[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.144196] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.394951] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 27.742738] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 28.368025] random: sshd: uninitialized urandom read (32 bytes read, 69 bits of entropy available) [ 82.785925] random: sshd: uninitialized urandom read (32 bytes read, 91 bits of entropy available) Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 88.325268] random: sshd: uninitialized urandom read (32 bytes read, 95 bits of entropy available) 2018/08/04 01:32:54 parsed 1 programs [ 89.839649] random: cc1: uninitialized urandom read (8 bytes read, 97 bits of entropy available) 2018/08/04 01:32:56 executed programs: 0 [ 91.246033] IPVS: Creating netns size=2552 id=1 [ 91.477533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.493677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.572353] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 91.586672] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 91.666324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.681043] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.697542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.712860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.412953] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 92.449428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.614854] [ 93.616507] =============================== [ 93.620804] [ INFO: suspicious RCU usage. ] [ 93.625118] 4.4.145-g2241aa9 #14 Not tainted [ 93.629503] ------------------------------- [ 93.633817] kernel/rcu/tree_plugin.h:685 Illegal synchronize_rcu() in RCU read-side critical section! [ 93.643162] [ 93.643162] other info that might help us debug this: [ 93.643162] [ 93.651297] [ 93.651297] rcu_scheduler_active = 1, debug_locks = 0 [ 93.657944] 2 locks held by syz-executor0/4259: [ 93.662597] #0: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1d5/0x1ca0 [ 93.672649] #1: (&n->lock){++--..}, at: [] __neigh_event_send+0x2f/0xc50 [ 93.681825] [ 93.681825] stack backtrace: [ 93.686305] CPU: 1 PID: 4259 Comm: syz-executor0 Not tainted 4.4.145-g2241aa9 #14 [ 93.693898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.703233] 0000000000000000 a0203bce96f7a772 ffff8800b8dff000 ffffffff81e123cd [ 93.711217] ffff8801d482e000 0000000000000000 0000000000000001 ffffffff83a68200 [ 93.719203] ffff8801da2d52d8 ffff8800b8dff030 ffffffff81410687 ffff8801da2d5180 [ 93.727190] Call Trace: [ 93.729753] [] dump_stack+0xc1/0x124 [ 93.735090] [] lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 93.742261] [] synchronize_rcu+0x78/0xa0 [ 93.747946] [] __l2tp_session_unhash+0x38a/0x520 [ 93.754332] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 93.760897] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 93.767280] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 93.773572] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 93.779863] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 93.786329] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 93.792803] [] ? __neigh_event_send+0x652/0xc50 [ 93.799092] [] sk_destruct+0x4c/0x4c0 [ 93.804513] [] __sk_free+0x4f/0x220 [ 93.809762] [] sock_wfree+0x103/0x140 [ 93.815191] [] ? sk_receive_skb+0x950/0x950 [ 93.821133] [] skb_release_head_state+0x103/0x210 [ 93.827599] [] skb_release_all+0x15/0x60 [ 93.833282] [] __kfree_skb+0x15/0x20 [ 93.838626] [] kfree_skb+0xf7/0x3e0 [ 93.843888] [] __neigh_event_send+0x652/0xc50 [ 93.850005] [] neigh_resolve_output+0x4eb/0x790 [ 93.856296] [] ? check_preemption_disabled+0x3b/0x170 [ 93.863110] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 93.870355] [] ip6_finish_output2+0x929/0x1ca0 [ 93.876560] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 93.882940] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 