[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.571346] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.248336] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 26.685747] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 27.938794] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available) [ 56.259206] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available) Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. [ 61.672091] random: sshd: uninitialized urandom read (32 bytes read, 127 bits of entropy available) 2018/08/01 22:49:16 parsed 1 programs [ 62.624746] random: nonblocking pool is initialized 2018/08/01 22:49:18 executed programs: 0 [ 64.439127] IPVS: Creating netns size=2552 id=1 [ 64.697571] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 64.714558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 64.799684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 64.815639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 64.901944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 64.917829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 64.934089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.952652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.694118] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.732258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.144553] [ 66.146212] =============================== [ 66.150503] [ INFO: suspicious RCU usage. ] [ 66.154818] 4.4.145-g2241aa9 #14 Not tainted [ 66.159197] ------------------------------- [ 66.163514] kernel/rcu/tree_plugin.h:685 Illegal synchronize_rcu() in RCU read-side critical section! [ 66.172843] [ 66.172843] other info that might help us debug this: [ 66.172843] [ 66.180984] [ 66.180984] rcu_scheduler_active = 1, debug_locks = 0 [ 66.187635] 2 locks held by syz-executor0/4231: [ 66.192284] #0: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1d5/0x1ca0 [ 66.202340] #1: (&n->lock){++--..}, at: [] __neigh_event_send+0x2f/0xc50 [ 66.211535] [ 66.211535] stack backtrace: [ 66.216035] CPU: 1 PID: 4231 Comm: syz-executor0 Not tainted 4.4.145-g2241aa9 #14 [ 66.223631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.232961] 0000000000000000 e761f5ab849f6860 ffff8801d660f000 ffffffff81e123cd [ 66.240964] ffff8800b8c41800 0000000000000000 0000000000000001 ffffffff83a68200 [ 66.248966] ffff8801d0c7c8d8 ffff8801d660f030 ffffffff81410687 ffff8801d0c7c780 [ 66.256979] Call Trace: [ 66.259544] [] dump_stack+0xc1/0x124 [ 66.264882] [] lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 66.272045] [] synchronize_rcu+0x78/0xa0 [ 66.277731] [] __l2tp_session_unhash+0x38a/0x520 [ 66.284120] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 66.290672] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 66.297052] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 66.303344] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 66.309635] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 66.316099] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 66.322565] [] ? __neigh_event_send+0x652/0xc50 [ 66.328856] [] sk_destruct+0x4c/0x4c0 [ 66.334279] [] __sk_free+0x4f/0x220 [ 66.339528] [] sock_wfree+0x103/0x140 [ 66.344950] [] ? sk_receive_skb+0x950/0x950 [ 66.350898] [] skb_release_head_state+0x103/0x210 [ 66.357364] [] skb_release_all+0x15/0x60 [ 66.363054] [] __kfree_skb+0x15/0x20 [ 66.368400] [] kfree_skb+0xf7/0x3e0 [ 66.373659] [] __neigh_event_send+0x652/0xc50 [ 66.379777] [] neigh_resolve_output+0x4eb/0x790 [ 66.386083] [] ? check_preemption_disabled+0x3b/0x170 [ 66.392907] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 66.400158] [] ip6_finish_output2+0x929/0x1ca0 [ 66.406364] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 66.412743] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 66.419382] [] ? ip6_mtu+0x217/0x340 [ 