[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   12.493464] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.616576] random: sshd: uninitialized urandom read (32 bytes read)
[   16.889573] random: sshd: uninitialized urandom read (32 bytes read)
[   17.645307] random: sshd: uninitialized urandom read (32 bytes read)
[   29.272048] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts.
[   34.675684] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   34.792838] BUG: sleeping function called from invalid context at net/core/sock.c:2502
[   34.800900] in_atomic(): 1, irqs_disabled(): 0, pid: 3762, name: syz-executor992
[   34.808440] 1 lock held by syz-executor992/3762:
[   34.813203]  #0:  (rcu_callback){......}, at: [<ffffffff8128586e>] rcu_process_callbacks+0x98e/0x12b0
[   34.823037] Preemption disabled at:[   34.826469] [<ffffffff81f1ba94>] debug_check_no_obj_freed+0x164/0x930
[   34.833064] CPU: 0 PID: 3762 Comm: syz-executor992 Not tainted 4.9.98-gf679e4d #14
[   34.840741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.850077]  ffff8801db207cd8 ffffffff81eb0fc9 ffffffff81f1ba94 0000000000000000
[   34.858054]  0000000000000101 ffff8801bda3c800 ffff8801bda3c800 ffff8801db207d10
[   34.866144]  ffffffff81422310 ffff8801bda3c800 ffffffff840f5f60 00000000000009c6
[   34.874130] Call Trace:
[   34.876684]  <IRQ> [   34.878723]  [<ffffffff81eb0fc9>] dump_stack+0xc1/0x128
[   34.884081]  [<ffffffff81f1ba94>] ? debug_check_no_obj_freed+0x164/0x930
[   34.890903]  [<ffffffff81422310>] ___might_sleep.cold.123+0x1bc/0x1f5
[   34.897454]  [<ffffffff811b9335>] __might_sleep+0x95/0x1a0
[   34.903050]  [<ffffffff81233ae6>] ? trace_hardirqs_on_caller+0x266/0x590
[   34.909861]  [<ffffffff83020614>] lock_sock_nested+0x34/0x120
[   34.915716]  [<ffffffff8341c369>] inet_shutdown+0x69/0x360
[   34.921312]  [<ffffffff836be590>] ? pppol2tp_recvmsg+0x280/0x280
[   34.927425]  [<ffffffff836be630>] pppol2tp_session_close+0xa0/0xe0
[   34.933711]  [<ffffffff836b7e61>] l2tp_tunnel_closeall+0x231/0x350
[   34.939998]  [<ffffffff836b86e2>] l2tp_tunnel_destruct+0x2f2/0x590
[   34.946294]  [<ffffffff836b859a>] ? l2tp_tunnel_destruct+0x1aa/0x590
[   34.952758]  [<ffffffff836b83f0>] ? l2tp_tunnel_del_work+0x470/0x470
[   34.959224]  [<ffffffff8301d095>] __sk_destruct+0x55/0x590
[   34.964820]  [<ffffffff8128578e>] rcu_process_callbacks+0x8ae/0x12b0
[   34.971283]  [<ffffffff8128586e>] ? rcu_process_callbacks+0x98e/0x12b0
[   34.977928]  [<ffffffff8301d040>] ? sock_set_timeout+0x210/0x210
[   34.984046]  [<ffffffff839fb23b>] __do_softirq+0x20b/0x937
[   34.989643]  [<ffffffff81149037>] irq_exit+0x147/0x190
[   34.994890]  [<ffffffff839f9e21>] smp_apic_timer_interrupt+0x81/0xa0
[   35.001363]  [<ffffffff839f5fb0>] apic_timer_interrupt+0xa0/0xb0
[   35.007483]  <EOI> [   35.009521]  [<ffffffff839f3d5f>] ? _raw_spin_unlock_irqrestore+0x5f/0x70
[   35.016436]  [<ffffffff81f1bc1c>] debug_check_no_obj_freed+0x2ec/0x930
[   35.023071]  [<ffffffff81f1b930>] ? debug_object_activate+0x4e0/0x4e0
[   35.029622]  [<ffffffff81233c0b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   35.036433]  [<ffffffff8144838d>] __free_pages_ok+0x1dd/0x1610
[   35.042390]  [<ffffffff839f3d5a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   35.049303]  [<ffffffff8144981e>] free_compound_page+0x5e/0x70
