[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   14.196108] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   15.359178] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

[   15.711229] random: sshd: uninitialized urandom read (32 bytes read)
syzkaller login: [   16.676857] random: sshd: uninitialized urandom read (32 bytes read)
[   16.820037] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts.
[   22.272419] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   22.422864] ==================================================================
[   22.430260] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[   22.437511] Read of size 4 at addr ffff8801b5183180 by task syz-executor892/3800
[   22.445014] 
[   22.446617] CPU: 1 PID: 3800 Comm: syz-executor892 Not tainted 4.9.112-g9e79039 #59
[   22.454380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.463715]  ffff8801b513fcb0 ffffffff81eb3249 ffffea0006d46080 ffff8801b5183180
[   22.471739]  0000000000000000 ffff8801b5183180 ffffffff83013be0 ffff8801b513fce8
[   22.479718]  ffffffff81567bd9 ffff8801b5183180 0000000000000004 0000000000000000
[   22.487707] Call Trace:
[   22.490269]  [<ffffffff81eb3249>] dump_stack+0xc1/0x128
[   22.495607]  [<ffffffff83013be0>] ? sock_release+0x1c0/0x1c0
[   22.501385]  [<ffffffff81567bd9>] print_address_description+0x6c/0x234
[   22.508029]  [<ffffffff83013be0>] ? sock_release+0x1c0/0x1c0
[   22.513801]  [<ffffffff81567fe3>] kasan_report.cold.6+0x242/0x2fe
[   22.520008]  [<ffffffff836bbc14>] ? l2tp_session_queue_purge+0xf4/0x100
[   22.526745]  [<ffffffff8153bc14>] __asan_report_load4_noabort+0x14/0x20
[   22.533472]  [<ffffffff836bbc14>] l2tp_session_queue_purge+0xf4/0x100
[   22.540022]  [<ffffffff83013be0>] ? sock_release+0x1c0/0x1c0
[   22.545794]  [<ffffffff836c789b>] pppol2tp_release+0x1fb/0x2e0
[   22.551736]  [<ffffffff83013ab6>] sock_release+0x96/0x1c0
[   22.557243]  [<ffffffff83013bf6>] sock_close+0x16/0x20
[   22.562494]  [<ffffffff815782e3>] __fput+0x263/0x700
[   22.567572]  [<ffffffff81578805>] ____fput+0x15/0x20
[   22.572661]  [<ffffffff8119839c>] task_work_run+0x10c/0x180
[   22.578439]  [<ffffffff8100559c>] exit_to_usermode_loop+0xfc/0x120
[   22.584728]  [<ffffffff810064d4>] do_syscall_64+0x364/0x490
[   22.590411]  [<ffffffff839f9f53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   22.597305] 
[   22.598905] Allocated by task 3799:
[   22.602502]  save_stack_trace+0x16/0x20
[   22.606447]  save_stack+0x43/0xd0
[   22.609885]  kasan_kmalloc+0xc7/0xe0
[   22.613572]  __kmalloc+0x11d/0x300
[   22.617104]  l2tp_session_create+0x38/0x16f0
[   22.621484]  pppol2tp_connect+0x10d7/0x18f0
[   22.625779]  SYSC_connect+0x1b8/0x300
[   22.629557]  SyS_connect+0x24/0x30
[   22.633068]  do_syscall_64+0x1a6/0x490
[   22.636926]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   22.641998] 
[   22.643605] Freed by task 3799:
[   22.646855]  save_stack_trace+0x16/0x20
[   22.650798]  save_stack+0x43/0xd0
[   22.654228]  kasan_slab_free+0x72/0xc0
[   22.658104]  kfree+0xfb/0x310
[   22.661182]  l2tp_session_free+0x166/0x200
[   22.665386]  l2tp_tunnel_closeall+0x284/0x350
[   22.669850]  l2tp_udp_encap_destroy+0x87/0xe0
[   22.674314]  udp_destroy_sock+0x118/0x1a0
[   22.678431]  sk_common_release+0x6d/0x300
[   22.682555]  udp_lib_close+0x15/0x20
[   22.686249]  inet_release+0xff/0x1d0
[   22.689934]  sock_release+0x96/0x1c0
[   22.693620]  sock_close+0x16/0x20