66.424720] [] ip6_finish_output+0x3b8/0x760 [ 66.430778] [] ip6_output+0x1b8/0x520 [ 66.436235] [] ? ip6_finish_output+0x760/0x760 [ 66.442452] [] ? ip6_fragment+0x3510/0x3510 [ 66.448408] [] ? rt6_check_expired+0xa2/0x120 [ 66.454527] [] ip6_local_out+0x9b/0x180 [ 66.460128] [] ip6_send_skb+0xa1/0x340 [ 66.465641] [] ? csum_ipv6_magic+0x2b/0x90 [ 66.471506] [] udp_v6_send_skb+0x5ba/0xe70 [ 66.477367] [] udpv6_sendmsg+0x1f2e/0x24c0 [ 66.483227] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 66.489352] [] ? udp6_lib_lookup2+0x990/0x990 [ 66.495490] [] ? debug_check_no_locks_freed+0x210/0x210 [ 66.502488] [] ? sock_has_perm+0x1c1/0x400 [ 66.508360] [] ? sock_has_perm+0x29f/0x400 [ 66.514234] [] ? sock_has_perm+0x9f/0x400 [ 66.520019] [] ? inet_sendmsg+0x143/0x4d0 [ 66.525790] [] inet_sendmsg+0x203/0x4d0 [ 66.531388] [] ? inet_sendmsg+0x73/0x4d0 [ 66.537073] [] ? inet_recvmsg+0x4c0/0x4c0 [ 66.542847] [] sock_sendmsg+0xcc/0x110 [ 66.548358] [] ___sys_sendmsg+0x441/0x880 [ 66.554136] [] ? hash_futex+0x15/0x210 [ 66.559655] [] ? copy_msghdr_from_user+0x550/0x550 [ 66.566214] [] ? get_futex_key+0xdc0/0xdc0 [ 66.572115] [] ? release_sock+0x3b6/0x500 [ 66.577921] [] ? do_futex+0x12d/0x17f0 [ 66.583470] [] ? pppol2tp_recv+0x320/0x320 [ 66.589339] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 66.596068] [] ? __fget_light+0x9f/0x1f0 [ 66.601754] [] ? __fdget+0x18/0x20 [ 66.606917] [] ? sockfd_lookup_light+0xb6/0x160 [ 66.613219] [] __sys_sendmmsg+0x1d4/0x2e0 [ 66.619000] [] ? SyS_sendmsg+0x50/0x50 [ 66.624526] [] ? security_socket_connect+0x8f/0xc0 [ 66.631084] [] ? SYSC_connect+0x22a/0x300 [ 66.636865] [] ? SYSC_bind+0x280/0x280 [ 66.642381] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 66.648504] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 66.655502] [] compat_SyS_sendmmsg+0x32/0x40 [ 66.661534] [] ? compat_SyS_sendmsg+0x40/0x40 [ 66.667654] [] do_fast_syscall_32+0x324/0x8b0 [ 66.673775] [] sysenter_flags_fixed+0xd/0x1a [ 66.679848] BUG: sleeping function called from invalid context at kernel/sched/completion.c:90 [ 66.688610] in_atomic(): 1, irqs_disabled(): 0, pid: 4231, name: syz-executor0 [ 66.695967] INFO: lockdep is turned off. [ 66.700020] Preemption disabled at:[] ip6_finish_output+0x3b8/0x760 [ 66.708150] [ 66.709755] CPU: 1 PID: 4231 Comm: syz-executor0 Not tainted 4.4.145-g2241aa9 #14 [ 66.717347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.726674] 0000000000000000 e761f5ab849f6860 ffff8801d660ed80 ffffffff81e123cd [ 66.734661] ffff8800b8c41800 0000000000000000 ffff8800b8c41800 000000000000005a [ 66.742657] ffff8800b8c41800 ffff8801d660edb8 ffffffff8140e7a5 ffff8800b8c41800 [ 66.750643] Call Trace: [ 66.753208] [] dump_stack+0xc1/0x124 [ 66.758557] [] ___might_sleep.cold.116+0x1bd/0x1d3 [ 66.765116] [] __might_sleep+0x90/0x1a0 [ 66.770718] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 66.777617] [] wait_for_completion+0x89/0x2e0 [ 66.783739] [] ? check_preemption_disabled+0x3b/0x170 [ 66.790562] [] ? wait_for_completion_interruptible+0x460/0x460 [ 66.798160] [] ? trace_hardirqs_on+0xd/0x10 [ 66.804119] [] __wait_rcu_gp+0x137/0x1b0 [ 66.809809] [] synchronize_rcu.part.55+0x94/0xd0 [ 66.816189] [] ? synchronize_rcu_bh.part.54+0xd0/0xd0 [ 66.823011] [] ? __call_rcu.constprop.66+0x930/0x930 [ 66.829751] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 66.837260] [] ? lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 66.844610] [] synchronize_rcu+0x37/0xa0 [ 66.850296] [] __l2tp_session_unhash+0x38a/0x520 [ 66.856678] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 66.863243] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 66.869622] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 66.875913] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 66.882220] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 