[   35.055256]  [<ffffffff8154f549>] free_transhuge_page+0x99/0xc0
[   35.061289]  [<ffffffff81461b80>] __put_compound_page+0x80/0xc0
[   35.067332]  [<ffffffff81463774>] release_pages+0x2f4/0x970
[   35.073014]  [<ffffffff81463480>] ? __activate_page+0x790/0x790
[   35.079058]  [<ffffffff81f18a2b>] ? check_preemption_disabled+0x3b/0x170
[   35.085966]  [<ffffffff81466149>] ? lru_add_drain_cpu+0x149/0x350
[   35.092174]  [<ffffffff81506577>] free_pages_and_swap_cache+0x117/0x160
[   35.098896]  [<ffffffff814bdd34>] tlb_flush_mmu_free+0xb4/0x150
[   35.104926]  [<ffffffff814c616d>] unmap_page_range+0x104d/0x1730
[   35.111040]  [<ffffffff814c5120>] ? vm_normal_page_pmd+0x2e0/0x2e0
[   35.117347]  [<ffffffff814c6951>] unmap_single_vma+0x101/0x260
[   35.123290]  [<ffffffff814c7292>] unmap_vmas+0x102/0x1d0
[   35.128717]  [<ffffffff814df9f4>] exit_mmap+0x214/0x3f0
[   35.134053]  [<ffffffff814df7e0>] ? SyS_munmap+0xa0/0xa0
[   35.139474]  [<ffffffff81129dd3>] mmput+0xf3/0x2d0
[   35.144382]  [<ffffffff8113ebb6>] do_exit+0x906/0x27c0
[   35.149631]  [<ffffffff830139ca>] ? SYSC_connect+0x22a/0x300
[   35.155398]  [<ffffffff814cd350>] ? vm_insert_mixed+0x200/0x200
[   35.161424]  [<ffffffff830137a0>] ? SYSC_bind+0x280/0x280
[   35.166931]  [<ffffffff8113e2b0>] ? release_task.part.19+0x1210/0x1210
[   35.173569]  [<ffffffff8122a49a>] ? up_read+0x1a/0x40
[   35.178747]  [<ffffffff810d9593>] ? __do_page_fault+0x183/0xd50
[   35.184784]  [<ffffffff81144d91>] do_group_exit+0x111/0x340
[   35.190553]  [<ffffffff81144fc0>] ? do_group_exit+0x340/0x340
[   35.196418]  [<ffffffff81144fdd>] SyS_exit_group+0x1d/0x20
[   35.202015]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   35.207697]  [<ffffffff839f4653>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.214662] 
[   35.216261] =================================
[   35.220728] [ INFO: inconsistent lock state ]
[   35.225222] 4.9.98-gf679e4d #14 Tainted: G        W      
[   35.230729] ---------------------------------
[   35.235192] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   35.241316] syz-executor992/3762 [HC0[0]:SC1[3]:HE1:SE0] takes:
[   35.247341]  (sk_lock-AF_PPPOX){+.?.+.}, at: [<ffffffff8341c369>] inet_shutdown+0x69/0x360
{SOFTIRQ-ON-W} state was registered at:
[   35.259758]   mark_held_locks+0xc7/0x130
[   35.263796]   trace_hardirqs_on_caller+0x38b/0x590
[   35.268703]   trace_hardirqs_on+0xd/0x10
[   35.272737]   __local_bh_enable_ip+0x6a/0xd0
[   35.277115]   lock_sock_nested+0xdc/0x120
[   35.281235]   pppol2tp_connect+0xd9/0x18f0
[   35.285441]   SYSC_connect+0x1b8/0x300
[   35.289306]   SyS_connect+0x24/0x30
[   35.292905]   do_syscall_64+0x1a6/0x490
[   35.296851]   entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.302015] irq event stamp: 2702
[   35.305443] hardirqs last  enabled at (2702): [<ffffffff839f4fe9>] restore_regs_and_iret+0x0/0x1d
[   35.314438] hardirqs last disabled at (2701): [<ffffffff839f5fab>] apic_timer_interrupt+0x9b/0xb0
[   35.323422] softirqs last  enabled at (342): [<ffffffff8302109e>] release_sock+0x14e/0x1c0
[   35.331796] softirqs last disabled at (1917): [<ffffffff81149037>] irq_exit+0x147/0x190
[   35.339902] 
