[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   13.722093] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.342873] random: sshd: uninitialized urandom read (32 bytes read)
[   18.861872] random: sshd: uninitialized urandom read (32 bytes read)
[   19.369312] random: sshd: uninitialized urandom read (32 bytes read)
[   77.642254] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
[   83.182766] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/23 00:55:45 parsed 1 programs
[   84.309973] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/23 00:55:47 executed programs: 0
[   85.480695] IPVS: Creating netns size=2536 id=1
[   85.605669] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.616790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.660088] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   85.672019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   85.716637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   85.728039] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   85.739673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.760129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.250001] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   86.274779] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   86.280869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   86.288144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   86.774032] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[   86.782321] IP: [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   86.789009] PGD 1d3a06067 [   86.791665] PUD 1d4c8f067 
PMD 0 [   86.795137] 
[   86.796758] Oops: 0002 [#1] PREEMPT SMP KASAN
[   86.801224] Dumping ftrace buffer:
[   86.804774]    (ftrace buffer empty)
[   86.808463] Modules linked in:
[   86.811748] CPU: 1 PID: 4479 Comm: syz-executor0 Not tainted 4.9.123-g8dd3fc2 #27
[   86.819336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.828667] task: ffff8801d8d96000 task.stack: ffff8801b5cc8000
[   86.834699] RIP: 0010:[<ffffffff836c8e30>]  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   86.843807] RSP: 0018:ffff8801b5ccfac0  EFLAGS: 00010246
[   86.849230] RAX: 0000000000000000 RBX: ffff8801d40a4000 RCX: 1ffff1003b1b2d1d
[   86.856475] RDX: 1ffff1003a605120 RSI: ffff8801d8d968c8 RDI: ffff8801d3028900
[   86.863717] RBP: ffff8801b5ccfb60 R08: ffff8801d8d968e8 R09: 0000000000000000
[   86.870956] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d30287d8
[   86.878196] R13: 0000000000000000 R14: ffff8801d3028780 R15: ffff8801b5ccfc78
[   86.885438] FS:  00007fe8f47e4700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   86.893632] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.899486] CR2: 0000000000000080 CR3: 00000001d4d62000 CR4: 00000000001606f0
[   86.906735] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.914096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.921339] Stack:
[   86.923461]  0000000000000201 ffffffff836ca141 ffff8801b5ccfae0 ffffffff81237f0d
[   86.931469]  ffff8801d3028780 ffff8801d40a4158 ffff8801d30287d8 ffff8801d40a4150
[   86.939477]  ffff8801d40a40b0 ffff8801d30287a0 0000000000000000 0000000000000000
[   86.947470] Call Trace:
[   86.950036]  [<ffffffff836ca141>] ? l2tp_session_get+0x1d1/0x790
[   86.956159]  [<ffffffff81237f0d>] ? trace_hardirqs_on+0xd/0x10
[   86.962104]  [<ffffffff836cdfe7>] pppol2tp_connect+0x10d7/0x18f0
[   86.968221]  [<ffffffff836ccf10>] ? pppol2tp_seq_show+0xc30/0xc30
[   86.974496]  [<ffffffff81cf90cf>] ? security_socket_connect+0x8f/0xc0
[   86.981059]  [<ffffffff8301e958>] SYSC_connect+0x1b8/0x300
[   86.986657]  [<ffffffff8301e7a0>] ? SYSC_bind+0x280/0x280
[   86.992165]  [<ffffffff815dbcb0>] ? get_unused_fd_flags+0xd0/0xd0
[   86.998414]  [<ffffffff812db710>] ? do_futex+0x17c0/0x17c0
[   87.004015]  [<ffffffff815da451>] ? __fget+0x231/0x3b0
[   87.009438]  [<ffffffff815da267>] ? __fget+0x47/0x3b0
[   87.014710]  [<ffffffff83021224>] SyS_connect+0x24/0x30
[   87.020048]  [<ffffffff83021200>] ? SyS_accept+0x30/0x30
[   87.025470]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   87.031155]  [<ffffffff83a01c93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   87.038049] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 <f0> ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 
