[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.845246] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.231374] random: sshd: uninitialized urandom read (32 bytes read)
[   18.563741] random: sshd: uninitialized urandom read (32 bytes read)
[   19.046269] random: sshd: uninitialized urandom read (32 bytes read)
[   35.300243] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
[   40.882797] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/22 22:27:12 parsed 1 programs
[   42.565290] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/22 22:27:14 executed programs: 0
[   43.920964] IPVS: Creating netns size=2536 id=1
[   44.047297] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   44.058568] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   44.101938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   44.113721] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   44.157386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.168808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.180926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.194420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.702632] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.728733] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   44.734976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.742679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.963293] hrtimer: interrupt took 25859 ns
[   45.160432] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   45.415299] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   45.565832] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   45.628207] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   45.697868] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   45.800520] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9
[   46.042447] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[   46.050720] IP: [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   46.057399] PGD 1cfb78067 [   46.060038] PUD 1d32a0067 
PMD 0 [   46.063512] 
[   46.065130] Oops: 0002 [#1] PREEMPT SMP KASAN
[   46.069597] Dumping ftrace buffer:
[   46.073111]    (ftrace buffer empty)
[   46.076821] Modules linked in:
[   46.080104] CPU: 0 PID: 4672 Comm: syz-executor0 Not tainted 4.9.123-g8dd3fc2 #31
[   46.087705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.097036] task: ffff8801cdca0000 task.stack: ffff8801cdab0000
[   46.103070] RIP: 0010:[<ffffffff836c8e30>]  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   46.112187] RSP: 0018:ffff8801cdab7ab0  EFLAGS: 00010246
[   46.117613] RAX: 0000000000000000 RBX: ffff8801d0163180 RCX: 1ffff10039b9411d
[   46.124899] RDX: 1ffff1003a02c5c0 RSI: ffff8801cdca08c8 RDI: ffff8801d0162e00
[   46.132168] RBP: ffff8801cdab7b50 R08: ffff8801cdca08e8 R09: 0000000000000000
[   46.139456] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d0162cd8
[   46.146704] R13: 0000000000000000 R14: ffff8801d0162c80 R15: ffff8801cdab7c68
[   46.153964] FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f778ab40
[   46.162163] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   46.168019] CR2: 0000000000000080 CR3: 00000001d00ee000 CR4: 00000000001606f0
[   46.175279] Stack:
[   46.177404]  0000000000000201 ffffffff836ca141 ffff8801cdab7ad0 ffffffff81237f0d
[   46.185412]  ffff8801d0162c80 ffff8801d01632d8 ffff8801d0162cd8 ffff8801d01632d0
[   46.193416]  ffff8801d0163230 ffff8801d0162ca0 0000000000000000 0000000000000000
[   46.201425] Call Trace:
[   46.203990]  [<ffffffff836ca141>] ? l2tp_session_get+0x1d1/0x790
[   46.210112]  [<ffffffff81237f0d>] ? trace_hardirqs_on+0xd/0x10
[   46.216057]  [<ffffffff836cdfe7>] pppol2tp_connect+0x10d7/0x18f0
[   46.222182]  [<ffffffff836ccf10>] ? pppol2tp_seq_show+0xc30/0xc30
[   46.228389]  [<ffffffff8123cf93>] ? lock_acquire+0x173/0x3e0
[   46.234159]  [<ffffffff81cf90cf>] ? security_socket_connect+0x8f/0xc0
[   46.240712]  [<ffffffff8301e958>] SYSC_connect+0x1b8/0x300
[   46.246310]  [<ffffffff8301e7a0>] ? SYSC_bind+0x280/0x280
[   46.251824]  [<ffffffff812dc050>] ? compat_SyS_get_robust_list+0x310/0x310
[   46.258817]  [<ffffffff83020830>] ? move_addr_to_kernel+0x50/0x50
[   46.265030]  [<ffffffff83021224>] SyS_connect+0x24/0x30
[   46.270368]  [<ffffffff83021200>] ? SyS_accept+0x30/0x30
[   46.275791]  [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870
[   46.281910]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.288554]  [<ffffffff83a03390>] entry_SYSENTER_compat+0x90/0xa2
[   46.294757] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 <f0> ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 
[   46.321922] RIP  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   46.328684]  RSP <ffff8801cdab7ab0>
[   46.332282] CR2: 0000000000000080
[   46.336654] ---[ end trace 1aec69bdd871b3a9 ]---
[   46.341657] Kernel panic - not syncing: Fatal exception
[   46.347324] Dumping ftrace buffer:
[   46.350845]    (ftrace buffer empty)
[   46.354528] Kernel Offset: disabled
[   46.358126] Rebooting in 86400 seconds..