[   35.339902] other info that might help us debug this:
[   35.346544]  Possible unsafe locking scenario:
[   35.346544] 
[   35.352569]        CPU0
[   35.355120]        ----
[   35.357670]   lock(sk_lock-AF_PPPOX);
[   35.361683]   <Interrupt>
[   35.364407]     lock(sk_lock-AF_PPPOX);
[   35.368590] 
[   35.368590]  *** DEADLOCK ***
[   35.368590] 
[   35.374621] 1 lock held by syz-executor992/3762:
[   35.379343]  #0:  (rcu_callback){......}, at: [<ffffffff8128586e>] rcu_process_callbacks+0x98e/0x12b0
[   35.389144] 
[   35.389144] stack backtrace:
[   35.393613] CPU: 0 PID: 3762 Comm: syz-executor992 Tainted: G        W       4.9.98-gf679e4d #14
[   35.402503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.411827]  ffff8801db207a58 ffffffff81eb0fc9 ffff8801bda3c800 ffffffff855ef880
[   35.419810]  ffff8801bda3d0f0 ffff8801bda3d110 0000000000000000 ffff8801db207ac8
[   35.427800]  ffffffff814256bb 0000000000000003 0000000000000001 ffff880100000000
[   35.435772] Call Trace:
[   35.438326]  <IRQ> [   35.440378]  [<ffffffff81eb0fc9>] dump_stack+0xc1/0x128
[   35.445731]  [<ffffffff814256bb>] print_usage_bug.cold.56+0x327/0x421
[   35.452282]  [<ffffffff8107ae56>] ? save_stack_trace+0x16/0x20
[   35.458228]  [<ffffffff81233196>] mark_lock+0xcc6/0x1280
[   35.463655]  [<ffffffff81231ac0>] ? check_usage_backwards+0x2e0/0x2e0
[   35.470205]  [<ffffffff812350c0>] __lock_acquire+0xd40/0x4070
[   35.476063]  [<ffffffff81234380>] ? debug_check_no_locks_freed+0x210/0x210
[   35.483050]  [<ffffffff81f18a2b>] ? check_preemption_disabled+0x3b/0x170
[   35.489869]  [<ffffffff839f4fe9>] ? retint_kernel+0x2d/0x2d
[   35.495554]  [<ffffffff81238e60>] lock_acquire+0x130/0x3e0
[   35.501149]  [<ffffffff8341c369>] ? inet_shutdown+0x69/0x360
[   35.506921]  [<ffffffff830206a6>] lock_sock_nested+0xc6/0x120
[   35.512773]  [<ffffffff8341c369>] ? inet_shutdown+0x69/0x360
[   35.518539]  [<ffffffff8341c369>] inet_shutdown+0x69/0x360
[   35.524132]  [<ffffffff836be590>] ? pppol2tp_recvmsg+0x280/0x280
[   35.530245]  [<ffffffff836be630>] pppol2tp_session_close+0xa0/0xe0
[   35.536535]  [<ffffffff836b7e61>] l2tp_tunnel_closeall+0x231/0x350
[   35.542824]  [<ffffffff836b86e2>] l2tp_tunnel_destruct+0x2f2/0x590
[   35.549116]  [<ffffffff836b859a>] ? l2tp_tunnel_destruct+0x1aa/0x590
[   35.555582]  [<ffffffff836b83f0>] ? l2tp_tunnel_del_work+0x470/0x470
[   35.562050]  [<ffffffff8301d095>] __sk_destruct+0x55/0x590
[   35.567649]  [<ffffffff8128578e>] rcu_process_callbacks+0x8ae/0x12b0
[   35.574110]  [<ffffffff8128586e>] ? rcu_process_callbacks+0x98e/0x12b0
[   35.580750]  [<ffffffff8301d040>] ? sock_set_timeout+0x210/0x210
[   35.586868]  [<ffffffff839fb23b>] __do_softirq+0x20b/0x937
[   35.592466]  [<ffffffff81149037>] irq_exit+0x147/0x190
[   35.597713]  [<ffffffff839f9e21>] smp_apic_timer_interrupt+0x81/0xa0
[   35.604176]  [<ffffffff839f5fb0>] apic_timer_interrupt+0xa0/0xb0
[   35.610300]  <EOI> [   35.612338]  [<ffffffff839f3d5f>] ? _raw_spin_unlock_irqrestore+0x5f/0x70
[   35.619251]  [<ffffffff81f1bc1c>] debug_check_no_obj_freed+0x2ec/0x930
[   35.625887]  [<ffffffff81f1b930>] ? debug_object_activate+0x4e0/0x4e0
[   35.632439]  [<ffffffff81233c0b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   35.639251]  [<ffffffff8144838d>] __free_pages_ok+0x1dd/0x1610
