[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.569519] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.075293] random: sshd: uninitialized urandom read (32 bytes read) [ 18.470163] random: sshd: uninitialized urandom read (32 bytes read) [ 18.980826] random: sshd: uninitialized urandom read (32 bytes read) [ 19.130941] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. [ 24.634755] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 24.756962] BUG: sleeping function called from invalid context at net/core/sock.c:2502 [ 24.765080] in_atomic(): 1, irqs_disabled(): 0, pid: 3823, name: syz-executor284 [ 24.772711] 2 locks held by syz-executor284/3823: [ 24.777583] #0: (sk_lock-AF_INET6){+.+...}, at: [] udpv6_destroy_sock+0x19/0xd0 [ 24.787354] #1: (rcu_callback){......}, at: [] rcu_process_callbacks+0x98e/0x12b0 [ 24.798064] Preemption disabled at:[ 24.801530] [] lock_sock_nested+0x43/0x120 [ 24.807686] CPU: 1 PID: 3823 Comm: syz-executor284 Not tainted 4.9.123-g8dd3fc2 #79 [ 24.815478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.824814] ffff8801db307d10 ffffffff81eb9689 ffffffff8302b683 0000000000000000 [ 24.832839] 0000000000000101 ffff8801c8c8c800 ffff8801c8c8c800 ffff8801db307d48 [ 24.840916] ffffffff81426911 ffff8801c8c8c800 ffffffff840f8860 00000000000009c6 [ 24.848955] Call Trace: [ 24.851590] [ 24.853636] [] dump_stack+0xc1/0x128 [ 24.859008] [] ? lock_sock_nested+0x43/0x120 [ 24.865050] [] ___might_sleep.cold.123+0x1bc/0x1f5 [ 24.871608] [] __might_sleep+0x95/0x1a0 [ 24.877254] [] ? trace_hardirqs_on_caller+0x266/0x590 [ 24.884075] [] lock_sock_nested+0x34/0x120 [ 24.889950] [] inet_shutdown+0x69/0x360 [ 24.895667] [] ? pppol2tp_recvmsg+0x280/0x280 [ 24.901801] [] pppol2tp_session_close+0xa0/0xe0 [ 24.908099] [] l2tp_tunnel_closeall+0x231/0x350 [ 24.914396] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 24.920689] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 24.927184] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 24.933676] [] __sk_destruct+0x55/0x590 [ 24.939310] [] rcu_process_callbacks+0x8ae/0x12b0 [ 24.945789] [] ? rcu_process_callbacks+0x98e/0x12b0 [ 24.952445] [] ? sock_set_timeout+0x210/0x210 [ 24.958579] [] __do_softirq+0x210/0x940 [ 24.964195] [] ? lock_sock_nested+0x90/0x120 [ 24.970232] [] ? sock_release+0x1c0/0x1c0 [ 24.976008] [] do_softirq_own_stack+0x1c/0x30 [ 24.982126] [ 24.984173] [] do_softirq.part.14+0x62/0x70 [ 24.990145] [] __local_bh_enable_ip+0xc8/0xd0 [ 24.996273] [] lock_sock_nested+0xdc/0x120 [ 25.002146] [] ? udpv6_destroy_sock+0x19/0xd0 [ 25.008272] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 25.015179] [] udpv6_destroy_sock+0x19/0xd0 [ 25.021128] [] sk_common_release+0x6d/0x300 [ 25.027075] [] udp_lib_close+0x15/0x20 [ 25.032593] [] inet_release+0xff/0x1d0 [ 25.038110] [] inet6_release+0x50/0x70 [ 25.043638] [] sock_release+0x96/0x1c0 [ 25.049153] [] sock_close+0x16/0x20 [ 25.054411] [] __fput+0x263/0x700 [ 25.059498] [] ____fput+0x15/0x20 [ 25.064576] [] task_work_run+0x10c/0x180 [ 25.070371] [] exit_to_usermode_loop+0xfc/0x120 [ 25.076670] [] do_syscall_64+0x364/0x490 [ 25.082367] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 25.092002] [ 25.093618] ================================= [ 25.098084] [ INFO: inconsistent lock state ] [ 25.102555] 4.9.123-g8dd3fc2 #79 Tainted: G W [ 25.108263] --------------------------------- [ 25.112734] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 25.118860] syz-executor284/3823 [HC0[0]:SC1[3]:HE1:SE0] takes: [ 25.124902] (sk_lock-AF_PPPOX){+.?.