66.888692] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 66.895165] [] ? __neigh_event_send+0x652/0xc50 [ 66.901459] [] sk_destruct+0x4c/0x4c0 [ 66.906884] [] __sk_free+0x4f/0x220 [ 66.912136] [] sock_wfree+0x103/0x140 [ 66.917562] [] ? sk_receive_skb+0x950/0x950 [ 66.923512] [] skb_release_head_state+0x103/0x210 [ 66.929978] [] skb_release_all+0x15/0x60 [ 66.935663] [] __kfree_skb+0x15/0x20 [ 66.941009] [] kfree_skb+0xf7/0x3e0 [ 66.946278] [] __neigh_event_send+0x652/0xc50 [ 66.952397] [] neigh_resolve_output+0x4eb/0x790 [ 66.958691] [] ? check_preemption_disabled+0x3b/0x170 [ 66.965520] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 66.972774] [] ip6_finish_output2+0x929/0x1ca0 [ 66.978983] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 66.985362] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 66.992002] [] ? ip6_mtu+0x217/0x340 [ 66.997344] [] ip6_finish_output+0x3b8/0x760 [ 67.003378] [] ip6_output+0x1b8/0x520 [ 67.008801] [] ? ip6_finish_output+0x760/0x760 [ 67.015013] [] ? ip6_fragment+0x3510/0x3510 [ 67.020961] [] ? rt6_check_expired+0xa2/0x120 [ 67.027083] [] ip6_local_out+0x9b/0x180 [ 67.032681] [] ip6_send_skb+0xa1/0x340 [ 67.038202] [] ? csum_ipv6_magic+0x2b/0x90 [ 67.044066] [] udp_v6_send_skb+0x5ba/0xe70 [ 67.049924] [] udpv6_sendmsg+0x1f2e/0x24c0 [ 67.055782] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 67.061908] [] ? udp6_lib_lookup2+0x990/0x990 [ 67.068029] [] ? debug_check_no_locks_freed+0x210/0x210 [ 67.075020] [] ? sock_has_perm+0x1c1/0x400 [ 67.080879] [] ? sock_has_perm+0x29f/0x400 [ 67.086744] [] ? sock_has_perm+0x9f/0x400 [ 67.092520] [] ? inet_sendmsg+0x143/0x4d0 [ 67.098301] [] inet_sendmsg+0x203/0x4d0 [ 67.103899] [] ? inet_sendmsg+0x73/0x4d0 [ 67.109595] [] ? inet_recvmsg+0x4c0/0x4c0 [ 67.115460] [] sock_sendmsg+0xcc/0x110 [ 67.120973] [] ___sys_sendmsg+0x441/0x880 [ 67.126764] [] ? hash_futex+0x15/0x210 [ 67.132278] [] ? copy_msghdr_from_user+0x550/0x550 [ 67.138837] [] ? get_futex_key+0xdc0/0xdc0 [ 67.144696] [] ? release_sock+0x3b6/0x500 [ 67.150470] [] ? do_futex+0x12d/0x17f0 [ 67.155984] [] ? pppol2tp_recv+0x320/0x320 [ 67.161848] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 67.168576] [] ? __fget_light+0x9f/0x1f0 [ 67.174260] [] ? __fdget+0x18/0x20 [ 67.179424] [] ? sockfd_lookup_light+0xb6/0x160 [ 67.185718] [] __sys_sendmmsg+0x1d4/0x2e0 [ 67.191502] [] ? SyS_sendmsg+0x50/0x50 [ 67.197025] [] ? security_socket_connect+0x8f/0xc0 [ 67.203589] [] ? SYSC_connect+0x22a/0x300 [ 67.209368] [] ? SYSC_bind+0x280/0x280 [ 67.214882] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 67.221013] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 67.228009] [] compat_SyS_sendmmsg+0x32/0x40 [ 67.234045] [] ? compat_SyS_sendmsg+0x40/0x40 [ 67.240177] [] do_fast_syscall_32+0x324/0x8b0 [ 67.246305] [] sysenter_flags_fixed+0xd/0x1a [ 67.252377] BUG: scheduling while atomic: syz-executor0/4231/0x00000402 [ 67.259129] INFO: lockdep is turned off. [ 67.263170] Modules linked in: [ 67.266456] Preemption disabled at:[] ip6_finish_output+0x3b8/0x760 [ 67.274533] [ 67.276138] CPU: 1 PID: 4231 Comm: syz-executor0 Not tainted 4.4.145-g2241aa9 #14 [ 67.283732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.293061] 0000000000000000 e761f5ab849f6860 ffff8801d660ebd8 ffffffff81e123cd [ 67.301049] ffff8800b8c41800 0000000000000402 000000000001f540 0000000000000000 [ 67.309131] 0000000000000001 ffff8801d660ebf8 ffffffff8140e899 ffff8801db31f540 [ 67.317127] Call Trace: [ 67.319692] [] dump_stack+0xc1/0x124 [ 67.325031] [] __schedule_bug.cold.117+0xde/0x100 [ 67.331501] [] __schedule+0x11ff/0x1d70 [ 67.337100] [] ? dump_trace+0x184/0x360 [ 67.342698] [] schedule+0x7a/0x1b0 [ 67.347874] [] schedule_timeout+0x481/0x8b0 [ 67.353822] [] ? usleep_range+0x140/0x140 [ 67.359596] [] ? dump_stack+0xfb/0x124 [ 67.365110] [] ? wait_for_completion+0x91/0x2e0 [ 67.371406] [] ? ___might_sleep.cold.116+0x1bd/0x1d3 [ 67.378133] [] ? wait_for_completion+0x1f6/0x2e0 [ 67.384514] [] wait_for_completion+0x1fe/0x2e0 [ 67.390720] [] ? wait_for_completion_interruptible+0x460/0x460 [ 67.398319] [] ? wake_up_process+0x20/0x20 [ 67.404177] [] __wait_rcu_gp+0x137/0x1b0 [ 67.409862] [] synchronize_rcu.part.55+0x94/0xd0 [ 67.416242] [] ? synchronize_rcu_bh.part.54+0xd0/0xd0 [ 67.423054] [] ? __call_rcu.constprop.66+0x930/0x930 [ 67.429780] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 67.437290] [] ? lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 67.444623] [] synchronize_rcu+0x37/0xa0 [ 67.450308] [] __l2tp_session_unhash+0x38a/0x520 [ 67.456687] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 67.463240] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 67.469619] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 67.475910] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 67.482202] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 67.488669] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 67.495135] [] ? __neigh_event_send+0x652/0xc50 [ 67.501427] [] sk_destruct+0x4c/0x4c0 [ 67.506853] [] __sk_free+0x4f/0x220 [ 67.512102] [] sock_wfree+0x103/0x140 [ 67.517524] [] ? sk_receive_skb+0x950/0x950 [ 67.523470] [] skb_release_head_state+0x103/0x210 [ 67.529935] [] skb_release_all+0x15/0x60 [ 67.535618] [] __kfree_skb+0x15/0x20 [ 67.540954] [] kfree_skb+0xf7/0x3e0 [ 67.546206] [] __neigh_event_send+0x652/0xc50 [ 67.552326] [] neigh_resolve_output+0x4eb/0x790 [ 67.558620] [] ? check_preemption_disabled+0x3b/0x170 [ 67.565436] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 67.572684] [] ip6_finish_output2+0x929/0x1ca0 [ 67.578888] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 67.585267] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 67.591908] [] ? ip6_mtu+0x217/0x340 [ 67.597248] [] ip6_finish_output+0x3b8/0x760 [ 67.603279] [] ip6_output+0x1b8/0x520 [ 67.608704] [] ? ip6_finish_output+0x760/0x760 [ 67.614911] [] ? ip6_fragment+0x3510/0x3510 [ 67.621518] [] ? rt6_check_expired+0xa2/0x120 [ 67.627642] [] ip6_local_out+0x9b/0x180 [ 67.633243] [] ip6_send_skb+0xa1/0x340 [ 67.638763] [] ? csum_ipv6_magic+0x2b/0x90 [ 67.644630] [] udp_v6_send_skb+0x5ba/0xe70 [ 67.650491] [] udpv6_sendmsg+0x1f2e/0x24c0 [ 67.656353] [] ? ip_reply_glue_bits+0xc0/0xc0 [ 67.662485] [] ? udp6_lib_lookup2+0x990/0x990 [ 67.668608] [] ? debug_check_no_locks_freed+0x210/0x210 [ 67.675609] [] ? sock_has_perm+0x1c1/0x400 [ 67.681468] [] ? sock_has_perm+0x29f/0x400 [ 67.687326] [] ? sock_has_perm+0x9f/0x400 [ 67.693101] [] ? inet_sendmsg+0x143/0x4d0 [ 67.698871] [] inet_sendmsg+0x203/0x4d0 [ 67.704469] [] ? inet_sendmsg+0x73/0x4d0 [ 67.710152] [] ? inet_recvmsg+0x4c0/0x4c0 [ 67.715926] [] sock_sendmsg+0xcc/0x110 [ 67.721455] [] ___sys_sendmsg+0x441/0x880 [ 67.727231] [] ? hash_futex+0x15/0x210 [ 67.732741] [] ? copy_msghdr_from_user+0x550/0x550 [ 67.739296] [] ? get_futex_key+0xdc0/0xdc0 [ 67.745155] [] ? release_sock+0x3b6/0x500 [ 67.750924] [] ? do_futex+0x12d/0x17f0 [ 67.756441] [] ? pppol2tp_recv+0x320/0x320 [ 67.762303] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 67.769030] [] ? __fget_light+0x9f/0x1f0 [ 67.774723] [] ? __fdget+0x18/0x20 [ 67.779896] [] ? sockfd_lookup_light+0xb6/0x160 [ 67.786187] [] __sys_sendmmsg+0x1d4/0x2e0 [ 67.791958] [] ? SyS_sendmsg+0x50/0x50 [ 67.797472] [] ? security_socket_connect+0x8f/0xc0 [ 67.804023] [] ? SYSC_connect+0x22a/0x300 [ 67.809802] [] ? SYSC_bind+0x280/0x280 [ 67.815316] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 67.821438] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 67.828437] [] compat_SyS_sendmmsg+0x32/0x40 [ 67.834471] [] ? compat_SyS_sendmsg+0x40/0x40 [ 67.841198] [] do_fast_syscall_32+0x324/0x8b0 [ 67.847329] [] sysenter_flags_fixed+0xd/0x1a