[   35.645194]  [<ffffffff839f3d5a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   35.652092]  [<ffffffff8144981e>] free_compound_page+0x5e/0x70
[   35.658054]  [<ffffffff8154f549>] free_transhuge_page+0x99/0xc0
[   35.664116]  [<ffffffff81461b80>] __put_compound_page+0x80/0xc0
[   35.670148]  [<ffffffff81463774>] release_pages+0x2f4/0x970
[   35.675831]  [<ffffffff81463480>] ? __activate_page+0x790/0x790
[   35.681874]  [<ffffffff81f18a2b>] ? check_preemption_disabled+0x3b/0x170
[   35.688686]  [<ffffffff81466149>] ? lru_add_drain_cpu+0x149/0x350
[   35.694890]  [<ffffffff81506577>] free_pages_and_swap_cache+0x117/0x160
[   35.701613]  [<ffffffff814bdd34>] tlb_flush_mmu_free+0xb4/0x150
[   35.707643]  [<ffffffff814c616d>] unmap_page_range+0x104d/0x1730
[   35.713770]  [<ffffffff814c5120>] ? vm_normal_page_pmd+0x2e0/0x2e0
[   35.720067]  [<ffffffff814c6951>] unmap_single_vma+0x101/0x260
[   35.726008]  [<ffffffff814c7292>] unmap_vmas+0x102/0x1d0
[   35.731430]  [<ffffffff814df9f4>] exit_mmap+0x214/0x3f0
[   35.736778]  [<ffffffff814df7e0>] ? SyS_munmap+0xa0/0xa0
[   35.742200]  [<ffffffff81129dd3>] mmput+0xf3/0x2d0
[   35.747102]  [<ffffffff8113ebb6>] do_exit+0x906/0x27c0
[   35.752358]  [<ffffffff830139ca>] ? SYSC_connect+0x22a/0x300
[   35.758125]  [<ffffffff814cd350>] ? vm_insert_mixed+0x200/0x200
[   35.764157]  [<ffffffff830137a0>] ? SYSC_bind+0x280/0x280
[   35.769666]  [<ffffffff8113e2b0>] ? release_task.part.19+0x1210/0x1210
[   35.776304]  [<ffffffff8122a49a>] ? up_read+0x1a/0x40
[   35.781479]  [<ffffffff810d9593>] ? __do_page_fault+0x183/0xd50
[   35.787509]  [<ffffffff81144d91>] do_group_exit+0x111/0x340
[   35.793190]  [<ffffffff81144fc0>] ? do_group_exit+0x340/0x340
[   35.799045]  [<ffffffff81144fdd>] SyS_exit_group+0x1d/0x20
[   35.804650]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   35.810423]  [<ffffffff839f4653>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.817366] ------------[ cut here ]------------
[   35.822099] WARNING: CPU: 0 PID: 3762 at net/ipv4/af_inet.c:167 inet_sock_destruct+0x598/0x760
[   35.830846] Kernel panic - not syncing: panic_on_warn set ...
[   35.830846] 
[   35.838184] CPU: 0 PID: 3762 Comm: syz-executor992 Tainted: G        W       4.9.98-gf679e4d #14
[   35.847075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.856405]  ffff8801db207cc0 ffffffff81eb0fc9 ffffffff83c484a0 00000000ffffffff
[   35.864381]  0000000000000000 0000000000000000 00000000000000a7 ffff8801db207d80
[   35.872363]  ffffffff8141f975 0000000041b58ab3 ffffffff843b86e8 ffffffff8141f7b6
[   35.880340] Call Trace:
[   35.882894]  <IRQ> [   35.884930]  [<ffffffff81eb0fc9>] dump_stack+0xc1/0x128
[   35.890286]  [<ffffffff8141f975>] panic+0x1bf/0x3bc
[   35.895286]  [<ffffffff8141f7b6>] ? add_taint.cold.6+0x16/0x16
[   35.901229]  [<ffffffff8141fc46>] ? __warn.cold.9+0xa6/0x17f
[   35.906997]  [<ffffffff8341fe08>] ? inet_sock_destruct+0x598/0x760
[   35.913288]  [<ffffffff8141fc61>] __warn.cold.9+0xc1/0x17f
[   35.918885]  [<ffffffff836b7edf>] ? l2tp_tunnel_closeall+0x2af/0x350
[   35.925354]  [<ffffffff8113461c>] warn_slowpath_null+0x2c/0x40
[   35.931313]  [<ffffffff8341fe08>] inet_sock_destruct+0x598/0x760
[   35.937434]  [<ffffffff8341f870>] ? ipv4_mib_init_net+0x570/0x570
