[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.778584] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.101729] random: sshd: uninitialized urandom read (32 bytes read)
[   18.472104] random: sshd: uninitialized urandom read (32 bytes read)
[   19.056562] random: sshd: uninitialized urandom read (32 bytes read)
[   19.198934] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
[   24.750743] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/22 15:35:05 parsed 1 programs
[   26.436511] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/22 15:35:08 executed programs: 0
[   27.785832] IPVS: Creating netns size=2536 id=1
[   27.827489] IPVS: Creating netns size=2536 id=2
[   27.864662] IPVS: Creating netns size=2536 id=3
[   27.892377] IPVS: Creating netns size=2536 id=4
[   27.942898] IPVS: Creating netns size=2536 id=5
[   27.998220] IPVS: Creating netns size=2536 id=6
[   28.053307] IPVS: Creating netns size=2536 id=7
[   28.119577] IPVS: Creating netns size=2536 id=8
[   28.299419] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.331491] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   28.463109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.482482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.515772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   28.551963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   28.575714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   28.583204] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   28.669203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.722279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   28.739013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   28.773593] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   28.827126] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   28.840438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.856224] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   28.893572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   28.909092] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.918577] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   28.927262] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   28.935653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   28.956564] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   28.966459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   28.987552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   29.003901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   29.014004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   29.022873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.033183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   29.071942] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   29.144328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.183195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   29.209609] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.224589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   29.237884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   29.247347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.256893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   29.275034] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.294545] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.303463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   29.317145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.326128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.332942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.345470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.358550] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.367052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.374622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   29.382963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.391800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.401882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.409546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.422572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   29.430670] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.438229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   29.448501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.458333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.469572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.487060] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.494704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.502557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.510204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.517964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.526603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.544174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.592004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.610573] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.628340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.637524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.647859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.656831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.667589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.679137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.709130] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.719094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.727743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.740270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.751123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   29.760965] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.770400] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.783229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.795216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.818216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   29.835675] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.844675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.861250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.879269] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.890314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.900416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.920299] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.935808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.943302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.968381] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.980950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.993611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   32.407154] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.576103] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   32.582318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   32.590810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.878870] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.052931] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.061751] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.070107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.078563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.087251] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.099107] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.107409] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.188233] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.205187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.211928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.221474] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.233771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.242060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.286051] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.292522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.301741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.309683] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.316876] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.324248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.331448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.389380] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.465608] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.471937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.483559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.532634] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.552135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.561680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/22 15:35:14 executed programs: 8
[   35.037344] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[   35.045649] IP: [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   35.052371] PGD 1c4ffe067 [   35.055033] PUD 1d0612067 
PMD 0 [   35.058569] 
[   35.060207] Oops: 0002 [#1] PREEMPT SMP KASAN
[   35.064682] Dumping ftrace buffer:
[   35.068205]    (ftrace buffer empty)
[   35.071894] Modules linked in:
[   35.075208] CPU: 1 PID: 6968 Comm: syz-executor5 Not tainted 4.9.123-g8dd3fc2 #31
[   35.082815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.092157] task: ffff8801b7e3b000 task.stack: ffff8801c2008000
[   35.098194] RIP: 0010:[<ffffffff836c8e30>]  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   35.107549] RSP: 0018:ffff8801c200fab0  EFLAGS: 00010246
[   35.112970] RAX: 0000000000000000 RBX: ffff8801d3ddc000 RCX: 1ffff10036fc771d
[   35.120223] RDX: 1ffff100371f12b0 RSI: ffff8801b7e3b8c8 RDI: ffff8801b8f89580
[   35.127472] RBP: ffff8801c200fb50 R08: ffff8801b7e3b8e8 R09: 0000000000000000
[   35.134717] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b8f89458
[   35.141963] R13: 0000000000000000 R14: ffff8801b8f89400 R15: 0000000000000000
[   35.149218] FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000f7749b40
[   35.157420] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   35.163279] CR2: 0000000000000080 CR3: 00000001d6f71000 CR4: 00000000001606f0
[   35.170525] Stack:
[   35.172649]  ffffffff836c90a7 ffffffff836ca141 ffff8801b51faa48 0000000000000000
[   35.180672]  ffff8801b8f89400 ffff8801d3ddc158 ffff8801b8f89458 ffff8801d3ddc150
[   35.188682]  ffff8801d3ddc0b0 ffff8801b8f89420 ffff8801b51fa200 0000000000000000
[   35.196685] Call Trace:
[   35.199252]  [<ffffffff836c90a7>] ? l2tp_session_create+0xed7/0x16f0
[   35.205720]  [<ffffffff836ca141>] ? l2tp_session_get+0x1d1/0x790
[   35.211842]  [<ffffffff836cdfe7>] pppol2tp_connect+0x10d7/0x18f0
[   35.217964]  [<ffffffff836ccf10>] ? pppol2tp_seq_show+0xc30/0xc30
[   35.224182]  [<ffffffff81cf90cf>] ? security_socket_connect+0x8f/0xc0
[   35.230753]  [<ffffffff8301e958>] SYSC_connect+0x1b8/0x300
[   35.236364]  [<ffffffff8301e7a0>] ? SYSC_bind+0x280/0x280
[   35.241876]  [<ffffffff815dbcb0>] ? get_unused_fd_flags+0xd0/0xd0
[   35.248088]  [<ffffffff812dc050>] ? compat_SyS_get_robust_list+0x310/0x310
[   35.255083]  [<ffffffff83020951>] ? SyS_socket+0x121/0x1b0
[   35.260691]  [<ffffffff83020830>] ? move_addr_to_kernel+0x50/0x50
[   35.266902]  [<ffffffff83021224>] SyS_connect+0x24/0x30
[   35.272252]  [<ffffffff83021200>] ? SyS_accept+0x30/0x30
[   35.277700]  [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870
[   35.283833]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.290478]  [<ffffffff83a03390>] entry_SYSENTER_compat+0x90/0xa2
[   35.296680] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 <f0> ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 
[   35.323686] RIP  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   35.330452]  RSP <ffff8801c200fab0>
[   35.334068] CR2: 0000000000000080
[   35.339670] ---[ end trace d1929cbf92bf4927 ]---
[   35.344504] Kernel panic - not syncing: Fatal exception
[   35.350151] Dumping ftrace buffer:
[   35.353678]    (ftrace buffer empty)
[   35.357367] Kernel Offset: disabled
[   35.360966] Rebooting in 86400 seconds..