[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.482005] random: sshd: uninitialized urandom read (32 bytes read, 28 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.862521] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 19.098531] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 20.085415] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. 2018/04/05 17:19:33 fuzzer started 2018/04/05 17:19:33 dialing manager at 10.128.0.26:33283 2018/04/05 17:19:39 kcov=true, comps=false 2018/04/05 17:19:42 executing program 0: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6_vti0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x2, &(0x7f0000000000)={r1, 0x1, 0x6}, 0x10) 2018/04/05 17:19:42 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') preadv(r0, &(0x7f0000b5cff8)=[{&(0x7f00006f0000)=""/154, 0x31c}], 0x1000000000000157, 0x0) 2018/04/05 17:19:42 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0x8010aa02, &(0x7f00000c0ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) keyctl$join(0x1, &(0x7f0000000180)={0x73, 0x79, 0x7a}) 2018/04/05 17:19:42 executing program 4: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc), 0x4) r1 = socket$inet(0x2, 0x3, 0x6) sendto$inet(r1, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f00005b5ff0)={0x2}, 0x10) sendto$inet(r1, &(0x7f0000000040)="33f018eb", 0x4, 0x0, &(0x7f0000000140)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/05 17:19:42 executing program 2: capset(&(0x7f00001e8ff8)={0x19980330}, &(0x7f00003fd000)) prctl$intptr(0x1c, 0x0) 2018/04/05 17:19:42 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00008f0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000532000)=0x1e) 2018/04/05 17:19:42 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000000), 0x8, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080), 0x0) 2018/04/05 17:19:42 executing program 6: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'eql\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x2, 'sit0\x00'}, 0x18) [ 35.445416] IPVS: Creating netns size=2552 id=1 [ 35.560742] IPVS: Creating netns size=2552 id=2 [ 35.607690] IPVS: Creating netns size=2552 id=3 [ 35.681969] IPVS: Creating netns size=2552 id=4 [ 35.755989] IPVS: Creating netns size=2552 id=5 [ 35.824206] IPVS: Creating netns size=2552 id=6 [ 35.937559] IPVS: Creating netns size=2552 id=7 [ 36.113369] IPVS: Creating netns size=2552 id=8 [ 40.436144] capability: warning: `syz-executor2' uses 32-bit capabilities (legacy support in use) [ 40.794980] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 40.795487] IPVS: stopping backup sync thread 5035 ... INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes [ 242.091099] INFO: task kworker/0:1:411 blocked for more than 120 seconds. [ 242.098043] Not tainted 4.4.125-g38f41ec #21 [ 242.102976] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 242.110907] kworker/0:1 D ffff8801d8eb7af8 26616 411 2 0x00000000 [ 242.118457] Workqueue: events_power_efficient crda_timeout_work [ 242.124640] ffff8801d8eb7af8 ffff8801d8e60000 0000000000000002 0000000000000007 [ 242.132611] ffff8801d8e60000 ffff8801db21fdb8 ffff8801db21fde0 ffff8801db21f4d8 [ 242.140572] ffff8801db21f4c0 ffffffff84217840 ffff8801d8e60000 0000000000000000 [ 242.148601] Call Trace: [ 242.151209] [] schedule+0x7a/0x1b0 [ 242.156368] [] schedule_preempt_disabled+0x13/0x20 [ 242.162932] [] mutex_lock_nested+0x306/0x850 [ 242.168973] [] ? rtnl_lock+0x17/0x20 [ 242.174316] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 242.180534] [] ? __lock_is_held+0xa1/0xf0 [ 242.186313] [] rtnl_lock+0x17/0x20 [ 242.191481] [] crda_timeout_work+0xe/0x30 [ 242.197279] [] process_one_work+0x7d7/0x16e0 [ 242.203321] [] ? process_one_work+0x6f7/0x16e0 [ 242.209521] [] ? pwq_dec_nr_in_flight+0x280/0x280 [ 242.215996] [] ? worker_thread+0x288/0xfc0 [ 242.221862] [] worker_thread+0xd9/0xfc0 [ 242.227454] [] ? ___preempt_schedule+0x12/0x14 [ 242.233669] [] kthread+0x268/0x300 [ 242.238824] [] ? process_one_work+0x16e0/0x16e0 [ 242.245130] [] ? kthread_create_on_node+0x400/0x400 [ 242.251774] [] ? kthread_create_on_node+0x400/0x400 [ 242.258405] [] ret_from_fork+0x55/0x80 [ 242.263929] [] ? kthread_create_on_node+0x400/0x400 [ 242.270604] 3 locks held by kworker/0:1/411: [ 242.275017] #0: ("events_power_efficient"){.+.+.+}, at: [] process_one_work+0x6bd/0x16e0 [ 242.285659] #1: ((crda_timeout).work){+.+.+.}, at: [] process_one_work+0x6f7/0x16e0 [ 242.295990] #2: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 242.304462] Sending NMI to all CPUs: [ 242.308383] NMI backtrace for cpu 0 [ 242.311999] CPU: 0 PID: 486 Comm: khungtaskd Not tainted 4.4.125-g38f41ec #21 [ 242.319237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.328582] task: ffff8800bacf4800 task.stack: ffff8800bac90000 [ 242.334622] RIP: 0010:[] [] flat_send_IPI_mask+0xf7/0x1a0 [ 242.343349] RSP: 0018:ffff8800bac97cb8 EFLAGS: 00000046 [ 242.348764] RAX: 0000000003000000 RBX: 0000000000000c00 RCX: 0000000000000000 [ 242.356023] RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fb300 [ 242.363271] RBP: ffff8800bac97ce0 R08: 0000000000000001 R09: 0000000000000000 [ 242.370511] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000246 [ 242.377773] R13: 0000000000000003 R14: ffffffff8426f5a0 R15: 0000000000000002 [ 242.385031] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 242.393241] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.399091] CR2: 00007f0aea5bc030 CR3: 00000000b5dfa000 CR4: 0000000000160670 [ 242.406356] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 242.413604] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 242.420840] Stack: [ 242.422974] ffffffff8426f5a0 ffffffff847f0b40 fffffbfff08fdc1c dffffc0000000000 [ 242.430475] ffff8801db31bca0 ffff8800bac97d00 ffffffff810b9abb ffffffff839f6dc0 [ 242.437992] 0000000000000003 ffff8800bac97d60 ffffffff81d11764 ffffffff8141b993 [ 242.445511] Call Trace: [ 242.448061] [] nmi_raise_cpu_backtrace+0x5b/0x70 [ 242.454449] [] nmi_trigger_all_cpu_backtrace+0x4a4/0x550 [ 242.461526] [] ? print_lock+0xab/0xae [ 242.466941] [] ? irq_force_complete_move+0x3b0/0x3b0 [ 242.473675] [] arch_trigger_all_cpu_backtrace+0x14/0x20 [ 242.480655] [] watchdog+0x6fa/0xae0 [ 242.485917] [] ? watchdog+0xc3/0xae0 [ 242.491259] [] kthread+0x268/0x300 [ 242.496415] [] ? reset_hung_task_detector+0x20/0x20 [ 242.503072] [] ? kthread_create_on_node+0x400/0x400 [ 242.509700] [] ? kthread_create_on_node+0x400/0x400 [ 242.516350] [] ret_from_fork+0x55/0x80 [ 242.521860] [] ? kthread_create_on_node+0x400/0x400 [ 242.528491] Code: b3 5f ff f6 c4 10 