[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   12.939122] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.044236] random: sshd: uninitialized urandom read (32 bytes read)
[   18.375448] random: sshd: uninitialized urandom read (32 bytes read)
[   18.887673] random: sshd: uninitialized urandom read (32 bytes read)
[   30.030409] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
[   35.622737] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/22 05:44:02 parsed 1 programs
[   36.555204] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/22 05:44:04 executed programs: 0
[   37.699662] IPVS: Creating netns size=2536 id=1
[   37.823588] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.835410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.879944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.891139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.934273] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.946396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.958586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.971587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.472410] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   38.497442] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   38.503537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   38.510550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.717848] hrtimer: interrupt took 11307 ns
[   38.766351] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   38.795263] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   38.853005] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   38.873763] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[   38.881991] IP: [<ffffffff836c7e40>] l2tp_session_create+0xc60/0x16f0
[   38.888698] PGD 1d85d8067 [   38.891343] PUD 1da31b067 
PMD 0 [   38.894818] 
[   38.896450] Oops: 0002 [#1] PREEMPT SMP KASAN
[   38.900920] Dumping ftrace buffer:
[   38.904433]    (ftrace buffer empty)
[   38.908119] Modules linked in:
[   38.911467] CPU: 0 PID: 4172 Comm: syz-executor0 Not tainted 4.9.122-g54068d6 #78
[   38.919059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.928553] task: ffff8801d7bec800 task.stack: ffff8801d5ec8000
[   38.934612] RIP: 0010:[<ffffffff836c7e40>]  [<ffffffff836c7e40>] l2tp_session_create+0xc60/0x16f0
[   38.943749] RSP: 0018:ffff8801d5ecfac0  EFLAGS: 00010246
[   38.949174] RAX: 0000000000000000 RBX: ffff8801da126780 RCX: 1ffff1003af7da1d
[   38.956426] RDX: 1ffff1003adcf6b0 RSI: ffff8801d7bed0c8 RDI: ffff8801d6e7b580
[   38.963676] RBP: ffff8801d5ecfb60 R08: ffff8801d7bed0e8 R09: 0000000000000000
[   38.970925] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d6e7b458
[   38.978171] R13: 0000000000000000 R14: ffff8801d6e7b400 R15: ffff8801d5ecfc78
[   38.985490] FS:  00007f4827e42700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   38.993711] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.999568] CR2: 0000000000000080 CR3: 00000001da1bf000 CR4: 00000000001606f0
[   39.006815] Stack:
[   39.008946]  0000000000000201 ffffffff836c9151 ffff8801d5ecfae0 ffffffff81237ecd
[   39.016974]  ffff8801d6e7b400 ffff8801da1268d8 ffff8801d6e7b458 ffff8801da1268d0
[   39.024974]  ffff8801da126830 ffff8801d6e7b420 0000000000000000 0000000000000000
[   39.033078] Call Trace:
[   39.035647]  [<ffffffff836c9151>] ? l2tp_session_get+0x1d1/0x790
[   39.041903]  [<ffffffff81237ecd>] ? trace_hardirqs_on+0xd/0x10
[   39.047857]  [<ffffffff836ccff7>] pppol2tp_connect+0x10d7/0x18f0
[   39.053995]  [<ffffffff836cbf20>] ? pppol2tp_seq_show+0xc30/0xc30
[   39.060207]  [<ffffffff81cf826f>] ? security_socket_connect+0x8f/0xc0
[   39.066761]  [<ffffffff8301d958>] SYSC_connect+0x1b8/0x300
[   39.072470]  [<ffffffff8301d7a0>] ? SYSC_bind+0x280/0x280
[   39.077997]  [<ffffffff815daf70>] ? get_unused_fd_flags+0xd0/0xd0
[   39.084205]  [<ffffffff812db6d0>] ? do_futex+0x17c0/0x17c0
[   39.089810]  [<ffffffff8301f951>] ? SyS_socket+0x121/0x1b0
[   39.095504]  [<ffffffff8301f830>] ? move_addr_to_kernel+0x50/0x50
[   39.101714]  [<ffffffff83020224>] SyS_connect+0x24/0x30
[   39.107062]  [<ffffffff83020200>] ? SyS_accept+0x30/0x30
[   39.112495]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   39.118190]  [<ffffffff83a00cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   39.125091] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 <f0> ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 