[   87.065105] RIP  [<ffffffff836c8e30>] l2tp_session_create+0xc60/0x16f0
[   87.071866]  RSP <ffff8801b5ccfac0>
[   87.075463] CR2: 0000000000000080
[   87.078894] BUG: unable to handle kernel [   87.079238] ---[ end trace 5a4371bfe6cdefb6 ]---
[   87.079241] Kernel panic - not syncing: Fatal exception
[   87.093115] NULL pointer dereference at 0000000000000080
[   87.098683] IP: [<ffffffff836c49bc>] l2tp_session_free+0x11c/0x200
[   87.105173] PGD 1d3a06067 [   87.107820] PUD 1d4c8f067 
PMD 0 [   87.111293] 
[   87.112913] Oops: 0002 [#2] PREEMPT SMP KASAN
[   87.117381] Dumping ftrace buffer:
[   87.120939]    (ftrace buffer empty)
[   87.124632] Modules linked in:
[   87.127993] CPU: 0 PID: 4478 Comm: syz-executor0 Tainted: G      D         4.9.123-g8dd3fc2 #27
[   87.136804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.146139] task: ffff8801d8c3e000 task.stack: ffff8801d9150000
[   87.152170] RIP: 0010:[<ffffffff836c49bc>]  [<ffffffff836c49bc>] l2tp_session_free+0x11c/0x200
[   87.161027] RSP: 0018:ffff8801d9157b48  EFLAGS: 00010246
[   87.166453] RAX: dffffc0000000000 RBX: ffff8801d40a4000 RCX: 0000000000000000
[   87.173767] RDX: 1ffff1003a605120 RSI: ffffffff836c4991 RDI: ffff8801d3028900
[   87.181021] RBP: ffff8801d9157b68 R08: ffff8801d8c3e8e8 R09: 0000000000000000
[   87.188265] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d3028780
[   87.195511] R13: ffff8801d40a4008 R14: 0000000000000000 R15: ffff8801d30287d8
[   87.202761] FS:  0000000001063940(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   87.210961] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.216813] CR2: 0000000000000080 CR3: 00000001d4d62000 CR4: 00000000001606f0
[   87.224061] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   87.231309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   87.238556] Stack:
[   87.240689]  ffff8801d40a40a8 dffffc0000000000 ffff8801d40a4000 0000000000000000
[   87.248677]  ffff8801d9157bc0 ffffffff836c5244 ffff8801d3028858 ffffed003a6050fb
[   87.256664]  ffff8801d30287d8 ffff8801d30287a0 ffff8801d3028780 ffff8801b5bc6180
[   87.264665] Call Trace:
[   87.267301]  [<ffffffff836c5244>] l2tp_tunnel_closeall+0x284/0x350
[   87.273600]  [<ffffffff836c5a72>] l2tp_tunnel_destruct+0x2f2/0x590
[   87.279891]  [<ffffffff836c592a>] ? l2tp_tunnel_destruct+0x1aa/0x590
[   87.286362]  [<ffffffff836c5780>] ? l2tp_tunnel_del_work+0x470/0x470
[   87.292836]  [<ffffffff8301abe0>] ? sock_release+0x1c0/0x1c0
[   87.298609]  [<ffffffff830280f5>] __sk_destruct+0x55/0x590
[   87.304207]  [<ffffffff8301abe0>] ? sock_release+0x1c0/0x1c0
[   87.309988]  [<ffffffff8302fb83>] sk_destruct+0x63/0x80
[   87.315322]  [<ffffffff8302fbef>] __sk_free+0x4f/0x220
[   87.320576]  [<ffffffff8302fdeb>] sk_free+0x2b/0x40
[   87.325640]  [<ffffffff836c4a3c>] l2tp_session_free+0x19c/0x200
[   87.331680]  [<ffffffff836cc2a2>] pppol2tp_session_destruct+0xd2/0x110
[   87.338360]  [<ffffffff836cc1d0>] ? pppol2tp_seq_start+0x4e0/0x4e0
[   87.344658]  [<ffffffff830280f5>] __sk_destruct+0x55/0x590
[   87.350257]  [<ffffffff8301abe0>] ? sock_release+0x1c0/0x1c0
[   87.356024]  [<ffffffff8302fb83>] sk_destruct+0x63/0x80
[   87.361363]  [<ffffffff8302fbef>] __sk_free+0x4f/0x220
[   87.366684]  [<ffffffff8302fdeb>] sk_free+0x2b/0x40
[   87.371680]  [<ffffffff836cf5a9>] pppol2tp_release+0x239/0x2e0
[   87.377634]  [<ffffffff8301aab6>] sock_release+0x96/0x1c0
[   87.383145]  [<ffffffff8301abf6>] sock_close+0x16/0x20
[   87.388404]  [<ffffffff8157cb13>] __fput+0x263/0x700
[   87.393488]  [<ffffffff8157d035>] ____fput+0x15/0x20
[   87.399253]  [<ffffffff8119a66c>] task_work_run+0x10c/0x180
[   87.404947]  [<ffffffff8100559c>] exit_to_usermode_loop+0xfc/0x120
[   87.411238]  [<ffffffff810064d4>] do_syscall_64+0x364/0x490
[   87.416945]  [<ffffffff83a01c93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   87.423846] Code: 49 8d bc 24 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c6 00 00 00 4d 8b b4 24 80 01 00 00 <f0> 41 ff 8e 80 00 00 00 74 69 e8 e5 c3 c9 fd 4c 89 ea 48 b8 00 
[   87.450945] RIP  [<ffffffff836c49bc>] l2tp_session_free+0x11c/0x200
[   87.457468]  RSP <ffff8801d9157b48>
[   87.461077] CR2: 0000000000000080
[   87.464877] Dumping ftrace buffer:
[   87.468420]    (ftrace buffer empty)
[   87.472105] Kernel Offset: disabled
[   87.475706] Rebooting in 86400 seconds..