[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.467633] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.448180] random: sshd: uninitialized urandom read (32 bytes read) [ 23.821854] random: sshd: uninitialized urandom read (32 bytes read) [ 24.341566] random: sshd: uninitialized urandom read (32 bytes read) [ 47.646765] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. [ 53.170507] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/22 20:19:19 parsed 1 programs [ 54.364478] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/22 20:19:21 executed programs: 0 [ 55.716001] IPVS: Creating netns size=2536 id=1 [ 55.842935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.854284] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.899328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.910743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.954792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.965961] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.978199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.992020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.039908] ip (3935) used greatest stack depth: 23976 bytes left [ 56.499971] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.525975] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.532385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.539720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.772025] hrtimer: interrupt took 12715 ns [ 56.815268] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 56.833009] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.010982] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.028960] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.108773] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.206759] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.255681] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.453098] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.532347] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.561581] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.716090] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.918579] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 57.971108] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.041391] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.147486] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.208461] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.283000] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.646253] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.689972] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.775301] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 58.951076] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 59.420825] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 59.573102] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 59.592505] l2tp_core: tunl 4: sockfd_lookup(fd=7) returned -9 [ 59.643529] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 59.651853] IP: [] l2tp_session_create+0xc60/0x16f0 [ 59.658556] PGD 1c7387067 [ 59.661200] PUD 1b9ff4067 PMD 0 [ 59.664710] [ 59.666333] Oops: 0002 [#1] PREEMPT SMP KASAN [ 59.670812] Dumping ftrace buffer: [ 59.674360] (ftrace buffer empty) [ 59.678064] Modules linked in: [ 59.681361] CPU: 1 PID: 5285 Comm: syz-executor0 Not tainted 4.9.123-g8dd3fc2 #79 [ 59.688956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.698313] task: ffff8801c2dcb000 task.stack: ffff8801c1878000 [ 59.704352] RIP: 0010:[] [] l2tp_session_create+0xc60/0x16f0 [ 59.713469] RSP: 0018:ffff8801c187fac0 EFLAGS: 00010246 [ 59.718896] RAX: 0000000000000000 RBX: ffff8801b6cf7680 RCX: 1ffff100385b971d [ 59.726141] RDX: 1ffff10036d9ed70 RSI: ffff8801c2dcb8c8 RDI: ffff8801b6cf6b80 [ 59.733389] RBP: ffff8801c187fb60 R08: ffff8801c2dcb8e8 R09: 0000000000000000 [ 59.740636] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b6cf6a58 [ 59.747890] R13: 0000000000000000 R14: ffff8801b6cf6a00 R15: ffff8801c187fc78 [ 59.755155] FS: 00007f4df3ec7700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 59.763358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.769448] CR2: 0000000000000080 CR3: 00000001c2deb000 CR4: 00000000001606f0 [ 59.776696] Stack: [ 59.778823] 0000000000000201 ffffffff836ca141 ffff8801c187fae0 ffffffff81237f0d [ 59.786825] ffff8801b6cf6a00 ffff8801b6cf77d8 ffff8801b6cf6a58 ffff8801b6cf77d0 [ 59.794880] ffff8801b6cf7730 ffff8801b6cf6a20 0000000000000000 0000000000000000 [ 59.802897] Call Trace: [ 59.805478] [] ? l2tp_session_get+0x1d1/0x790 [ 59.811622] [] ? trace_hardirqs_on+0xd/0x10 [ 59.817576] [] pppol2tp_connect+0x10d7/0x18f0 [ 59.823703] [] ? pppol2tp_seq_show+0xc30/0xc30 [ 59.829926] [] ? security_socket_connect+0x8f/0xc0 [ 59.836504] [] SYSC_connect+0x1b8/0x300 [ 59.842126] [] ? SYSC_bind+0x280/0x280 [ 59.847660] [] ? __fd_install+0x24a/0x5d0 [ 59.853432] [] ? get_unused_fd_flags+0xd0/0xd0 [ 59.859653] [] ? do_futex+0x17c0/0x17c0 [ 59.865269] [] ? fd_install+0x4d/0x60 [ 59.870708] [] ? anon_inode_getfd+0x64/0x90 [ 59.876653] [] SyS_connect+0x24/0x30 [ 59.881994] [] ? SyS_accept+0x30/0x30 [ 59.887425] [] do_syscall_64+0x1a6/0x490 [ 59.893114] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 59.900009] Code: 00 00 49 8d be 80 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 7b 09 00 00 49 8b 86 80 01 00 00 ff 80 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 [ 59.927158] RIP [] l2tp_session_create+0xc60/0x16f0 [ 59.933938] RSP [ 59.937536] CR2: 0000000000000080 [ 59.941597] ---[ end trace 8974ba924e6d829f ]--- [ 59.946379] Kernel panic - not syncing: Fatal exception [ 59.952043] Dumping ftrace buffer: [ 59.955570] (ftrace buffer empty) [ 59.959254] Kernel Offset: disabled [ 59.962853] Rebooting in 86400 seconds..