75 e1 44 89 e8 c1 e0 18 89 04 25 10 b3 5f ff 44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 b3 5f ff <41> f7 c4 00 02 00 00 74 1a e8 2b 33 17 00 4c 89 e7 57 9d 0f 1f [ 242.547472] NMI backtrace for cpu 1 [ 242.551076] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.125-g38f41ec #21 [ 242.558055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.567397] task: ffff8801d9b49800 task.stack: ffff8801d9b58000 [ 242.573433] RIP: 0010:[] [] native_safe_halt+0x6/0x10 [ 242.581821] RSP: 0018:ffff8801d9b5fd98 EFLAGS: 00000246 [ 242.587235] RAX: 0000000000000007 RBX: ffffffff847dec48 RCX: 0000000000000000 [ 242.594737] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801d9b4a0dc [ 242.601993] RBP: ffff8801d9b5fd98 R08: 0000000000000000 R09: 0000000000000000 [ 242.609234] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 242.616499] R13: fffffbfff07088c0 R14: ffffffff847ecfb8 R15: 0000000000000000 [ 242.623755] FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 242.631967] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.637818] CR2: 00007f0aea8b4000 CR3: 00000000b4b4a000 CR4: 0000000000160670 [ 242.645086] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 242.652332] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 242.659570] Stack: [ 242.661701] ffff8801d9b5fdd0 ffffffff81027e65 ffff8801d9b60000 ffffffff847dec48 [ 242.669200] fffffbfff07088c0 ffffffff847ecfb8 0000000000000000 ffff8801d9b5fde0 [ 242.676720] ffffffff810293da ffff8801d9b5fdf8 ffffffff81221948 dffffc0000000000 [ 242.684235] Call Trace: [ 242.686784] [] default_idle+0x55/0x3c0 [ 242.692302] [] arch_cpu_idle+0xa/0x10 [ 242.697716] [] default_idle_call+0x48/0x70 [ 242.703586] [] cpu_startup_entry+0x5fd/0x8f0 [ 242.709608] [] ? call_cpuidle+0xe0/0xe0 [ 242.715221] [] ? clockevents_register_device+0x122/0x230 [ 242.722300] [] start_secondary+0x304/0x3e0 [ 242.728154] [] ? set_cpu_sibling_map+0x1080/0x1080 [ 242.734720] Code: 00 00 00 00 00 55 48 89 e5 fa 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 66 0f 1f 84 [ 242.753889] Kernel panic - not syncing: hung_task: blocked tasks [ 242.760029] CPU: 1 PID: 486 Comm: khungtaskd Not tainted 4.4.125-g38f41ec #21 [ 242.767267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.776589] 0000000000000000 111cb796142b8d7d ffff8800bac97ca8 ffffffff81d067bd [ 242.784549] ffffffff838831a0 ffff8800bac97d80 dffffc0000000000 7fffffffffffffff [ 242.792513] ffff8801d8e60448 ffff8800bac97d70 ffffffff8141b46a 0000000041b58ab3 [ 242.800466] Call Trace: [ 242.803027] [] dump_stack+0xc1/0x124 [ 242.808361] [] panic+0x1aa/0x388 [ 242.813347] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 242.820241] [] ? nmi_trigger_all_cpu_backtrace+0x3f8/0x550 [ 242.827482] [] ? nmi_trigger_all_cpu_backtrace+0x3f8/0x550 [ 242.834723] [] watchdog+0x70b/0xae0 [ 242.839966] [] ? watchdog+0xc3/0xae0 [ 242.845298] [] kthread+0x268/0x300 [ 242.850452] [] ? reset_hung_task_detector+0x20/0x20 [ 242.857091] [] ? kthread_create_on_node+0x400/0x400 [ 242.863723] [] ? kthread_create_on_node+0x400/0x400 [ 242.870358] [] ret_from_fork+0x55/0x80 [ 242.875862] [] ? kthread_create_on_node+0x400/0x400 [ 242.882912] Dumping ftrace buffer: [ 242.886441] (ftrace buffer empty) [ 242.890120] Kernel Offset: disabled [ 242.893723] Rebooting in 86400 seconds..