[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.837749] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.
[   21.586462] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
[   21.831844] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.180167] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available)
[   23.291522] random: nonblocking pool is initialized
Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts.
executing program
[   37.691005] ==================================================================
[   37.698413] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[   37.705664] Read of size 4 at addr ffff8801d22c8f00 by task syz-executor708/3828
[   37.713180] 
[   37.714788] CPU: 0 PID: 3828 Comm: syz-executor708 Not tainted 4.4.140-g789274d #67
[   37.722572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.731908]  0000000000000000 14acd7f3fe48af08 ffff8801c8d7fcc0 ffffffff81e0e08d
[   37.739894]  ffffea000748b200 ffff8801d22c8f00 0000000000000000 ffff8801d22c8f00
[   37.747907]  ffffffff82f19f30 ffff8801c8d7fcf8 ffffffff81515a56 ffff8801d22c8f00
[   37.755947] Call Trace:
[   37.758517]  [<ffffffff81e0e08d>] dump_stack+0xc1/0x124
[   37.763875]  [<ffffffff82f19f30>] ? sock_release+0x1c0/0x1c0
[   37.769655]  [<ffffffff81515a56>] print_address_description+0x6c/0x216
[   37.776315]  [<ffffffff82f19f30>] ? sock_release+0x1c0/0x1c0
[   37.782101]  [<ffffffff81515d75>] kasan_report.cold.7+0x175/0x2f7
[   37.788456]  [<ffffffff8359adb4>] ? l2tp_session_queue_purge+0xf4/0x100
[   37.795307]  [<ffffffff814f9844>] __asan_report_load4_noabort+0x14/0x20
[   37.802041]  [<ffffffff8359adb4>] l2tp_session_queue_purge+0xf4/0x100
[   37.808604]  [<ffffffff82f19f30>] ? sock_release+0x1c0/0x1c0
[   37.814383]  [<ffffffff835a78ef>] pppol2tp_release+0x1ff/0x310
[   37.820344]  [<ffffffff82f19e06>] sock_release+0x96/0x1c0
[   37.825866]  [<ffffffff82f19f46>] sock_close+0x16/0x20
[   37.831130]  [<ffffffff81522e45>] __fput+0x235/0x6f0
[   37.836296]  [<ffffffff81523385>] ____fput+0x15/0x20
[   37.841377]  [<ffffffff8118bdbf>] task_work_run+0x10f/0x190
[   37.847065]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   37.853451]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   37.860007]  [<ffffffff838c2935>] int_ret_from_sys_call+0x25/0xa3
[   37.866228] 
[   37.867829] Allocated by task 3827:
[   37.871427]  [<ffffffff81033e46>] save_stack_trace+0x26/0x50
[   37.877323]  [<ffffffff814f8913>] save_stack+0x43/0xd0
[   37.882695]  [<ffffffff814f8bf7>] kasan_kmalloc+0xc7/0xe0
[   37.888499]  [<ffffffff814f5314>] __kmalloc+0x124/0x310
[   37.893962]  [<ffffffff835a01f9>] l2tp_session_create+0x39/0x1030
[   37.900296]  [<ffffffff835a4f00>] pppol2tp_connect+0x10f0/0x1910
[   37.906549]  [<ffffffff82f1e828>] SYSC_connect+0x1b8/0x300
[   37.912287]  [<ffffffff82f21164>] SyS_connect+0x24/0x30
[   37.917748]  [<ffffffff838c27a5>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   37.924456] 
[   37.926061] Freed by task 3827:
[   37.929318]  [<ffffffff81033e46>] save_stack_trace+0x26/0x50
[   37.935222]  [<ffffffff814f8913>] save_stack+0x43/0xd0
[   37.940623]  [<ffffffff814f9242>] kasan_slab_free+0x72/0xc0
[   37.946454]  [<ffffffff814f6744>] kfree+0xf4/0x310
[   37.951495]  [<ffffffff8359d160>] l2tp_session_free+0x170/0x200
[   37.957682]  [<ffffffff8359f519>] l2tp_tunnel_closeall+0x2b9/0x350
[   37.964118]  [<ffffffff835a002b>] l2tp_udp_encap_destroy+0x8b/0xf0
[   37.970546]  [<ffffffff832cbd48>] udp_destroy_sock+0x118/0x1a0
[   37.976626]  [<ffffffff82f2f6dd>] sk_common_release+0x6d/0x300
[   37.982703]  [<ffffffff832c9d55>] udp_lib_close+0x15/0x20
