[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.429419] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.623327] random: sshd: uninitialized urandom read (32 bytes read) [ 20.938272] random: sshd: uninitialized urandom read (32 bytes read) [ 21.453725] random: sshd: uninitialized urandom read (32 bytes read) [ 31.033137] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 36.651430] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/22 19:54:53 parsed 1 programs [ 37.714498] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/22 19:54:55 executed programs: 0 [ 39.000938] IPVS: Creating netns size=2536 id=1 [ 39.126302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.137733] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.180243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 39.191340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 39.234280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 39.245316] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 39.257369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.278099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.762643] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.787561] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 39.793657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.800854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.225561] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 40.233866] IP: [] l2tp_session_create+0xc60/0x16f0 [ 40.240554] PGD 1d46b7067 [ 40.243195] PUD 1d488a067 PMD 0 [ 40.246670] [ 40.248284] Oops: 0002 [#1] PREEMPT SMP KASAN [ 40.252751] Dumping ftrace buffer: [ 40.256277] (ftrace buffer empty) [ 40.259961] Modules linked in: [ 40.263280] CPU: 0 PID: 4378 Comm: syz-executor0 Not tainted 4.9.123-g8dd3fc2 #79 [ 40.270888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.280221] task: ffff8801d487e000 task.stack: ffff8801d4738000 [ 40.286249] RIP: 0010:[] [] l2tp_session_create+0xc60/0x16f0 [ 40.295357] RSP: 0018:ffff8801d473fac0 EFLAGS: 00010246 [ 40.300777] RAX: 0000000000000000 RBX: ffff8801d47e3680 RCX: 1ffff1003a90fd1d [ 40.308021] RDX: 1ffff1003a8fc660 RSI: ffff8801d487e8c8 RDI: ffff8801d47e3300 [ 40.315278] RBP: ffff8801d473fb60 R08: ffff8801d487e8e8 R09: 0000000000000000 [ 40.322517] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d47e31d8 [ 40.329769] R13: 0000000000000000 R14: ffff8801d47e3180 R15: ffff8801d473fc78 [ 40.337014] FS: 00007f84348f4700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 40.345242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.351098] CR2: 0000000000000080 CR3: 00000001d4492000 CR4: 00000000001606f0 [ 40.358348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.365595] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.372838] Stack: [ 40.374958] 0000000000000201 ffffffff836ca141 ffff8801d473fae0 ffffffff81237f0d [ 40.382943] ffff8801d47e3180 ffff8801d47e37d8 ffff8801d47e31d8 ffff8801d47e37d0 [ 40.390939] ffff8801d47e3730 ffff8801d47e31a0 0000000000000000 0000000000000000 [ 40.398923] Call Trace: [ 40.401489] [] ? l2tp_session_get+0x1d1/0x790 [ 40.407721] [] ? trace_hardirqs_on+0xd/0x10 [ 40.413669] [] pppol2tp_connect+0x10d7/0x18f0 [ 40.419785] [] ? pppol2tp_seq_show+0xc30/0xc30 [ 40.425992] [] ? security_socket_connect+0x8f/0xc0 [ 40.432547] [] SYSC_connect+0x1b8/0x300 [ 40.438142] [] ? SYSC_bind+0x280/0x280 [ 40.443655] [] ? get_unused_fd_flags+0xd0/0xd0 [ 40.449858] [] ? do_futex+0x17c0/0x17c0 [ 40.455457] [] ? __fget+0x231/0x3b0 [ 40.460711] [] ? __fget+0x47/0x3b0 [ 40.465883] [] SyS_connect+0x24/0x30 [ 40.471221] [] ? SyS_accept+0x30/0x30 [ 40.476720] [] do_syscall_64+0x1a6/0x490 [ 