[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.925453] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.072509] random: sshd: uninitialized urandom read (32 bytes read) [ 18.396425] random: sshd: uninitialized urandom read (32 bytes read) [ 19.165900] random: sshd: uninitialized urandom read (32 bytes read) [ 19.301868] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts. [ 24.766381] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 24.881725] BUG: sleeping function called from invalid context at net/core/sock.c:2502 [ 24.889833] in_atomic(): 1, irqs_disabled(): 0, pid: 3807, name: syz-executor684 [ 24.897366] 2 locks held by syz-executor684/3807: [ 24.902204] #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x36b/0xd50 [ 24.911539] #1: (rcu_callback){......}, at: [] rcu_process_callbacks+0x98e/0x12b0 [ 24.921375] Preemption disabled at:[ 24.924825] [] clear_huge_page+0x98/0x470 [ 24.930544] CPU: 1 PID: 3807 Comm: syz-executor684 Not tainted 4.9.96-g71fce1e #10 [ 24.938221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.947555] ffff8801db307cd8 ffffffff81eb0b69 ffffffff814d19d8 0000000000000000 [ 24.955569] 0000000000000101 ffff8801b6f50000 ffff8801b6f50000 ffff8801db307d10 [ 24.963570] ffffffff81422310 ffff8801b6f50000 ffffffff83ef5aa0 00000000000009c6 [ 24.971597] Call Trace: [ 24.974157] [ 24.976206] [] dump_stack+0xc1/0x128 [ 24.981582] [] ? clear_huge_page+0x98/0x470 [ 24.987552] [] ___might_sleep.cold.123+0x1bc/0x1f5 [ 24.994115] [] __might_sleep+0x95/0x1a0 [ 24.999723] [] ? trace_hardirqs_on_caller+0x266/0x590 [ 25.006547] [] lock_sock_nested+0x34/0x120 [ 25.012413] [] inet_shutdown+0x69/0x360 [ 25.018015] [] ? pppol2tp_recvmsg+0x280/0x280 [ 25.024140] [] pppol2tp_session_close+0xa0/0xe0 [ 25.030439] [] l2tp_tunnel_closeall+0x231/0x350 [ 25.036921] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 25.043213] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 25.049686] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 25.056161] [] __sk_destruct+0x55/0x590 [ 25.061853] [] rcu_process_callbacks+0x8ae/0x12b0 [ 25.068316] [] ? rcu_process_callbacks+0x98e/0x12b0 [ 25.074975] [] ? sock_set_timeout+0x210/0x210 [ 25.081100] [] __do_softirq+0x20b/0x937 [ 25.086701] [] irq_exit+0x147/0x190 [ 25.091955] [] smp_apic_timer_interrupt+0x81/0xa0 [ 25.098436] [] apic_timer_interrupt+0xa0/0xb0 [ 25.104564] [ 25.106618] [] ? clear_page_c_e+0x7/0x10 [ 25.112334] [] ? clear_huge_page+0xdc/0x470 [ 25.118282] [] ? __raw_spin_lock_init+0x2d/0x100 [ 25.124661] [] do_huge_pmd_anonymous_page+0x3c7/0x10f0 [ 25.131570] [] handle_mm_fault+0x1a9e/0x28e0 [ 25.137612] [] ? security_socket_connect+0x8f/0xc0 [ 25.144167] [] ? vm_insert_mixed+0x200/0x200 [ 25.150201] [] ? __lock_is_held+0xa2/0xf0 [ 25.155975] [] __do_page_fault+0x5af/0xd50 [ 25.161833] [] ? mm_fault_error+0x2c0/0x2c0 [ 25.167778] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.174441] [] do_page_fault+0x27/0x30 [ 25.179964] [] page_fault+0x28/0x30 [ 25.185262] [ 25.186875] ================================= [ 25.191338] [ INFO: inconsistent lock state ] [ 25.195809] 4.9.96-g71fce1e #10 Tainted: G W [ 25.201326] --------------------------------- [ 25.205808] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 25.211932] syz-executor684/3807 [HC0[0]:SC1[3]:HE1:SE0] takes: [ 25.217958] (sk_lock-AF_PPPOX){+.?.