffff8123ae59>] __lock_acquire+0x3a49/0x4b50
[   31.048267]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   31.048274]  [<ffffffff814383e0>] ? __alloc_pages_direct_compact+0x250/0x250
[   31.048280]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   31.048286]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   31.048294]  [<ffffffff814a23a2>] ? handle_mm_fault+0x1f52/0x3190
[   31.048301]  [<ffffffff83772ad6>] _raw_spin_lock+0x36/0x50
[   31.048307]  [<ffffffff814a23a2>] ? handle_mm_fault+0x1f52/0x3190
[   31.048313]  [<ffffffff814a23a2>] handle_mm_fault+0x1f52/0x3190
[   31.048319]  [<ffffffff814a0450>] ? copy_page_range+0x1480/0x1480
[   31.048325]  [<ffffffff814fd551>] ? memset+0x31/0x40
[   31.048330]  [<ffffffff8148bcf7>] ? vmacache_find+0x57/0x290
[   31.048335]  [<ffffffff8148bc6e>] ? vmacache_update+0xfe/0x130
[   31.048343]  [<ffffffff810dc6cb>] __do_page_fault+0x35b/0xa00
[   31.048349]  [<ffffffff810dcd97>] do_page_fault+0x27/0x30
[   31.048355]  [<ffffffff83774d88>] page_fault+0x28/0x30
[   31.048364]  [<ffffffff81d34f00>] ? __put_user_4+0x20/0x30
[   31.048371]  [<ffffffff811c75b8>] ? schedule_tail+0xd8/0x120
[   31.048377]  [<ffffffff83773d3f>] ret_from_fork+0xf/0x80
[   31.209035] ------------[ cut here ]------------
[   31.209042] kernel BUG at include/linux/mm.h:460!
[   31.209050] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   31.209054] Dumping ftrace buffer:
[   31.209057]    (ftrace buffer empty)
[   31.209060] Modules linked in:
[   31.209067] CPU: 0 PID: 3766 Comm: init Not tainted 4.4.120-gd63fdf6 #28
[   31.209070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.209073] task: ffff8801c66e3000 task.stack: ffff8800adde8000
[   31.209088] RIP: 0010:[<ffffffff814909c1>]  [<ffffffff814909c1>] dump_page_badflags+0x191/0x250
[   31.209092] RSP: 0018:ffff8801db207d18  EFLAGS: 00010206
[   31.209095] RAX: ffffffff814909c1 RBX: ffff8801db207d68 RCX: ffffffff812a0eeb
[   31.209099] RDX: 0000000000000100 RSI: ffffffff847ebf78 RDI: ffff8800ab841500
[   31.209102] RBP: ffff8801db207df0 R08: 0000000000000000 R09: 0000000000000000
[   31.209105] R10: ffffffff838444e0 R11: 1ffff1003b640f70 R12: 1ffff1003b640fa9
[   31.209109] R13: ffff8800ab841ab0 R14: 0000000000000102 R15: ffffffff838444e0
[   31.209114] FS:  00007fe5fe5747a0(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   31.209117] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.209121] CR2: 00007fe5fe574a70 CR3: 00000000af730000 CR4: 0000000000160670
[   31.209127] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.209130] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.209131] Stack:
[   31.209138]  ffffffff812a0efb ffffffff812a0e4c 0000000000000000 ffffffff842c35a0
[   31.209145]  ffff8800ab841500 ffffffff814909c1 0000000041b58ab3 ffffffff83faab59
[   31.209151]  ffffffff812a0d70 ffffffff812a2952 ffff8800ab841b40 0000000000000000