93.889581] [] ? ip6_mtu+0x217/0x340 [ 93.894918] [] ip6_finish_output+0x3b8/0x760 [ 93.900952] [] ip6_output+0x1b8/0x520 [ 93.906384] [] ? ip6_finish_output+0x760/0x760 [ 93.912588] [] ? ip6_fragment+0x3510/0x3510 [ 93.918642] [] ? rt6_check_expired+0xa2/0x120 [ 93.924759] [] ip6_local_out+0x9b/0x180 [ 93.930353] [] ip6_send_skb+0xa1/0x340 [ 93.935866] [] ? csum_ipv6_magic+0x2b/0x90 [ 93.941722] [] udp_v6_send_skb+0x5ba/0xe70 [ 93.947580] [] udpv6_sendmsg+0x1f2e/0x24c0 [ 93.953438] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 93.959553] [] ? udp6_lib_lookup2+0x990/0x990 [ 93.965674] [] ? debug_check_no_locks_freed+0x210/0x210 [ 93.972662] [] ? sock_has_perm+0x1c1/0x400 [ 93.978522] [] ? sock_has_perm+0x29f/0x400 [ 93.984384] [] ? sock_has_perm+0x9f/0x400 [ 93.990165] [] ? inet_sendmsg+0x143/0x4d0 [ 93.995935] [] inet_sendmsg+0x203/0x4d0 [ 94.001537] [] ? inet_sendmsg+0x73/0x4d0 [ 94.007221] [] ? inet_recvmsg+0x4c0/0x4c0 [ 94.012994] [] sock_sendmsg+0xcc/0x110 [ 94.018503] [] ___sys_sendmsg+0x441/0x880 [ 94.024276] [] ? hash_futex+0x15/0x210 [ 94.029785] [] ? copy_msghdr_from_user+0x550/0x550 [ 94.036338] [] ? get_futex_key+0xdc0/0xdc0 [ 94.042198] [] ? release_sock+0x3b6/0x500 [ 94.047972] [] ? do_futex+0x12d/0x17f0 [ 94.053484] [] ? pppol2tp_recv+0x320/0x320 [ 94.059341] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 94.066066] [] ? __fget_light+0x9f/0x1f0 [ 94.071748] [] ? __fdget+0x18/0x20 [ 94.076908] [] ? sockfd_lookup_light+0xb6/0x160 [ 94.083198] [] __sys_sendmmsg+0x1d4/0x2e0 [ 94.088969] [] ? SyS_sendmsg+0x50/0x50 [ 94.094483] [] ? security_socket_connect+0x8f/0xc0 [ 94.101043] [] ? SYSC_connect+0x22a/0x300 [ 94.106816] [] ? SYSC_bind+0x280/0x280 [ 94.112327] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 94.118442] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 94.125427] [] compat_SyS_sendmmsg+0x32/0x40 [ 94.131455] [] ? compat_SyS_sendmsg+0x40/0x40 [ 94.137575] [] do_fast_syscall_32+0x324/0x8b0 [ 94.143693] [] sysenter_flags_fixed+0xd/0x1a [ 94.149752] BUG: sleeping function called from invalid context at kernel/sched/completion.c:90 [ 94.158491] in_atomic(): 1, irqs_disabled(): 0, pid: 4259, name: syz-executor0 [ 94.165844] INFO: lockdep is turned off. [ 94.169886] Preemption disabled at:[] ip6_finish_output+0x3b8/0x760 [ 94.177984] [ 94.179588] CPU: 1 PID: 4259 Comm: syz-executor0 Not tainted 4.4.145-g2241aa9 #14 [ 94.187178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.196503] 0000000000000000 a0203bce96f7a772 ffff8800b8dfed80 ffffffff81e123cd [ 94.204491] ffff8801d482e000 0000000000000000 ffff8801d482e000 000000000000005a [ 94.212473] ffff8801d482e000 ffff8800b8dfedb8 ffffffff8140e7a5 ffff8801d482e000 [ 94.220464] Call Trace: [ 94.223029] [] dump_stack+0xc1/0x124 [ 94.228370] [] ___might_sleep.cold.116+0x1bd/0x1d3 [ 94.234928] [] __might_sleep+0x90/0x1a0 [ 94.240529] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 94.247427] [] wait_for_completion+0x89/0x2e0 [ 94.253547] [] ? check_preemption_disabled+0x3b/0x170 [ 94.260360] [] ? wait_for_completion_interruptible+0x460/0x460 [ 94.267958] [] ? trace_hardirqs_on+0xd/0x10 [ 94.273900] [] __wait_rcu_gp+0x137/0x1b0 [ 94.279584] [] synchronize_rcu.part.55+0x94/0xd0 [ 94.285962] [] ? synchronize_rcu_bh.part.54+0xd0/0xd0 [ 94.292773] [] ? __call_rcu.constprop.66+0x930/0x930 [ 94.299498] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 94.307006] [] ? lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 94.314336] [] synchronize_rcu+0x37/0xa0 [ 94.320018] [] __l2tp_session_unhash+0x38a/0x520 [ 94.326395] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 94.332945] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 94.339332] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 94.345623] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 94.351923] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 