+.}, at: [] inet_shutdown+0x69/0x360 {SOFTIRQ-ON-W} state was registered at: [ 25.230585] mark_held_locks+0xc7/0x130 [ 25.234640] trace_hardirqs_on_caller+0x38b/0x590 [ 25.239541] trace_hardirqs_on+0xd/0x10 [ 25.243575] __local_bh_enable_ip+0x6a/0xd0 [ 25.247959] lock_sock_nested+0xdc/0x120 [ 25.252081] pppol2tp_connect+0xd8/0x18e0 [ 25.256290] SYSC_connect+0x1b8/0x300 [ 25.260150] SyS_connect+0x24/0x30 [ 25.263753] do_syscall_64+0x1a6/0x490 [ 25.267711] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 25.272870] irq event stamp: 812 [ 25.276297] hardirqs last enabled at (812): [] restore_regs_and_iret+0x0/0x1d [ 25.285205] hardirqs last disabled at (811): [] apic_timer_interrupt+0x9b/0xb0 [ 25.294102] softirqs last enabled at (224): [] release_sock+0x14e/0x1c0 [ 25.302479] softirqs last disabled at (237): [] irq_exit+0x147/0x190 [ 25.310500] [ 25.310500] other info that might help us debug this: [ 25.317137] Possible unsafe locking scenario: [ 25.317137] [ 25.323162] CPU0 [ 25.325712] ---- [ 25.328265] lock(sk_lock-AF_PPPOX); [ 25.332284] [ 25.335015] lock(sk_lock-AF_PPPOX); [ 25.339198] [ 25.339198] *** DEADLOCK *** [ 25.339198] [ 25.345240] 2 locks held by syz-executor684/3807: [ 25.350052] #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x36b/0xd50 [ 25.359360] #1: (rcu_callback){......}, at: [] rcu_process_callbacks+0x98e/0x12b0 [ 25.369194] [ 25.369194] stack backtrace: [ 25.373754] CPU: 1 PID: 3807 Comm: syz-executor684 Tainted: G W 4.9.96-g71fce1e #10 [ 25.382648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.391982] ffff8801db307a58 ffffffff81eb0b69 ffff8801b6f50000 ffffffff853eee60 [ 25.399986] ffff8801b6f50918 ffff8801b6f50938 0000000000000000 ffff8801db307ac8 [ 25.407973] ffffffff814256bb 0000000000000003 0000000000000001 ffff880100000000 [ 25.415970] Call Trace: [ 25.418525] [ 25.420564] [] dump_stack+0xc1/0x128 [ 25.425923] [] print_usage_bug.cold.56+0x327/0x421 [ 25.433106] [] ? save_stack_trace+0x16/0x20 [ 25.439068] [] mark_lock+0xcc6/0x1280 [ 25.444510] [] ? check_usage_backwards+0x2e0/0x2e0 [ 25.451065] [] __lock_acquire+0xd40/0x4070 [ 25.456929] [] ? debug_check_no_locks_freed+0x210/0x210 [ 25.463923] [] ? check_preemption_disabled+0x3b/0x170 [ 25.470758] [] ? retint_kernel+0x2d/0x2d [ 25.476708] [] lock_acquire+0x130/0x3e0 [ 25.482319] [] ? inet_shutdown+0x69/0x360 [ 25.488099] [] lock_sock_nested+0xc6/0x120 [ 25.493956] [] ? inet_shutdown+0x69/0x360 [ 25.499724] [] inet_shutdown+0x69/0x360 [ 25.505328] [] ? pppol2tp_recvmsg+0x280/0x280 [ 25.511443] [] pppol2tp_session_close+0xa0/0xe0 [ 25.517733] [] l2tp_tunnel_closeall+0x231/0x350 [ 25.524025] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 25.530316] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 25.536786] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 25.543263] [] __sk_destruct+0x55/0x590 [ 25.548867] [] rcu_process_callbacks+0x8ae/0x12b0 [ 25.555337] [] ? rcu_process_callbacks+0x98e/0x12b0 [ 25.561989] [] ? sock_set_timeout+0x210/0x210 [ 