[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.801924] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.565993] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.873431] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 27.525602] random: sshd: uninitialized urandom read (32 bytes read, 62 bits of entropy available) [ 52.760116] random: sshd: uninitialized urandom read (32 bytes read, 72 bits of entropy available) Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. [ 58.361495] random: sshd: uninitialized urandom read (32 bytes read, 78 bits of entropy available) [ 58.466942] IPVS: Creating netns size=2552 id=1 RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bridge0" is wrong: Device does not exist Error: argument "bridge0" is wrong: Device does not exist [ 58.644574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.658900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready Error: argument "bond0" is wrong: Device does not exist Error: argument "bond0" is wrong: Device does not exist [ 58.739500] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.754929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready Error: argument "team0" is wrong: Device does not exist Error: argument "team0" is wrong: Device does not exist [ 58.837204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.852377] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.868990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.886320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" RTNETLINK answers: Operation not supported Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "ip_vti0" Cannot find device "ip_vti0" Cannot find device "ip_vti0" Cannot find device "ip_vti0" Cannot find device "ip6_vti0" Cannot find device "ip6_vti0" Cannot find device "ip6_vti0" Cannot find device "ip6_vti0" RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "team0" Cannot find device "team0" [ 59.601755] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.638397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready Cannot find device "team0" Cannot find device "team0" executing program executing program executing program executing program executing program executing program executing program executing program [ 61.013348] [ 61.015008] =============================== [ 61.019311] [ INFO: suspicious RCU usage. ] [ 61.023661] 4.4.147-ga5fc665 #80 Not tainted [ 61.028063] ------------------------------- [ 61.032369] kernel/rcu/tree_plugin.h:685 Illegal synchronize_rcu() in RCU read-side critical section! [ 61.041972] [ 61.041972] other info that might help us debug this: [ 61.041972] [ 61.050148] [ 61.050148] rcu_scheduler_active = 1, debug_locks = 0 [ 61.056840] 4 locks held by syz-executor554/4180: [ 61.056867] #0: (l2tp_sock){+.....}, at: [] l2tp_xmit_skb+0x38c/0xeb0 [ 61.056884] #1: (rcu_read_lock){......}, at: [] inet6_csk_xmit+0xff/0x490 [ 61.056923] #2: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1d5/0x1ca0 [ 61.056936] #3: (&n->lock){++--..}, at: [] __neigh_event_send+0x2f/0xc50 [ 61.056938] [ 61.056938] stack backtrace: [ 61.056946] CPU: 0 PID: 4180 Comm: syz-executor554 Not tainted 4.4.147-ga5fc665 #80 [ 61.056950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.056960] 0000000000000000 8468dad2c3a09b73 ffff8800b8db7090 ffffffff81e12a4d [ 61.056969] ffff8801d7973000 0000000000000000 0000000000000001 ffffffff83a68200 [ 61.056994] ffff8800b9a257d8 ffff8800b8db70c0 ffffffff814108b7 ffff8800b9a25680 [ 61.056995] Call Trace: [ 61.057006] [] dump_stack+0xc1/0x124 [ 61.057020] [] lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 61.057031] [] synchronize_rcu+0x78/0xa0 [ 61.057042] [] __l2tp_session_unhash+0x38a/0x520 [ 61.057054] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 61.057065] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 61.057091] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 61.057102] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 61.057113] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 61.057123] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 61.057134] [] ? __neigh_event_send+0x652/0xc50 [ 61.057145] [] sk_destruct+0x4c/0x4c0 [ 61.057155] [] __sk_free+0x4f/0x220 [ 61.057165] [] sock_wfree+0x103/0x140 [ 61.057175] [] ? sk_receive_skb+0x950/0x950 [ 61.057201] [] skb_release_head_state+0x103/0x210 [ 61.057212] [] skb_release_all+0x15/0x60 [ 61.057221] [] __kfree_skb+0x15/0x20 [ 61.057246] [] kfree_skb+0xf7/0x3e0 [ 61.057257] [] __neigh_event_send+0x652/0xc50 [ 