[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.868204] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.497714] random: sshd: uninitialized urandom read (32 bytes read) [ 20.926630] random: sshd: uninitialized urandom read (32 bytes read) [ 21.387405] random: sshd: uninitialized urandom read (32 bytes read) [ 21.517757] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. [ 27.102265] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/21 06:48:57 parsed 1 programs [ 28.675697] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/21 06:49:00 executed programs: 0 [ 29.878505] IPVS: Creating netns size=2536 id=1 [ 29.912935] IPVS: Creating netns size=2536 id=2 [ 29.941272] IPVS: Creating netns size=2536 id=3 [ 29.961821] IPVS: Creating netns size=2536 id=4 [ 29.989976] IPVS: Creating netns size=2536 id=5 [ 30.035589] IPVS: Creating netns size=2536 id=6 [ 30.091929] IPVS: Creating netns size=2536 id=7 [ 30.139301] IPVS: Creating netns size=2536 id=8 [ 30.252890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.310158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.438977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.479408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.557278] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 30.597492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 30.630199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.641892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.659592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.679391] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.692043] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.724406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.733794] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.770918] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.798212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 30.825638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.836473] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 30.847434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 30.889371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 30.904603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.916736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.962263] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 30.987966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.999092] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 31.013877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 31.027547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 31.036407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 31.047903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 31.060363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 31.067369] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 31.088906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.096296] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 31.119683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 31.129591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.166989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.179796] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.189644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.197129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.247921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.277048] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 31.302318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.313436] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 31.330000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.338407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.347004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.359054] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 31.369363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.377202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.385346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.401427] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.411207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.418753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 31.427239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.436698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.444704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.452781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.460616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.467569] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.480737] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.494291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.509003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.516581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.531376] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.539399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.564910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.574392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.585025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.592770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.602278] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.614677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.627233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.643479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.653480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.661549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.722525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.733365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 31.753294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.785818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 31.809053] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.820332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.831676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.848245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.859136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.868369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.878018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.888311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.896262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.906379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.917014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.924633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.413577] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.496482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.553749] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.571978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.580587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.655087] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.693810] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.708130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.718408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.770248] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.823502] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.838541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.846507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.862698] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.928378] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.942666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.950884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.960628] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.052955] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 35.066747] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.074903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 35.082290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.134219] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 35.143244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 35.152540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.207242] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 35.221028] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.229059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 35.235775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.359299] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 35.365522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 35.375731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/08/21 06:49:06 executed programs: 8 [ 37.598185] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 39.086829] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 39.621533] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 39.748629] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 39.756937] IP: [] l2tp_session_create+0xc60/0x16f0 [ 39.763901] PGD 1b50b6067 [ 39.766563] PUD 1d5080067 PMD 0 [ 39.770300] [ 39.772060] Oops: 0002 [#1] PREEMPT SMP KASAN [ 39.776662] Dumping ftrace buffer: [ 39.780186] (ftrace buffer empty) [ 39.783882] Modules linked in: [ 39.787190] CPU: 0 PID: 7912 Comm: syz-executor3 Not tainted 4.9.122-g54068d6 #30 [ 39.794792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.804149] task: ffff8801d3d8e000 task.stack: ffff8801cf3a0000 [ 39.810296] RIP: 0010:[] [] l2tp_session_create+0xc60/0x16f0 [ 39.819468] RSP: 0018:ffff8801cf3a7ab0 EFLAGS: 00010246 [ 39.824902] RAX: 0000000000000000 RBX: ffff8801cfd93680 RCX: 1ffff1003a7b1d1d [ 39.832163] RDX: 1ffff10039ee6430 RSI: ffff8801d3d8e8c8 RDI: ffff8801cf732180 [ 39.839620] RBP: ffff8801cf3a7b50 R08: ffff8801d3d8e8e8 R09: 0000000000000000 [ 39.846919] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801cf732058 [ 39.854174] R13: 0000000000000000 R14: ffff8801cf732000 R15: 0000000000000000 [ 39.861471] FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f7700b40 [ 39.869682] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 39.875549] CR2: 0000000000000080 CR3: 00000001c576d000 CR4: 00000000001606f0 [ 39.882808] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.890079] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.897331] Stack: [ 39.899468] ffffffff836c80b7 ffffffff836c9151 ffff8801b5272a48 0000000000000000 [ 39.907512] ffff8801cf732000 ffff8801cfd937d8 ffff8801cf732058 ffff8801cfd937d0 [ 39.915630] ffff8801cfd93730 ffff8801cf732020 ffff8801b5272200 0000000000000000 [ 39.923674] Call Trace: [ 39.926249] [] ? l2tp_session_create+0xed7/0x16f0 [ 39.932726] [] ? l2tp_session_get+0x1d1/0x790 [ 39.938914] [] pppol2tp_connect+0x10d7/0x18f0 [ 39.945045] [] ? pppol2tp_seq_show+0xc30/0xc30 [ 39.951266] [] ? security_socket_connect+0x8f/0xc0 [ 39.957854] [] SYSC_connect+0x1b8/0x300 [ 39.963468] [] ? SYSC_bind+0x280/0x280 [ 39.968994] [] ? get_unused_fd_flags+0xd0/0xd0 [ 39.975256] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 39.982256] [] ? SyS_socket+0x121/0x1b0 [ 39.987879] [] ? move_addr_to_kernel+0x50/0x50 [ 39.994096] [] SyS_connect+0x24/0x30 [ 39.999499] [] ? SyS_accept+0x30/0x30 [ 40.004982] [] do_fast_syscall_32+0x2f7/0x870 [ 40.011125] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.017814] [] entry_SYSENTER_compat+0x90/0xa2 [ 40.024058] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 [ 40.052157] RIP [] l2tp_session_create+0xc60/0x16f0 [ 40.058945] RSP [ 40.062554] CR2: 0000000000000080 [ 40.070463] ---[ end trace 337317a31cce69d2 ]--- [ 40.075324] Kernel panic - not syncing: Fatal exception [ 40.081368] Dumping ftrace buffer: [ 40.084905] (ftrace buffer empty) [ 40.088630] Kernel Offset: disabled [ 40.092416] Rebooting in 86400 seconds..