[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.621817] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.176299] random: sshd: uninitialized urandom read (32 bytes read) [ 20.423087] random: sshd: uninitialized urandom read (32 bytes read) [ 20.944749] random: sshd: uninitialized urandom read (32 bytes read) [ 40.366852] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. [ 45.871019] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/29 00:05:42 parsed 1 programs [ 46.987834] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/29 00:05:44 executed programs: 0 [ 48.016413] IPVS: Creating netns size=2536 id=1 [ 48.149154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.161221] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.207532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.219259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.265933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.277976] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.290756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.305327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.837317] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.864681] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.871269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.878379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.091472] hrtimer: interrupt took 15039 ns [ 49.179891] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.259657] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.319661] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.518633] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.678283] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.727526] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.764509] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 49.900070] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 49.908472] IP: [] l2tp_session_create+0xc60/0x16f0 [ 49.915339] PGD 1ce8f6067 [ 49.918002] PUD 1ced88067 PMD 0 [ 49.921817] [ 49.923463] Oops: 0002 [#1] PREEMPT SMP KASAN [ 49.928103] Dumping ftrace buffer: [ 49.931650] (ftrace buffer empty) [ 49.935485] Modules linked in: [ 49.938940] CPU: 1 PID: 4580 Comm: syz-executor0 Not tainted 4.9.124-g09eb2ba #83 [ 49.946810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.956255] task: ffff8801cf258000 task.stack: ffff8801ce970000 [ 49.962433] RIP: 0010:[] [] l2tp_session_create+0xc60/0x16f0 [ 49.971792] RSP: 0018:ffff8801ce977ac0 EFLAGS: 00010246 [ 49.977369] RAX: 0000000000000000 RBX: ffff8801ce8fac80 RCX: 1ffff10039e4b11d [ 49.984875] RDX: 1ffff10039d1f6b0 RSI: ffff8801cf2588c8 RDI: ffff8801ce8fb580 [ 49.992331] RBP: ffff8801ce977b60 R08: ffff8801cf2588e8 R09: 0000000000000000 [ 49.999752] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801ce8fb458 [ 50.007024] R13: 0000000000000000 R14: ffff8801ce8fb400 R15: ffff8801ce977c78 [ 50.014508] FS: 00007fe749dbd700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 50.023121] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.028994] CR2: 0000000000000080 CR3: 00000001cea09000 CR4: 00000000001606f0 [ 50.036631] Stack: [ 50.038777] 0000000000000201 ffffffff836c9ec1 ffff8801ce977ae0 ffffffff812383ad [ 50.047383] ffff8801ce8fb400 ffff8801ce8fadd8 ffff8801ce8fb458 ffff8801ce8fadd0 [ 50.055732] ffff8801ce8fad30 ffff8801ce8fb420 0000000000000000 0000000000000000 [ 50.063798] Call Trace: [ 50.066508] [] ? l2tp_session_get+0x1d1/0x790 [ 50.072783] [] ? trace_hardirqs_on+0xd/0x10 [ 50.078898] [] pppol2tp_connect+0x10d7/0x18f0 [ 50.085209] [] ? pppol2tp_seq_show+0xc30/0xc30 [ 50.091455] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 50.098283] [] ? check_preemption_disabled+0x3b/0x170 [ 50.105139] [] ? retint_kernel+0x2d/0x2d [ 50.111126] [] ? security_socket_connect+0x8f/0xc0 [ 50.117763] [] SYSC_connect+0x1b8/0x300 [ 50.123385] [] ? SYSC_bind+0x280/0x280 [ 50.129088] [] ? do_futex+0x17c0/0x17c0 [ 50.134839] [] ? move_addr_to_kernel+0x50/0x50 [ 50.141066] [] SyS_connect+0x24/0x30 [ 50.146425] [] ? SyS_accept+0x30/0x30 [ 50.151870] [] do_syscall_64+0x1a6/0x490 [ 50.157577] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 50.164643] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 [ 50.193118] RIP [] l2tp_session_create+0xc60/0x16f0 [ 50.199930] RSP [ 50.203546] CR2: 0000000000000080 [ 50.208647] ---[ end trace 66e7c5378dad20d9 ]--- [ 50.213721] Kernel panic - not syncing: Fatal exception [ 50.219742] Dumping ftrace buffer: [ 50.223289] (ftrace buffer empty) [ 50.226992] Kernel Offset: disabled [ 50.230640] Rebooting in 86400 seconds..