syzbot

random: sshd: uninitialized urandom read (32 bytes read, 65 bits of entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 74 bits of entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 76 bits of entropy available)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
IP: [<ffffffff835a59bc>] l2tp_session_free+0x11c/0x200 net/l2tp/l2tp_core.c:1671
PGD 1d7348067 PUD 1cdaef067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 1805 Comm: kworker/1:2 Not tainted 4.4.150-g5541782 #83
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: sock_diag_events sock_diag_broadcast_destroy_work
task: ffff8800b6836000 task.stack: ffff8801d4210000
RIP: 0010:[<ffffffff835a59bc>]  [<ffffffff835a59bc>] l2tp_session_free+0x11c/0x200 net/l2tp/l2tp_core.c:1671
RSP: 0018:ffff8801d4217b28  EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8800b1f1a780 RCX: 0000000000000000
RDX: 1ffff100163e3610 RSI: ffffffff835a5991 RDI: ffff8800b1f1b080
RBP: ffff8801d4217b48 R08: ffff8800b6836928 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800b1f1af00
R13: ffff8800b1f1a788 R14: 0000000000000000 R15: ffff8800b1f1af58
FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000080 CR3: 00000001d3b8f000 CR4: 00000000001606f0
Stack:
 ffff8800b1f1a828 dffffc0000000000 ffff8800b1f1a780 ffffffff835af470
 ffff8801d4217ba0 ffffffff835a7dc9 ffff8800b1f1afd8 ffffed00163e35eb
 ffff8800b1f1af58 ffff8800b1f1af20 ffff8800b1f1af00 ffff8801ce3d8000
Call Trace:
 [<ffffffff835a7dc9>] l2tp_session_dec_refcount_1 net/l2tp/l2tp_core.h:293 [inline]
 [<ffffffff835a7dc9>] l2tp_tunnel_closeall+0x2b9/0x350 net/l2tp/l2tp_core.c:1279
 [<ffffffff835a85b2>] l2tp_tunnel_destruct+0x2f2/0x590 net/l2tp/l2tp_core.c:1230
 [<ffffffff82f36e3c>] sk_destruct+0x4c/0x4c0 net/core/sock.c:1447
 [<ffffffff82fd3f2a>] sock_diag_broadcast_destroy_work+0x21a/0x390 net/core/sock_diag.c:153
 [<ffffffff81184eff>] process_one_work+0x7df/0x1600 kernel/workqueue.c:2064
 [<ffffffff81185df9>] worker_thread+0xd9/0xfc0 kernel/workqueue.c:2196
 [<ffffffff81193908>] kthread+0x268/0x300 kernel/kthread.c:211
 [<ffffffff838cb4d5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:510
Code: 49 8d bc 24 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 d0 00 00 00 4d 8b b4 24 80 01 00 00 <f0> 41 ff 8e 80 00 00 00 74 64 e8 15 eb da fd e8 10 eb da fd 4c 
RIP  [<ffffffff835a59bc>] l2tp_session_free+0x11c/0x200 net/l2tp/l2tp_core.c:1671
 RSP <ffff8801d4217b28>
CR2: 0000000000000080
---[ end trace 954b4d16b6b65573 ]---