[   31.209153] Call Trace:
[   31.209163]  <IRQ> 
[   31.209163]  [<ffffffff812a0efb>] ? call_timer_fn+0x18b/0x860
[   31.209168]  [<ffffffff812a0e4c>] ? call_timer_fn+0xdc/0x860
[   31.209174]  [<ffffffff814909c1>] ? dump_page_badflags+0x191/0x250
[   31.209180]  [<ffffffff812a0d70>] ? process_timeout+0x20/0x20
[   31.209185]  [<ffffffff812a2952>] ? run_timer_softirq+0x102/0xbb0
[   31.209191]  [<ffffffff812a2e42>] ? run_timer_softirq+0x5f2/0xbb0
[   31.209197]  [<ffffffff814909c1>] ? dump_page_badflags+0x191/0x250
[   31.209202]  [<ffffffff812a2e54>] run_timer_softirq+0x604/0xbb0
[   31.209209]  [<ffffffff810d00e3>] ? kvm_clock_read+0x23/0x40
[   31.209215]  [<ffffffff812a2850>] ? msleep+0xc0/0xc0
[   31.209222]  [<ffffffff81d63e4b>] ? check_preemption_disabled+0x3b/0x200
[   31.209230]  [<ffffffff83776e57>] __do_softirq+0x227/0xa38
[   31.209238]  [<ffffffff8113daa9>] irq_exit+0x119/0x140
[   31.209244]  [<ffffffff837765bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   31.209250]  [<ffffffff83775510>] apic_timer_interrupt+0xa0/0xb0
[   31.209257]  <EOI> 
[   31.209258]  [<ffffffff81d63e4b>] ? check_preemption_disabled+0x3b/0x200
[   31.209265]  [<ffffffff81d30085>] ? delay_tsc+0x25/0xc0
[   31.209270]  [<ffffffff81d3007d>] ? delay_tsc+0x1d/0xc0
[   31.209275]  [<ffffffff81d2ffba>] __delay+0xa/0x10
[   31.209282]  [<ffffffff81246dc1>] do_raw_spin_lock+0x151/0x2c0
[   31.209287]  [<ffffffff83772ade>] _raw_spin_lock+0x3e/0x50
[   31.209293]  [<ffffffff814a23a2>] ? handle_mm_fault+0x1f52/0x3190
[   31.209299]  [<ffffffff814a23a2>] handle_mm_fault+0x1f52/0x3190
[   31.209305]  [<ffffffff814a0450>] ? copy_page_range+0x1480/0x1480
[   31.209310]  [<ffffffff814fd551>] ? memset+0x31/0x40
[   31.209315]  [<ffffffff8148bcf7>] ? vmacache_find+0x57/0x290
[   31.209320]  [<ffffffff8148bc6e>] ? vmacache_update+0xfe/0x130
[   31.209327]  [<ffffffff810dc6cb>] __do_page_fault+0x35b/0xa00
[   31.209332]  [<ffffffff810dcd97>] do_page_fault+0x27/0x30
[   31.209337]  [<ffffffff83774d88>] page_fault+0x28/0x30
[   31.209344]  [<ffffffff81d34f00>] ? __put_user_4+0x20/0x30
[   31.209350]  [<ffffffff811c75b8>] ? schedule_tail+0xd8/0x120
[   31.209355]  [<ffffffff83773d3f>] ret_from_fork+0xf/0x80
[   31.209436] Code: 46 e8 b4 03 ed ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a0 03 ed ff 31 d2 48 c7 c6 60 90 8a 83 48 89 df e8 6f fe ff ff <0f> 0b e8 b8 dd 06 00 e9 21 ff ff ff 89 4d d4 e8 ab dd 06 00 8b 
[   31.209443] RIP  [<ffffffff814909c1>] dump_page_badflags+0x191/0x250
[   31.209445]  RSP <ffff8801db207d18>
[   31.209452] ---[ end trace b432bd2acd085a21 ]---
[   31.209457] Kernel panic - not syncing: Fatal exception in interrupt
[   32.338407] Shutting down cpus with NMI
[   32.338894] Dumping ftrace buffer:
[   32.338897]    (ftrace buffer empty)
[   32.338900] Kernel Offset: disabled
[   33.314986] Rebooting in 86400 seconds..