94.358395] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 94.364874] [] ? __neigh_event_send+0x652/0xc50 [ 94.371177] [] sk_destruct+0x4c/0x4c0 [ 94.376602] [] __sk_free+0x4f/0x220 [ 94.381852] [] sock_wfree+0x103/0x140 [ 94.387294] [] ? sk_receive_skb+0x950/0x950 [ 94.393249] [] skb_release_head_state+0x103/0x210 [ 94.399712] [] skb_release_all+0x15/0x60 [ 94.405396] [] __kfree_skb+0x15/0x20 [ 94.410730] [] kfree_skb+0xf7/0x3e0 [ 94.415985] [] __neigh_event_send+0x652/0xc50 [ 94.422115] [] neigh_resolve_output+0x4eb/0x790 [ 94.428409] [] ? check_preemption_disabled+0x3b/0x170 [ 94.435221] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 94.442469] [] ip6_finish_output2+0x929/0x1ca0 [ 94.448674] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 94.455052] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 94.461692] [] ? ip6_mtu+0x217/0x340 [ 94.467026] [] ip6_finish_output+0x3b8/0x760 [ 94.473060] [] ip6_output+0x1b8/0x520 [ 94.478485] [] ? ip6_finish_output+0x760/0x760 [ 94.484691] [] ? ip6_fragment+0x3510/0x3510 [ 94.490645] [] ? rt6_check_expired+0xa2/0x120 [ 94.496768] [] ip6_local_out+0x9b/0x180 [ 94.502367] [] ip6_send_skb+0xa1/0x340 [ 94.507888] [] ? csum_ipv6_magic+0x2b/0x90 [ 94.513747] [] udp_v6_send_skb+0x5ba/0xe70 [ 94.519606] [] udpv6_sendmsg+0x1f2e/0x24c0 [ 94.525463] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 94.531581] [] ? udp6_lib_lookup2+0x990/0x990 [ 94.537702] [] ? debug_check_no_locks_freed+0x210/0x210 [ 94.544691] [] ? sock_has_perm+0x1c1/0x400 [ 94.550551] [] ? sock_has_perm+0x29f/0x400 [ 94.556415] [] ? sock_has_perm+0x9f/0x400 [ 94.562189] [] ? inet_sendmsg+0x143/0x4d0 [ 94.567969] [] inet_sendmsg+0x203/0x4d0 [ 94.573564] [] ? inet_sendmsg+0x73/0x4d0 [ 94.579246] [] ? inet_recvmsg+0x4c0/0x4c0 [ 94.585019] [] sock_sendmsg+0xcc/0x110 [ 94.590530] [] ___sys_sendmsg+0x441/0x880 [ 94.596300] [] ? hash_futex+0x15/0x210 [ 94.601819] [] ? copy_msghdr_from_user+0x550/0x550 [ 94.608370] [] ? get_futex_key+0xdc0/0xdc0 [ 94.614227] [] ? release_sock+0x3b6/0x500 [ 94.619995] [] ? do_futex+0x12d/0x17f0 [ 94.625508] [] ? pppol2tp_recv+0x320/0x320 [ 94.631366] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 94.638092] [] ? __fget_light+0x9f/0x1f0 [ 94.643778] [] ? __fdget+0x18/0x20 [ 94.648939] [] ? sockfd_lookup_light+0xb6/0x160 [ 94.655230] [] __sys_sendmmsg+0x1d4/0x2e0 [ 94.660999] [] ? SyS_sendmsg+0x50/0x50 [ 94.666512] [] ? security_socket_connect+0x8f/0xc0 [ 94.673064] [] ? SYSC_connect+0x22a/0x300 [ 94.678832] [] ? SYSC_bind+0x280/0x280 [ 94.684345] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 94.690464] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 94.697453] [] compat_SyS_sendmmsg+0x32/0x40 [ 94.703490] [] ? compat_SyS_sendmsg+0x40/0x40 [ 94.709610] [] do_fast_syscall_32+0x324/0x8b0 [ 94.715825] [] sysenter_flags_fixed+0xd/0x1a [ 94.721892] BUG: scheduling while atomic: syz-executor0/4259/0x00000402 [ 94.728612] INFO: lockdep is turned off. [ 94.732654] Modules linked in: [ 94.735937] Preemption disabled at:[] ip6_finish_output+0x3b8/0x760 [ 94.744017] [ 94.745624] CPU: 1 PID: 4259 Comm: syz-executor0 Not tainted 4.4.145-g2241aa9 #14 [ 94.753302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.762627] 0000000000000000 a0203bce96f7a772 ffff8800b8dfebd8 ffffffff81e123cd [ 94.770614] ffff8801d482e000 0000000000000402 000000000001f540 0000000000000000 [ 94.778603] 0000000000000001 ffff8800b8dfebf8 ffffffff8140e899 ffff8801db31f540 [ 94.786590] Call Trace: [ 94.789150] [] dump_stack+0xc1/0x124 [ 94.794488] [] __schedule_bug.cold.117+0xde/0x100 [ 94.800958] [] __schedule+0x11ff/0x1d70 [ 94.806561] [] ? dump_trace+0x184/0x360 [ 94.812156] [] schedule+0x7a/0x1b0 [ 94.817317] [] schedule_timeout+0x481/0x8b0 [ 94.823264] [] ? usleep_range+0x140/0x140 [ 94.829034] [] ? dump_stack+0xfb/0x124 [ 94.834545] [] ? wait_for_completion+0x91/0x2e0 [ 