[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 17.021515] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.575843] random: sshd: uninitialized urandom read (32 bytes read) [ 21.040697] random: sshd: uninitialized urandom read (32 bytes read) [ 22.020077] random: sshd: uninitialized urandom read (32 bytes read) [ 26.792914] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 32.221885] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program [ 32.454999] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 32.463353] IP: [] l2tp_session_free+0x11c/0x200 [ 32.469819] PGD 1c2aef067 [ 32.472476] PUD 1c2afe067 PMD 0 [ 32.476061] [ 32.477707] Oops: 0002 [#1] PREEMPT SMP KASAN [ 32.482185] Dumping ftrace buffer: [ 32.485713] (ftrace buffer empty) [ 32.489411] Modules linked in: [ 32.492731] CPU: 1 PID: 3803 Comm: syz-executor049 Not tainted 4.9.113-g47bbcd6 #62 [ 32.500617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.510064] task: ffff8801b9a86000 task.stack: ffff8801b5eb0000 [ 32.516119] RIP: 0010:[] [] l2tp_session_free+0x11c/0x200 [ 32.525013] RSP: 0018:ffff8801b5eb7ca0 EFLAGS: 00010246 [ 32.530460] RAX: dffffc0000000000 RBX: ffff8801b5ccb400 RCX: 0000000000000000 [ 32.537998] RDX: 1ffff10036c73480 RSI: ffffffff836bcce1 RDI: ffff8801b639a400 [ 32.545372] RBP: ffff8801b5eb7cc0 R08: ffff8801b9a868e8 R09: 0000000000000000 [ 32.552649] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b639a280 [ 32.559919] R13: ffff8801b5ccb408 R14: 0000000000000000 R15: ffffffff83013be0 [ 32.567197] FS: 0000000000d97880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 32.575501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.581377] CR2: 0000000000000080 CR3: 00000001be52f000 CR4: 00000000001606f0 [ 32.588678] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.595946] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.603336] Stack: [ 32.605668] ffff8801c92cee80 ffff8801b5ccb400 ffff8801c92cf250 ffff8801c92cf158 [ 32.613700] ffff8801b5eb7ce8 ffffffff836c45f2 ffff8801c92cf2c0 ffff8801c92cee80 [ 32.621828] ffffffff836c4520 ffff8801b5eb7d20 ffffffff83021095 ffff8801c92cf2c0 [ 32.629869] Call Trace: [ 32.632439] [] pppol2tp_session_destruct+0xd2/0x110 [ 32.639100] [] ? pppol2tp_seq_start+0x4e0/0x4e0 [ 32.645407] [] __sk_destruct+0x55/0x590 [ 32.651016] [] ? sock_release+0x1c0/0x1c0 [ 32.656819] [] sk_destruct+0x63/0x80 [ 32.662209] [] __sk_free+0x4f/0x220 [ 32.667492] [] sk_free+0x2b/0x40 [ 32.672514] [] pppol2tp_release+0x239/0x2e0 [ 32.678479] [] sock_release+0x96/0x1c0 [ 32.684023] [] sock_close+0x16/0x20 [ 32.689305] [] __fput+0x263/0x700 [ 32.694418] [] ____fput+0x15/0x20 [ 32.699619] [] task_work_run+0x10c/0x180 [ 32.705425] [] exit_to_usermode_loop+0xfc/0x120 [ 32.711749] [] do_syscall_64+0x364/0x490 [ 32.717461] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 32.724392] Code: 49 8d bc 24 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c6 00 00 00 4d 8b b4 24 80 01 00 00 41 ff 8e 80 00 00 00 74 69 e8 55 1d ca fd 4c 89 ea 48 b8 00 [ 32.752160] RIP [] l2tp_session_free+0x11c/0x200 [ 32.758730] RSP [ 32.762523] CR2: 0000000000000080 [ 32.766283] ---[ end trace 581ffc790fa0c145 ]--- [ 32.771053] Kernel panic - not syncing: Fatal exception [ 32.777222] Dumping ftrace buffer: [ 32.780783] (ftrace buffer empty) [ 32.784488] Kernel Offset: disabled [ 32.788095] Rebooting in 86400 seconds..