+.}, at: [] inet_shutdown+0x69/0x360 {SOFTIRQ-ON-W} state was registered at: [ 25.137366] mark_held_locks+0xc7/0x130 [ 25.141468] trace_hardirqs_on_caller+0x38b/0x590 [ 25.146380] trace_hardirqs_on+0xd/0x10 [ 25.150419] __local_bh_enable_ip+0x6a/0xd0 [ 25.154807] lock_sock_nested+0xdc/0x120 [ 25.158936] pppol2tp_connect+0xd9/0x18f0 [ 25.163155] SYSC_connect+0x1b8/0x300 [ 25.167028] SyS_connect+0x24/0x30 [ 25.170636] do_syscall_64+0x1a6/0x490 [ 25.174592] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 25.179758] irq event stamp: 798 [ 25.183111] hardirqs last enabled at (798): [] restore_regs_and_iret+0x0/0x1d [ 25.192011] hardirqs last disabled at (797): [] common_interrupt+0x9b/0xa0 [ 25.200581] softirqs last enabled at (276): [] lock_sock_nested+0x90/0x120 [ 25.209265] softirqs last disabled at (277): [] do_softirq_own_stack+0x1c/0x30 [ 25.218172] [ 25.218172] other info that might help us debug this: [ 25.224819] Possible unsafe locking scenario: [ 25.224819] [ 25.230863] CPU0 [ 25.233420] ---- [ 25.235986] lock(sk_lock-AF_PPPOX); [ 25.240002] [ 25.242734] lock(sk_lock-AF_PPPOX); [ 25.246924] [ 25.246924] *** DEADLOCK *** [ 25.246924] [ 25.252971] 2 locks held by syz-executor284/3823: [ 25.257793] #0: (sk_lock-AF_INET6){+.+...}, at: [] udpv6_destroy_sock+0x19/0xd0 [ 25.267459] #1: (rcu_callback){......}, at: [] rcu_process_callbacks+0x98e/0x12b0 [ 25.277409] [ 25.277409] stack backtrace: [ 25.281885] CPU: 1 PID: 3823 Comm: syz-executor284 Tainted: G W 4.9.123-g8dd3fc2 #79 [ 25.290873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.300212] ffff8801db307a88 ffffffff81eb9689 ffff8801c8c8c800 ffffffff855f12f0 [ 25.308290] ffff8801c8c8d118 ffff8801c8c8d138 0000000000000000 ffff8801db307af8 [ 25.316424] ffffffff81429ce3 0000000000000003 0000000000000001 ffff880100000000 [ 25.324439] Call Trace: [ 25.326996] [ 25.329038] [] dump_stack+0xc1/0x128 [ 25.334403] [] print_usage_bug.cold.56+0x327/0x421 [ 25.340964] [] ? save_stack_trace+0x16/0x20 [ 25.346919] [] mark_lock+0xcc6/0x1280 [ 25.352359] [] ? check_usage_backwards+0x2e0/0x2e0 [ 25.359035] [] __lock_acquire+0xd40/0x4070 [ 25.365049] [] ? debug_check_no_locks_freed+0x210/0x210 [ 25.372048] [] ? check_preemption_disabled+0x3b/0x170 [ 25.378871] [] ? retint_kernel+0x2d/0x2d [ 25.384609] [] lock_acquire+0x130/0x3e0 [ 25.390225] [] ? inet_shutdown+0x69/0x360 [ 25.396012] [] lock_sock_nested+0xc6/0x120 [ 25.401878] [] ? inet_shutdown+0x69/0x360 [ 25.407661] [] inet_shutdown+0x69/0x360 [ 25.413267] [] ? pppol2tp_recvmsg+0x280/0x280 [ 25.419391] [] pppol2tp_session_close+0xa0/0xe0 [ 25.425736] [] l2tp_tunnel_closeall+0x231/0x350 [ 25.432038] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 25.438337] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 25.444908] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 25.451384] [] __sk_destruct+0x55/0x590 [ 25.457003] [] rcu_process_callbacks+0x8ae/0x12b0 [ 25.463478] [] ? rcu_process_callbacks+0x98e/0x12b0 [ 25.470125] [] ? sock_set_timeout+0x210/0x210 [ 25.476267] [] __do_softirq+0x210/0x940 [ 25.481885] [] ? lock_sock_nested+0x90/0x120 [ 25.487927] [] ? sock_release+0x1c0/0x1c0 [ 25.493815] [] do_softirq_own_stack+0x1c/0x30 [ 25.499941] [ 