94.840839] [] ? ___might_sleep.cold.116+0x1bd/0x1d3 [ 94.847567] [] ? wait_for_completion+0x1f6/0x2e0 [ 94.853947] [] wait_for_completion+0x1fe/0x2e0 [ 94.860152] [] ? wait_for_completion_interruptible+0x460/0x460 [ 94.867744] [] ? wake_up_process+0x20/0x20 [ 94.873603] [] __wait_rcu_gp+0x137/0x1b0 [ 94.879290] [] synchronize_rcu.part.55+0x94/0xd0 [ 94.885668] [] ? synchronize_rcu_bh.part.54+0xd0/0xd0 [ 94.892487] [] ? __call_rcu.constprop.66+0x930/0x930 [ 94.899212] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 94.906725] [] ? lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 94.914059] [] synchronize_rcu+0x37/0xa0 [ 94.919745] [] __l2tp_session_unhash+0x38a/0x520 [ 94.926123] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 94.932674] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 94.939050] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 94.945340] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 94.951635] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 94.958099] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 94.964564] [] ? __neigh_event_send+0x652/0xc50 [ 94.970856] [] sk_destruct+0x4c/0x4c0 [ 94.976278] [] __sk_free+0x4f/0x220 [ 94.981527] [] sock_wfree+0x103/0x140 [ 94.986968] [] ? sk_receive_skb+0x950/0x950 [ 94.992912] [] skb_release_head_state+0x103/0x210 [ 94.999374] [] skb_release_all+0x15/0x60 [ 95.005056] [] __kfree_skb+0x15/0x20 [ 95.010399] [] kfree_skb+0xf7/0x3e0 [ 95.015651] [] __neigh_event_send+0x652/0xc50 [ 95.021772] [] neigh_resolve_output+0x4eb/0x790 [ 95.028073] [] ? check_preemption_disabled+0x3b/0x170 [ 95.034888] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 95.042136] [] ip6_finish_output2+0x929/0x1ca0 [ 95.048339] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 95.054717] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 95.061365] [] ? ip6_mtu+0x217/0x340 [ 95.066702] [] ip6_finish_output+0x3b8/0x760 [ 95.072733] [] ip6_output+0x1b8/0x520 [ 95.078159] [] ? ip6_finish_output+0x760/0x760 [ 95.084538] [] ? ip6_fragment+0x3510/0x3510 [ 95.090490] [] ? rt6_check_expired+0xa2/0x120 [ 95.096609] [] ip6_local_out+0x9b/0x180 [ 95.102203] [] ip6_send_skb+0xa1/0x340 [ 95.107711] [] ? csum_ipv6_magic+0x2b/0x90 [ 95.113568] [] udp_v6_send_skb+0x5ba/0xe70 [ 95.119423] [] udpv6_sendmsg+0x1f2e/0x24c0 [ 95.125281] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 95.131398] [] ? udp6_lib_lookup2+0x990/0x990 [ 95.137517] [] ? debug_check_no_locks_freed+0x210/0x210 [ 95.144505] [] ? sock_has_perm+0x1c1/0x400 [ 95.150363] [] ? sock_has_perm+0x29f/0x400 [ 95.156223] [] ? sock_has_perm+0x9f/0x400 [ 95.161998] [] ? inet_sendmsg+0x143/0x4d0 [ 95.167770] [] inet_sendmsg+0x203/0x4d0 [ 95.173369] [] ? inet_sendmsg+0x73/0x4d0 [ 95.179056] [] ? inet_recvmsg+0x4c0/0x4c0 [ 95.184828] [] sock_sendmsg+0xcc/0x110 [ 95.190340] [] ___sys_sendmsg+0x441/0x880 [ 95.196111] [] ? hash_futex+0x15/0x210 [ 95.201620] [] ? copy_msghdr_from_user+0x550/0x550 [ 95.208175] [] ? get_futex_key+0xdc0/0xdc0 [ 95.214033] [] ? release_sock+0x3b6/0x500 [ 95.219804] [] ? do_futex+0x12d/0x17f0 [ 95.225315] [] ? pppol2tp_recv+0x320/0x320 [ 95.231171] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 95.237899] [] ? __fget_light+0x9f/0x1f0 [ 95.243587] [] ? __fdget+0x18/0x20 [ 95.249270] [] ? sockfd_lookup_light+0xb6/0x160 [ 95.255566] [] __sys_sendmmsg+0x1d4/0x2e0 [ 95.261340] [] ? SyS_sendmsg+0x50/0x50 [ 95.266851] [] ? security_socket_connect+0x8f/0xc0 [ 95.273403] [] ? SYSC_connect+0x22a/0x300 [ 95.279172] [] ? SYSC_bind+0x280/0x280 [ 95.284685] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 95.290803] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 95.297789] [] compat_SyS_sendmmsg+0x32/0x40 [ 95.303819] [] ? compat_SyS_sendmsg+0x40/0x40 [ 95.309938] [] do_fast_syscall_32+0x324/0x8b0 [ 95.316062] [] sysenter_flags_fixed+0xd/0x1a [ 95.327206] NOHZ: local_softirq_pending 282