[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   14.149622] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.841741] random: sshd: uninitialized urandom read (32 bytes read)
[   28.115823] random: sshd: uninitialized urandom read (32 bytes read)
[   28.505723] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
[   34.099507] urandom_read: 1 callbacks suppressed
[   34.099511] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/22 21:32:26 parsed 1 programs
[   35.208840] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/22 21:32:28 executed programs: 0
[   36.567474] IPVS: Creating netns size=2536 id=1
[   36.600590] IPVS: Creating netns size=2536 id=2
[   36.622951] IPVS: Creating netns size=2536 id=3
[   36.655849] IPVS: Creating netns size=2536 id=4
[   36.705081] IPVS: Creating netns size=2536 id=5
[   36.746126] IPVS: Creating netns size=2536 id=6
[   36.766354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   36.790461] IPVS: Creating netns size=2536 id=7
[   36.802138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   36.839968] IPVS: Creating netns size=2536 id=8
[   36.971427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   36.984488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   36.995443] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.007126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.039390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.058198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.161985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.170618] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.185852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.193333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.205146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.213829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.221348] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.229650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.240914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.257568] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.288817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.308935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.343407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.351487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.364431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.377342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.393550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.401465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.415244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.422379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.440476] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.469101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.478327] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.494989] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.503030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.512388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.524181] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.532093] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.545336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.552989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.570059] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.583546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.591503] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.614951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.621945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.634950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.644234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.670988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.685460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.697616] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   37.706307] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.716892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.728406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.742644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   37.751782] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   37.759401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.767605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.775572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.783033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.791983] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.803910] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.838519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.869468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   37.880108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.889098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.903087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.912644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   37.929904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.938627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.953781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.962214] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.979294] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   37.990859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.999678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.012387] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   38.020514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   38.031413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   38.041289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.057582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   38.069761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   38.081099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.095924] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   38.104089] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   38.112671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.101616] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.266516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   40.278648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.288736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.299978] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.426988] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   40.436098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.442730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.451977] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.591139] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   40.607518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.615995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.624831] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.702954] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.787239] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   40.801460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.809040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.875898] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   40.882621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.894176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.919057] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.002785] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.052588] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.082868] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   41.094978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.101778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.156826] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   41.163002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.177489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.234752] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   41.240968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.248346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/22 21:32:33 executed programs: 8
[   42.341642] l2tp_core: tunl 4: sockfd_lookup(fd=11) returned -9
[   42.529450] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[   42.537769] IP: [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   42.544512] PGD 1d7873067 [   42.547171] PUD 1c3e3b067 
PMD 0 [   42.550711] 
[   42.552364] Oops: 0002 [#1] PREEMPT SMP KASAN
[   42.556850] Dumping ftrace buffer:
[   42.560416]    (ftrace buffer empty)
[   42.564134] Modules linked in:
[   42.567437] CPU: 1 PID: 6957 Comm: syz-executor5 Not tainted 4.9.123-g8dd3fc2 #27
[   42.575029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.584369] task: ffff8801b7c8e000 task.stack: ffff8801bc070000
[   42.590399] RIP: 0010:[<ffffffff836c8e30>]  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   42.599514] RSP: 0018:ffff8801bc077ac0  EFLAGS: 00010246
[   42.604942] RAX: 0000000000000000 RBX: ffff8801b793ac80 RCX: 1ffff10036f91d1d
[   42.612211] RDX: 1ffff10036f277a0 RSI: ffff8801b7c8e8c8 RDI: ffff8801b793bd00
[   42.619487] RBP: ffff8801bc077b60 R08: ffff8801b7c8e8e8 R09: 0000000000000000
[   42.626734] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b793bbd8
[   42.633981] R13: 0000000000000000 R14: ffff8801b793bb80 R15: 0000000000000000
[   42.641251] FS:  00007f512f7b7700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   42.649473] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.655333] CR2: 0000000000000080 CR3: 00000001bd6cd000 CR4: 00000000001606f0
[   42.662628] Stack:
[   42.664788]  ffffffff836c90a7 ffffffff836ca141 ffff8801d3b9dd48 0000000000000000
[   42.672805]  ffff8801b793bb80 ffff8801b793add8 ffff8801b793bbd8 ffff8801b793add0
[   42.680837]  ffff8801b793ad30 ffff8801b793bba0 ffff8801d3b9d500 0000000000000000
[   42.688896] Call Trace:
[   42.691472]  [<ffffffff836c90a7>] ? l2tp_session_create+0xed7/0x16f0
[   42.697958]  [<ffffffff836ca141>] ? l2tp_session_get+0x1d1/0x790
[   42.704100]  [<ffffffff836cdfe7>] pppol2tp_connect+0x10d7/0x18f0
[   42.710232]  [<ffffffff836ccf10>] ? pppol2tp_seq_show+0xc30/0xc30
[   42.716478]  [<ffffffff81cf90cf>] ? security_socket_connect+0x8f/0xc0
[   42.723060]  [<ffffffff8301e958>] SYSC_connect+0x1b8/0x300
[   42.728670]  [<ffffffff8301e7a0>] ? SYSC_bind+0x280/0x280
[   42.734195]  [<ffffffff815dbcb0>] ? get_unused_fd_flags+0xd0/0xd0
[   42.740435]  [<ffffffff812db710>] ? do_futex+0x17c0/0x17c0
[   42.746052]  [<ffffffff83020951>] ? SyS_socket+0x121/0x1b0
[   42.751653]  [<ffffffff83020830>] ? move_addr_to_kernel+0x50/0x50
[   42.757862]  [<ffffffff83021224>] SyS_connect+0x24/0x30
[   42.763233]  [<ffffffff83021200>] ? SyS_accept+0x30/0x30
[   42.768662]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   42.774351]  [<ffffffff83a01c93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   42.781254] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 <f0> ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 
[   42.808729] RIP  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   42.815512]  RSP <ffff8801bc077ac0>
[   42.819157] CR2: 0000000000000080
[   42.823776] ---[ end trace 6c0637e188167a3c ]---
[   42.828554] Kernel panic - not syncing: Fatal exception
[   42.834216] Dumping ftrace buffer:
[   42.837743]    (ftrace buffer empty)
[   42.841425] Kernel Offset: disabled
[   42.845025] Rebooting in 86400 seconds..