[   22.697046]  __fput+0x263/0x700
[   22.700293]  ____fput+0x15/0x20
[   22.703548]  task_work_run+0x10c/0x180
[   22.707406]  exit_to_usermode_loop+0xfc/0x120
[   22.711869]  do_syscall_64+0x364/0x490
[   22.715728]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   22.720803] 
[   22.722406] The buggy address belongs to the object at ffff8801b5183180
[   22.722406]  which belongs to the cache kmalloc-512 of size 512
[   22.735033] The buggy address is located 0 bytes inside of
[   22.735033]  512-byte region [ffff8801b5183180, ffff8801b5183380)
[   22.746709] The buggy address belongs to the page:
[   22.751613] page:ffffea0006d46080 count:1 mapcount:0 mapping:          (null) index:0x0 compound_mapcount: 0
[   22.761811] flags: 0x8000000000004080(slab|head)
[   22.766534] page dumped because: kasan: bad access detected
[   22.772221] 
[   22.773818] Memory state around the buggy address:
[   22.778723]  ffff8801b5183080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.786052]  ffff8801b5183100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.793382] >ffff8801b5183180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.800806]                    ^
[   22.804144]  ffff8801b5183200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.811559]  ffff8801b5183280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.818885] ==================================================================
[   22.826212] Disabling lock debugging due to kernel taint
[   22.831763] Kernel panic - not syncing: panic_on_warn set ...
[   22.831763] 
[   22.839120] CPU: 1 PID: 3800 Comm: syz-executor892 Tainted: G    B           4.9.112-g9e79039 #59
[   22.848111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.857439]  ffff8801b513fc10 ffffffff81eb3249 ffffffff843c775f 00000000ffffffff
[   22.865440]  0000000000000000 0000000000000001 ffffffff83013be0 ffff8801b513fcd0
[   22.873418]  ffffffff81421a55 0000000041b58ab3 ffffffff843bae78 ffffffff81421896
[   22.881389] Call Trace:
[   22.883952]  [<ffffffff81eb3249>] dump_stack+0xc1/0x128
[   22.889286]  [<ffffffff83013be0>] ? sock_release+0x1c0/0x1c0
[   22.895054]  [<ffffffff81421a55>] panic+0x1bf/0x3bc
[   22.900040]  [<ffffffff81421896>] ? add_taint.cold.6+0x16/0x16
[   22.905982]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   22.912191]  [<ffffffff81567af6>] kasan_end_report+0x47/0x4f
[   22.917960]  [<ffffffff81567e17>] kasan_report.cold.6+0x76/0x2fe
[   22.924080]  [<ffffffff836bbc14>] ? l2tp_session_queue_purge+0xf4/0x100
[   22.930805]  [<ffffffff8153bc14>] __asan_report_load4_noabort+0x14/0x20
[   22.937547]  [<ffffffff836bbc14>] l2tp_session_queue_purge+0xf4/0x100
[   22.944102]  [<ffffffff83013be0>] ? sock_release+0x1c0/0x1c0
[   22.949890]  [<ffffffff836c789b>] pppol2tp_release+0x1fb/0x2e0
[   22.955834]  [<ffffffff83013ab6>] sock_release+0x96/0x1c0
[   22.962565]  [<ffffffff83013bf6>] sock_close+0x16/0x20
[   22.967818]  [<ffffffff815782e3>] __fput+0x263/0x700
[   22.972901]  [<ffffffff81578805>] ____fput+0x15/0x20
[   22.977979]  [<ffffffff8119839c>] task_work_run+0x10c/0x180
[   22.983672]  [<ffffffff8100559c>] exit_to_usermode_loop+0xfc/0x120
[   22.989964]  [<ffffffff810064d4>] do_syscall_64+0x364/0x490
[   22.995647]  [<ffffffff839f9f53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   23.003029] Dumping ftrace buffer:
[   23.006548]    (ftrace buffer empty)
[   23.010241] Kernel Offset: disabled
[   23.013862] Rebooting in 86400 seconds..