40.482418] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 40.489314] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 [ 40.516202] RIP [] l2tp_session_create+0xc60/0x16f0 [ 40.522960] RSP [ 40.526556] CR2: 0000000000000080 [ 40.529988] BUG: unable to handle kernel [ 40.531490] ---[ end trace 5e54448028eb4d3d ]--- [ 40.531493] Kernel panic - not syncing: Fatal exception [ 40.544097] NULL pointer dereference at 0000000000000080 [ 40.549658] IP: [] l2tp_session_free+0x11c/0x200 [ 40.556196] PGD 1d46b7067 [ 40.558841] PUD 1d488a067 PMD 0 [ 40.562327] [ 40.563957] Oops: 0002 [#2] PREEMPT SMP KASAN [ 40.568429] Dumping ftrace buffer: [ 40.571947] (ftrace buffer empty) [ 40.575630] Modules linked in: [ 40.578923] CPU: 1 PID: 4377 Comm: syz-executor0 Tainted: G D 4.9.123-g8dd3fc2 #79 [ 40.587893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.597227] task: ffff8801d5326000 task.stack: ffff8801d4298000 [ 40.603404] RIP: 0010:[] [] l2tp_session_free+0x11c/0x200 [ 40.612258] RSP: 0018:ffff8801d429fb48 EFLAGS: 00010246 [ 40.617681] RAX: dffffc0000000000 RBX: ffff8801d47e3680 RCX: 0000000000000000 [ 40.624983] RDX: 1ffff1003a8fc660 RSI: ffffffff836c4991 RDI: ffff8801d47e3300 [ 40.632233] RBP: ffff8801d429fb68 R08: ffff8801d53268e8 R09: 0000000000000000 [ 40.639479] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d47e3180 [ 40.646731] R13: ffff8801d47e3688 R14: 0000000000000000 R15: ffff8801d47e31d8 [ 40.653983] FS: 00000000015d6940(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 40.662184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.668044] CR2: 0000000000000080 CR3: 00000001d4492000 CR4: 00000000001606f0 [ 40.675293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.682543] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.689787] Stack: [ 40.691926] ffff8801d47e3728 dffffc0000000000 ffff8801d47e3680 0000000000000000 [ 40.699907] ffff8801d429fbc0 ffffffff836c5244 ffff8801d47e3258 ffffed003a8fc63b [ 40.707888] ffff8801d47e31d8 ffff8801d47e31a0 ffff8801d47e3180 ffff8801d4bb6e80 [ 40.715878] Call Trace: [ 40.718444] [] l2tp_tunnel_closeall+0x284/0x350 [ 40.724747] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 40.731039] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 40.737514] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 40.744064] [] ? sock_release+0x1c0/0x1c0 [ 40.749846] [] __sk_destruct+0x55/0x590 [ 40.755503] [] ? sock_release+0x1c0/0x1c0 [ 40.761283] [] sk_destruct+0x63/0x80 [ 40.767035] [] __sk_free+0x4f/0x220 [ 40.772293] [] sk_free+0x2b/0x40 [ 40.777281] [] l2tp_session_free+0x19c/0x200 [ 40.783313] [] pppol2tp_session_destruct+0xd2/0x110 [ 40.789950] [] ? pppol2tp_seq_start+0x4e0/0x4e0 [ 40.796244] [] __sk_destruct+0x55/0x590 [ 40.801839] [] ? sock_release+0x1c0/0x1c0 [ 40.807617] [] sk_destruct+0x63/0x80 [ 40.812964] [] __sk_free+0x4f/0x220 [ 40.818218] [] sk_free+0x2b/0x40 [ 40.823208] [] pppol2tp_release+0x239/0x2e0 [ 40.829481] [] sock_release+0x96/0x1c0 [ 40.834995] [] sock_close+0x16/0x20 [ 40.840246] [] __fput+0x263/0x700 [ 40.845328] [] ____fput+0x15/0x20 [ 40.850412] [] task_work_run+0x10c/0x180 [ 40.856098] [] exit_to_usermode_loop+0xfc/0x120 [ 40.862400] [] do_syscall_64+0x364/0x490 [ 40.868097] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 40.874991] Code: 49 8d bc 24 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c6 00 00 00 4d 8b b4 24 80 01 00 00 41 ff 8e 80 00 00 00 74 69 e8 e5 c3 c9 fd 4c 89 ea 48 b8 00 [ 40.902089] RIP [] l2tp_session_free+0x11c/0x200 [ 40.908602] RSP [ 40.912201] CR2: 0000000000000080 [ 40.915905] Dumping ftrace buffer: [ 40.919457] (ftrace buffer empty) [ 40.923141] Kernel Offset: disabled [ 40.926739] Rebooting in 86400 seconds..