[....] Starting enhanced syslogd: rsyslogd[ 14.319399] audit: type=1400 audit(1516749412.669:4): avc: denied { syslog } for pid=3177 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. syzkaller login: [ 25.525148] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.548532] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.568575] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.635780] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.690163] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.710010] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.711355] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.712680] l2tp_core: tunl 2: fd 3 wrong protocol, got 1, expected 17 [ 25.718532] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.751217] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.755278] l2tp_core: tunl 2: fd 3 wrong protocol, got 1, expected 17 [ 25.764679] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.798985] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.813359] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.829476] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.839095] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.867009] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.876947] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 [ 25.880451] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 25.898478] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 25.898492] IP: [] l2tp_session_create+0xc42/0x1770 [ 25.898497] PGD 80000001c74ab067 [ 25.898499] PUD 1c74ac067 [ 25.898500] PMD 0 [ 25.898501] [ 25.898506] Oops: 0002 [#1] PREEMPT SMP KASAN [ 25.898510] Dumping ftrace buffer: [ 25.898514] (ftrace buffer empty) [ 25.898517] Modules linked in: [ 25.898524] CPU: 0 PID: 3776 Comm: syzkaller109062 Not tainted 4.9.78-ge9dabe6 #28 [ 25.898527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.898531] task: ffff8801c8b76000 task.stack: ffff8801c7510000 [ 25.898541] RIP: 0010:[] [] l2tp_session_create+0xc42/0x1770 [ 25.898544] RSP: 0018:ffff8801c7517ab0 EFLAGS: 00010246 [ 25.898548] RAX: 0000000000000000 RBX: ffff8801c7709180 RCX: 0000000000000006 [ 25.898552] RDX: 1ffff1003912cc30 RSI: ffff8801c8b768b0 RDI: ffff8801c8966180 [ 25.898555] RBP: ffff8801c7517b50 R08: 0000000000000001 R09: 0000000000000000 [ 25.898558] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c8966058 [ 25.898561] R13: 0000000000007fff R14: 0000000000000000 R15: ffff8801c8966000 [ 25.898567] FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f774db40 [ 25.898571] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 25.898574] CR2: 0000000000000080 CR3: 00000001c8166000 CR4: 0000000000160670 [ 25.898580] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.898583] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.898585] Stack: [ 25.898593] 0000000000000201 ffffffff83587c6e ffff8801c7517ad0 ffffffff8123b7fd [ 25.898601] ffff8801c8966000 ffff8801c8966058 ffff8801c77092d8 ffff8801c77092d0 [ 25.898610] ffff8801c7709230 ffff8801c8966020 0000000000000000 ffff8801c89660e0 [ 25.898611] Call Trace: [ 25.898619] [] ? l2tp_session_get+0x1ce/0x770 [ 25.898629] [] ? trace_hardirqs_on+0xd/0x10 [ 25.898636] [] pppol2tp_connect+0x10fe/0x18f0 [ 25.898643] [] ? pppol2tp_seq_show+0xc20/0xc20 [ 25.898654] [] ? check_preemption_disabled+0x3b/0x200 [ 25.898663] [] ? check_stack_object+0x68/0x140 [ 25.898672] [] ? security_socket_connect+0x89/0xb0 [ 25.898680] [] SYSC_connect+0x1b6/0x310 [ 25.898687] [] ? SYSC_bind+0x280/0x280 [ 25.898694] [] ? up_read+0x1a/0x40 [ 25.898702] [] ? __do_page_fault+0x3bd/0xd40 [ 25.898708] [] SyS_connect+0x24/0x30 [ 25.898713] [] ? SyS_accept+0x30/0x30 [ 25.898728] [] do_fast_syscall_32+0x2f7/0x890 [ 25.898734] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.898742] [] entry_SYSENTER_compat+0x74/0x83 [ 25.898837] Code: 00 00 49 8d bf 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 d8 08 00 00 49 8b 87 80 01 00 00 ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 c8 [ 25.898847] RIP [] l2tp_session_create+0xc42/0x1770 [ 25.898849] RSP [ 25.898851] CR2: 0000000000000080 [ 25.898859] ---[ end trace 21266c293fffb4fc ]--- [ 25.898862] Kernel panic - not syncing: Fatal exception [ 25.906696] Dumping ftrace buffer: [ 25.906698] (ftrace buffer empty) [ 25.906700] Kernel Offset: disabled [ 26.223902] Rebooting in 86400 seconds..