[   35.943637]  [<ffffffff836b8729>] l2tp_tunnel_destruct+0x339/0x590
[   35.949926]  [<ffffffff836b859a>] ? l2tp_tunnel_destruct+0x1aa/0x590
[   35.956395]  [<ffffffff836b83f0>] ? l2tp_tunnel_del_work+0x470/0x470
[   35.962857]  [<ffffffff8301d095>] __sk_destruct+0x55/0x590
[   35.968461]  [<ffffffff8128578e>] rcu_process_callbacks+0x8ae/0x12b0
[   35.974924]  [<ffffffff8128586e>] ? rcu_process_callbacks+0x98e/0x12b0
[   35.981560]  [<ffffffff8301d040>] ? sock_set_timeout+0x210/0x210
[   35.987686]  [<ffffffff839fb23b>] __do_softirq+0x20b/0x937
[   35.993281]  [<ffffffff81149037>] irq_exit+0x147/0x190
[   35.998528]  [<ffffffff839f9e21>] smp_apic_timer_interrupt+0x81/0xa0
[   36.005000]  [<ffffffff839f5fb0>] apic_timer_interrupt+0xa0/0xb0
[   36.011114]  <EOI> [   36.013153]  [<ffffffff839f3d5f>] ? _raw_spin_unlock_irqrestore+0x5f/0x70
[   36.020076]  [<ffffffff81f1bc1c>] debug_check_no_obj_freed+0x2ec/0x930
[   36.026713]  [<ffffffff81f1b930>] ? debug_object_activate+0x4e0/0x4e0
[   36.033263]  [<ffffffff81233c0b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   36.040078]  [<ffffffff8144838d>] __free_pages_ok+0x1dd/0x1610
[   36.046038]  [<ffffffff839f3d5a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   36.052949]  [<ffffffff8144981e>] free_compound_page+0x5e/0x70
[   36.058903]  [<ffffffff8154f549>] free_transhuge_page+0x99/0xc0
[   36.064939]  [<ffffffff81461b80>] __put_compound_page+0x80/0xc0
[   36.070968]  [<ffffffff81463774>] release_pages+0x2f4/0x970
[   36.076672]  [<ffffffff81463480>] ? __activate_page+0x790/0x790
[   36.082721]  [<ffffffff81f18a2b>] ? check_preemption_disabled+0x3b/0x170
[   36.089552]  [<ffffffff81466149>] ? lru_add_drain_cpu+0x149/0x350
[   36.095763]  [<ffffffff81506577>] free_pages_and_swap_cache+0x117/0x160
[   36.102490]  [<ffffffff814bdd34>] tlb_flush_mmu_free+0xb4/0x150
[   36.108523]  [<ffffffff814c616d>] unmap_page_range+0x104d/0x1730
[   36.114653]  [<ffffffff814c5120>] ? vm_normal_page_pmd+0x2e0/0x2e0
[   36.120949]  [<ffffffff814c6951>] unmap_single_vma+0x101/0x260
[   36.126891]  [<ffffffff814c7292>] unmap_vmas+0x102/0x1d0
[   36.132315]  [<ffffffff814df9f4>] exit_mmap+0x214/0x3f0
[   36.137653]  [<ffffffff814df7e0>] ? SyS_munmap+0xa0/0xa0
[   36.143084]  [<ffffffff81129dd3>] mmput+0xf3/0x2d0
[   36.147987]  [<ffffffff8113ebb6>] do_exit+0x906/0x27c0
[   36.153235]  [<ffffffff830139ca>] ? SYSC_connect+0x22a/0x300
[   36.159008]  [<ffffffff814cd350>] ? vm_insert_mixed+0x200/0x200
[   36.165038]  [<ffffffff830137a0>] ? SYSC_bind+0x280/0x280
[   36.170550]  [<ffffffff8113e2b0>] ? release_task.part.19+0x1210/0x1210
[   36.177196]  [<ffffffff8122a49a>] ? up_read+0x1a/0x40
[   36.182360]  [<ffffffff810d9593>] ? __do_page_fault+0x183/0xd50
[   36.188391]  [<ffffffff81144d91>] do_group_exit+0x111/0x340
[   36.194086]  [<ffffffff81144fc0>] ? do_group_exit+0x340/0x340
[   36.199944]  [<ffffffff81144fdd>] SyS_exit_group+0x1d/0x20
[   36.205540]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   36.211222]  [<ffffffff839f4653>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   36.218524] Dumping ftrace buffer:
[   36.222035]    (ftrace buffer empty)
[   36.225726] Kernel Offset: disabled
[   36.229323] Rebooting in 86400 seconds..