[   39.152178] RIP  [<ffffffff836c7e40>] l2tp_session_create+0xc60/0x16f0
[   39.158986]  RSP <ffff8801d5ecfac0>
[   39.162589] CR2: 0000000000000080
[   39.166051] BUG: unable to handle kernel [   39.166359] ---[ end trace 56b9d2c132a040c4 ]---
[   39.166362] Kernel panic - not syncing: Fatal exception
[   39.180092] NULL pointer dereference at 0000000000000080
[   39.185701] IP: [<ffffffff836c39cc>] l2tp_session_free+0x11c/0x200
[   39.192136] PGD 1d85d8067 [   39.194780] PUD 1da31b067 
PMD 0 [   39.198335] 
[   39.199956] Oops: 0002 [#2] PREEMPT SMP KASAN
[   39.204427] Dumping ftrace buffer:
[   39.207940]    (ftrace buffer empty)
[   39.211624] Modules linked in:
[   39.214912] CPU: 1 PID: 4169 Comm: syz-executor0 Tainted: G      D         4.9.122-g54068d6 #78
[   39.223723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.233054] task: ffff8801d7beb000 task.stack: ffff8801d5670000
[   39.239085] RIP: 0010:[<ffffffff836c39cc>]  [<ffffffff836c39cc>] l2tp_session_free+0x11c/0x200
[   39.247958] RSP: 0018:ffff8801d5677b48  EFLAGS: 00010246
[   39.253381] RAX: dffffc0000000000 RBX: ffff8801da126780 RCX: 0000000000000000
[   39.260624] RDX: 1ffff1003adcf6b0 RSI: ffffffff836c39a1 RDI: ffff8801d6e7b580
[   39.267870] RBP: ffff8801d5677b68 R08: ffff8801d7beb8e8 R09: 0000000000000000
[   39.275122] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d6e7b400
[   39.282369] R13: ffff8801da126788 R14: 0000000000000000 R15: ffff8801d6e7b458
[   39.289616] FS:  0000000000d71940(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   39.297917] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.303776] CR2: 0000000000000080 CR3: 00000001da1bf000 CR4: 00000000001606f0
[   39.311025] Stack:
[   39.313151]  ffff8801da126828 dffffc0000000000 ffff8801da126780 0000000000000000
[   39.321150]  ffff8801d5677bc0 ffffffff836c4254 ffff8801d6e7b4d8 ffffed003adcf68b
[   39.329132]  ffff8801d6e7b458 ffff8801d6e7b420 ffff8801d6e7b400 ffff8801d5d0a080
[   39.337132] Call Trace:
[   39.339699]  [<ffffffff836c4254>] l2tp_tunnel_closeall+0x284/0x350
[   39.345991]  [<ffffffff836c4a82>] l2tp_tunnel_destruct+0x2f2/0x590
[   39.352286]  [<ffffffff836c493a>] ? l2tp_tunnel_destruct+0x1aa/0x590
[   39.358759]  [<ffffffff836c4790>] ? l2tp_tunnel_del_work+0x470/0x470
[   39.365234]  [<ffffffff83019be0>] ? sock_release+0x1c0/0x1c0
[   39.371013]  [<ffffffff830270f5>] __sk_destruct+0x55/0x590
[   39.376612]  [<ffffffff83019be0>] ? sock_release+0x1c0/0x1c0
[   39.382385]  [<ffffffff8302eb83>] sk_destruct+0x63/0x80
[   39.387724]  [<ffffffff8302ebef>] __sk_free+0x4f/0x220
[   39.392980]  [<ffffffff8302edeb>] sk_free+0x2b/0x40
[   39.397970]  [<ffffffff836c3a4c>] l2tp_session_free+0x19c/0x200
[   39.404003]  [<ffffffff836cb2b2>] pppol2tp_session_destruct+0xd2/0x110
[   39.410730]  [<ffffffff836cb1e0>] ? pppol2tp_seq_start+0x4e0/0x4e0
[   39.417024]  [<ffffffff830270f5>] __sk_destruct+0x55/0x590
[   39.422712]  [<ffffffff83019be0>] ? sock_release+0x1c0/0x1c0
[   39.428484]  [<ffffffff8302eb83>] sk_destruct+0x63/0x80
[   39.433933]  [<ffffffff8302ebef>] __sk_free+0x4f/0x220
[   39.439194]  [<ffffffff8302edeb>] sk_free+0x2b/0x40
[   39.444185]  [<ffffffff836ce5b9>] pppol2tp_release+0x239/0x2e0
[   39.450131]  [<ffffffff83019ab6>] sock_release+0x96/0x1c0
[   39.455688]  [<ffffffff83019bf6>] sock_close+0x16/0x20
[   39.460951]  [<ffffffff8157bdd3>] __fput+0x263/0x700
[   39.466032]  [<ffffffff8157c2f5>] ____fput+0x15/0x20
[   39.471111]  [<ffffffff8119a62c>] task_work_run+0x10c/0x180
[   39.476798]  [<ffffffff8100559c>] exit_to_usermode_loop+0xfc/0x120
[   39.483090]  [<ffffffff810064d4>] do_syscall_64+0x364/0x490
[   39.488776]  [<ffffffff83a00cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   39.495670] Code: 49 8d bc 24 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c6 00 00 00 4d 8b b4 24 80 01 00 00 <f0> 41 ff 8e 80 00 00 00 74 69 e8 95 d3 c9 fd 4c 89 ea 48 b8 00 
[   39.522429] RIP  [<ffffffff836c39cc>] l2tp_session_free+0x11c/0x200
[   39.528939]  RSP <ffff8801d5677b48>
[   39.532538] CR2: 0000000000000080
[   39.536196] Dumping ftrace buffer:
[   39.539743]    (ftrace buffer empty)
[   39.543428] Kernel Offset: disabled
[   39.547031] Rebooting in 86400 seconds..