[   37.988330]  [<ffffffff832f8adf>] inet_release+0xff/0x1d0
[   37.993964]  [<ffffffff82f19e06>] sock_release+0x96/0x1c0
[   37.999596]  [<ffffffff82f19f46>] sock_close+0x16/0x20
[   38.004966]  [<ffffffff81522e45>] __fput+0x235/0x6f0
[   38.010260]  [<ffffffff81523385>] ____fput+0x15/0x20
[   38.015460]  [<ffffffff8118bdbf>] task_work_run+0x10f/0x190
[   38.021272]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   38.027776]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   38.034451]  [<ffffffff838c2935>] int_ret_from_sys_call+0x25/0xa3
[   38.040782] 
[   38.042397] The buggy address belongs to the object at ffff8801d22c8f00
[   38.042397]  which belongs to the cache kmalloc-512 of size 512
[   38.055043] The buggy address is located 0 bytes inside of
[   38.055043]  512-byte region [ffff8801d22c8f00, ffff8801d22c9100)
[   38.066732] The buggy address belongs to the page:
[   39.575382] PANIC: double fault, error_code: 0x0
[   39.580168] CPU: 0 PID: 3828 Comm: syz-executor708 Not tainted 4.4.140-g789274d #67
[   39.588024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.597353] task: ffff8800adda8000 task.stack: ffff8801c8d78000
[   39.603391] RIP: 0010:[<ffffffff8148cf72>]  [<ffffffff8148cf72>] dump_page_badflags+0x12/0x70
[   39.612154] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   39.617576] RAX: ffff8800adda8000 RBX: ffffea000748b200 RCX: 0000000000000000
[   39.624840] RDX: 0000000000000000 RSI: ffffffff83aa9de0 RDI: ffffea000748b200
[   39.632086] RBP: ffff880100000020 R08: 0000000000000001 R09: 0000000000000000
[   39.639340] R10: 0000000000000001 R11: ffffffff858ed0f4 R12: 0000000000000000
[   39.646589] R13: ffffffff83aa9de0 R14: ffff8801d22c8f00 R15: ffff8801d22c9100
[   39.653838] FS:  00007fb58175c700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   39.662037] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.667902] CR2: ffff8800fffffff8 CR3: 00000000b4a2e000 CR4: 00000000001606f0
[   39.675151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   39.682393] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   39.689635] Stack:
[   39.691755] 
[   39.693366] Call Trace:
[   39.695920]  <UNK> 
[   39.697952] Code: 43 9f 84 5b 5d c3 48 89 df e8 fb c8 06 00 eb dd 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 d4 <53> 48 89 fb 48 83 ec 08 e8 71 45 ec ff 48 89 da 48 b8 00 00 00 
[   39.725313] Kernel panic - not syncing: Machine halted.
[   39.730665] CPU: 0 PID: 3828 Comm: syz-executor708 Not tainted 4.4.140-g789274d #67
[   39.738432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.747771]  0000000000000000 14acd7f3fe48af08 ffff8801db20ce40 ffffffff81e0e08d
[   39.755780]  ffffffff83a375e0 0000000000000000 ffffffff83a08060 ffff880100000000
[   39.763773]  ffff8801d22c9100 ffff8801db20cf00 ffffffff8140a1c4 0000000041b58ab3
[   39.771773] Call Trace:
[   39.774331]  <#DF>  [<ffffffff81e0e08d>] dump_stack+0xc1/0x124
[   39.780417]  [<ffffffff8140a1c4>] panic+0x19e/0x38d
[   39.785414]  [<ffffffff8140a026>] ? add_taint.cold.4+0x16/0x16
[   39.791362]  [<ffffffff8125d289>] ? vprintk_emit+0x249/0x840
[   39.797137]  [<ffffffff8125d289>] ? vprintk_emit+0x249/0x840
[   39.802924]  [<ffffffff811217d4>] df_debug+0x2d/0x2d
[   39.808002]  [<ffffffff81012063>] do_double_fault+0x113/0x230
[   39.813862]  [<ffffffff838c387d>] double_fault+0x2d/0x40
[   39.819299]  [<ffffffff8148cf72>] ? dump_page_badflags+0x12/0x70
[   39.825415]  <<EOE>>  <UNK> 
[   39.829087] Dumping ftrace buffer:
[   39.833083]    (ftrace buffer empty)
[   39.836791] Kernel Offset: disabled
[   39.840437] Rebooting in 86400 seconds..