25.568111] [] __do_softirq+0x20b/0x937 [ 25.573730] [] irq_exit+0x147/0x190 [ 25.579005] [] smp_apic_timer_interrupt+0x81/0xa0 [ 25.585477] [] apic_timer_interrupt+0xa0/0xb0 [ 25.591612] [ 25.593654] [] ? clear_page_c_e+0x7/0x10 [ 25.599383] [] ? clear_huge_page+0xdc/0x470 [ 25.605523] [] ? __raw_spin_lock_init+0x2d/0x100 [ 25.611911] [] do_huge_pmd_anonymous_page+0x3c7/0x10f0 [ 25.618820] [] handle_mm_fault+0x1a9e/0x28e0 [ 25.624853] [] ? security_socket_connect+0x8f/0xc0 [ 25.631410] [] ? vm_insert_mixed+0x200/0x200 [ 25.637441] [] ? __lock_is_held+0xa2/0xf0 [ 25.643215] [] __do_page_fault+0x5af/0xd50 [ 25.649078] [] ? mm_fault_error+0x2c0/0x2c0 [ 25.655021] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.661658] [] do_page_fault+0x27/0x30 [ 25.667168] [] page_fault+0x28/0x30 [ 25.672446] ------------[ cut here ]------------ [ 25.677194] WARNING: CPU: 1 PID: 3807 at net/ipv4/af_inet.c:167 inet_sock_destruct+0x598/0x760 [ 25.685946] Kernel panic - not syncing: panic_on_warn set ... [ 25.685946] [ 25.693380] CPU: 1 PID: 3807 Comm: syz-executor684 Tainted: G W 4.9.96-g71fce1e #10 [ 25.702280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.711617] ffff8801db307cc0 ffffffff81eb0b69 ffffffff83a484a0 00000000ffffffff [ 25.719656] 0000000000000000 0000000000000001 00000000000000a7 ffff8801db307d80 [ 25.727737] ffffffff8141f975 0000000041b58ab3 ffffffff841b8030 ffffffff8141f7b6 [ 25.735738] Call Trace: [ 25.738304] [ 25.740355] [] dump_stack+0xc1/0x128 [ 25.745712] [] panic+0x1bf/0x3bc [ 25.750704] [] ? add_taint.cold.6+0x16/0x16 [ 25.757519] [] ? __warn.cold.9+0xa6/0x17f [ 25.763295] [] ? inet_sock_destruct+0x598/0x760 [ 25.769591] [] __warn.cold.9+0xc1/0x17f [ 25.775190] [] ? l2tp_tunnel_closeall+0x2af/0x350 [ 25.781668] [] warn_slowpath_null+0x2c/0x40 [ 25.787632] [] inet_sock_destruct+0x598/0x760 [ 25.793772] [] ? ipv4_mib_init_net+0x570/0x570 [ 25.799996] [] l2tp_tunnel_destruct+0x339/0x590 [ 25.806311] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 25.812797] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 25.819290] [] __sk_destruct+0x55/0x590 [ 25.824916] [] rcu_process_callbacks+0x8ae/0x12b0 [ 25.831395] [] ? rcu_process_callbacks+0x98e/0x12b0 [ 25.838043] [] ? sock_set_timeout+0x210/0x210 [ 25.844172] [] __do_softirq+0x20b/0x937 [ 25.849771] [] irq_exit+0x147/0x190 [ 25.855024] [] smp_apic_timer_interrupt+0x81/0xa0 [ 25.861491] [] apic_timer_interrupt+0xa0/0xb0 [ 25.867620] [ 25.869663] [] ? clear_page_c_e+0x7/0x10 [ 25.875377] [] ? clear_huge_page+0xdc/0x470 [ 25.881322] [] ? __raw_spin_lock_init+0x2d/0x100 [ 25.887702] [] do_huge_pmd_anonymous_page+0x3c7/0x10f0 [ 25.894609] [] handle_mm_fault+0x1a9e/0x28e0 [ 25.900645] [] ? security_socket_connect+0x8f/0xc0 [ 25.907290] [] ? vm_insert_mixed+0x200/0x200 [ 25.913339] [] ? __lock_is_held+0xa2/0xf0 [ 25.919122] [] __do_page_fault+0x5af/0xd50 [ 25.924991] [] ? mm_fault_error+0x2c0/0x2c0 [ 25.930939] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.937583] [] do_page_fault+0x27/0x30 [ 25.943102] [] page_fault+0x28/0x30 [ 25.948995] Dumping ftrace buffer: [ 25.952513] (ftrace buffer empty) [ 25.956201] Kernel Offset: disabled [ 25.959800] Rebooting in 86400 seconds..