25.501987] [] do_softirq.part.14+0x62/0x70 [ 25.508070] [] __local_bh_enable_ip+0xc8/0xd0 [ 25.514199] [] lock_sock_nested+0xdc/0x120 [ 25.520167] [] ? udpv6_destroy_sock+0x19/0xd0 [ 25.526302] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 25.533213] [] udpv6_destroy_sock+0x19/0xd0 [ 25.539169] [] sk_common_release+0x6d/0x300 [ 25.545189] [] udp_lib_close+0x15/0x20 [ 25.550711] [] inet_release+0xff/0x1d0 [ 25.556235] [] inet6_release+0x50/0x70 [ 25.561754] [] sock_release+0x96/0x1c0 [ 25.567277] [] sock_close+0x16/0x20 [ 25.572533] [] __fput+0x263/0x700 [ 25.577621] [] ____fput+0x15/0x20 [ 25.582708] [] task_work_run+0x10c/0x180 [ 25.588397] [] exit_to_usermode_loop+0xfc/0x120 [ 25.594693] [] do_syscall_64+0x364/0x490 [ 25.600396] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 25.607439] ------------[ cut here ]------------ [ 25.612208] WARNING: CPU: 1 PID: 3823 at net/ipv4/af_inet.c:167 inet_sock_destruct+0x598/0x760 [ 25.620968] Kernel panic - not syncing: panic_on_warn set ... [ 25.620968] [ 25.628376] CPU: 1 PID: 3823 Comm: syz-executor284 Tainted: G W 4.9.123-g8dd3fc2 #79 [ 25.637394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.646735] ffff8801db307cf8 ffffffff81eb9689 ffffffff83c48ac0 00000000ffffffff [ 25.654825] 0000000000000000 0000000000000001 00000000000000a7 ffff8801db307db8 [ 25.662930] ffffffff81423f75 0000000041b58ab3 ffffffff843bb878 ffffffff81423db6 [ 25.670936] Call Trace: [ 25.673495] [ 25.675538] [] dump_stack+0xc1/0x128 [ 25.681613] [] panic+0x1bf/0x3bc [ 25.686714] [] ? add_taint.cold.6+0x16/0x16 [ 25.692683] [] ? __warn.cold.9+0xa6/0x17f [ 25.698462] [] ? inet_sock_destruct+0x598/0x760 [ 25.704833] [] __warn.cold.9+0xc1/0x17f [ 25.710444] [] ? l2tp_tunnel_closeall+0x2af/0x350 [ 25.716924] [] warn_slowpath_null+0x2c/0x40 [ 25.722888] [] inet_sock_destruct+0x598/0x760 [ 25.729111] [] ? ipv4_mib_init_net+0x570/0x570 [ 25.735327] [] l2tp_tunnel_destruct+0x339/0x590 [ 25.741629] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 25.748101] [] ? l2tp_tunnel_del_work+0x470/0x470 [ 25.754571] [] __sk_destruct+0x55/0x590 [ 25.760177] [] rcu_process_callbacks+0x8ae/0x12b0 [ 25.766649] [] ? rcu_process_callbacks+0x98e/0x12b0 [ 25.773340] [] ? sock_set_timeout+0x210/0x210 [ 25.779482] [] __do_softirq+0x210/0x940 [ 25.785100] [] ? lock_sock_nested+0x90/0x120 [ 25.791205] [] ? sock_release+0x1c0/0x1c0 [ 25.796986] [] do_softirq_own_stack+0x1c/0x30 [ 25.803170] [ 25.805398] [] do_softirq.part.14+0x62/0x70 [ 25.811367] [] __local_bh_enable_ip+0xc8/0xd0 [ 25.817497] [] lock_sock_nested+0xdc/0x120 [ 25.823362] [] ? udpv6_destroy_sock+0x19/0xd0 [ 25.829493] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 25.836398] [] udpv6_destroy_sock+0x19/0xd0 [ 25.842351] [] sk_common_release+0x6d/0x300 [ 25.848398] [] udp_lib_close+0x15/0x20 [ 25.853959] [] inet_release+0xff/0x1d0 [ 25.859480] [] inet6_release+0x50/0x70 [ 25.864997] [] sock_release+0x96/0x1c0 [ 25.870512] [] sock_close+0x16/0x20 [ 25.875778] [] __fput+0x263/0x700 [ 25.880867] [] ____fput+0x15/0x20 [ 25.885952] [] task_work_run+0x10c/0x180 [ 25.891650] [] exit_to_usermode_loop+0xfc/0x120 [ 25.897954] [] do_syscall_64+0x364/0x490 [ 25.903645] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 25.910873] Dumping ftrace buffer: [ 25.914395] (ftrace buffer empty) [ 25.918083] Kernel Offset: disabled [ 25.921744] Rebooting in 86400 seconds..