61.057286] [] ? __lock_acquire+0xa86/0x5270 [ 61.057297] [] neigh_resolve_output+0x4eb/0x790 [ 61.057311] [] ? check_preemption_disabled+0x3b/0x170 [ 61.057329] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 61.057341] [] ip6_finish_output2+0x929/0x1ca0 [ 61.057353] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 61.057365] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 61.057376] [] ? __lock_is_held+0xa2/0xf0 [ 61.057388] [] ip6_finish_output+0x3b8/0x760 [ 61.057398] [] ip6_output+0x1b8/0x520 [ 61.057409] [] ? ip6_finish_output+0x760/0x760 [ 61.057421] [] ? nf_iterate+0x210/0x210 [ 61.057433] [] ? ip6_fragment+0x3510/0x3510 [ 61.057444] [] ip6_xmit+0xc7a/0x1a00 [ 61.057457] [] ? kasan_slab_free+0x72/0xc0 [ 61.057467] [] ? kfree+0xf4/0x310 [ 61.057479] [] ? pskb_expand_head+0x683/0x970 [ 61.057490] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 61.057501] [] ? dst_release+0x70/0xb0 [ 61.057514] [] ? sk_setup_caps+0xca/0x3a0 [ 61.057526] [] ? ip6_append_data+0x2b0/0x2b0 [ 61.057536] [] inet6_csk_xmit+0x245/0x490 [ 61.057547] [] ? inet6_csk_xmit+0xff/0x490 [ 61.057558] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 61.057570] [] ? ip6_pkt_prohibit_out+0x180/0x180 [ 61.057584] [] ? udp6_set_csum+0xd3/0xa70 [ 61.057594] [] l2tp_xmit_skb+0xbeb/0xeb0 [ 61.057626] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 61.057642] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 61.057653] [] ? pppol2tp_release+0x310/0x310 [ 61.057664] [] sock_sendmsg+0xcc/0x110 [ 61.057675] [] ___sys_sendmsg+0x441/0x880 [ 61.057687] [] ? copy_msghdr_from_user+0x550/0x550 [ 61.057699] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 61.057711] [] ? debug_check_no_locks_freed+0x210/0x210 [ 61.057721] [] ? release_sock+0x3b6/0x500 [ 61.057733] [] ? __might_fault+0x114/0x1d0 [ 61.057741] [] __sys_sendmmsg+0x12e/0x2e0 [ 61.057749] [] ? SyS_sendmsg+0x50/0x50 [ 61.057760] [] ? security_socket_connect+0x8f/0xc0 [ 61.057767] [] ? SYSC_connect+0x22a/0x300 [ 61.057774] [] ? SYSC_bind+0x280/0x280 [ 61.057786] [] ? retint_user+0x18/0x3c [ 61.057794] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 61.057802] [] SyS_sendmmsg+0x35/0x60 [ 61.057811] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 61.057831] BUG: sleeping function called from invalid context at kernel/sched/completion.c:90 [ 61.057836] in_atomic(): 1, irqs_disabled(): 0, pid: 4180, name: syz-executor554 [ 61.057838] INFO: lockdep is turned off. [ 61.057847] Preemption disabled at:[] sock_sendmsg+0xcc/0x110 [ 61.057852] [ 61.057862] CPU: 0 PID: 4180 Comm: syz-executor554 Not tainted 4.4.147-ga5fc665 #80 [ 61.057870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.057897] 0000000000000000 8468dad2c3a09b73 ffff8800b8db6e10 ffffffff81e12a4d [ 61.057925] ffff8801d7973000 0000000000000000 ffff8801d7973000 000000000000005a [ 61.057953] ffff8801d7973000 ffff8800b8db6e48 ffffffff8140e9d5 ffff8801d7973000 [ 61.057959] Call Trace: [ 61.057969] [] dump_stack+0xc1/0x124 [ 61.057981] [] ___might_sleep.cold.116+0x1bd/0x1d3 [ 61.057994] [] __might_sleep+0x90/0x1a0 [ 61.058006] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 61.058017] [] wait_for_completion+0x89/0x2e0 [ 61.058029] [] ? check_preemption_disabled+0x3b/0x170 [ 61.058040] [] ? wait_for_completion_interruptible+0x460/0x460 [ 61.058052] [] ? trace_hardirqs_on+0xd/0x10 [ 61.058063] [] __wait_rcu_gp+0x137/0x1b0 [ 61.058074] [] synchronize_rcu.part.55+0x94/0xd0 [ 61.058085] [] ? synchronize_rcu_bh.part.54+0xd0/0xd0 [ 61.058096] [] ? __call_rcu.constprop.66+0x930/0x930 [ 61.058107] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 61.058119] [] ? lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 61.058130] [] synchronize_rcu+0x37/0xa0 [ 61.058141] [] __l2tp_session_unhash+0x38a/0x520 [ 61.058152] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 61.058164] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 61.058175] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 61.058186] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 61.058197] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 61.058208] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 61.058219] [] ? __neigh_event_send+0x652/0xc50 [ 61.058229] [] sk_destruct+0x4c/0x4c0 [ 61.058239] [] __sk_free+0x4f/0x220 [ 61.058249] [] sock_wfree+0x103/0x140 [ 61.058259] [] ? sk_receive_skb+0x950/0x950 [ 61.058270] [] skb_release_head_state+0x103/0x210 [ 61.058281] [] skb_release_all+0x15/0x60 [ 61.058291] [] __kfree_skb+0x15/0x20 [ 61.058301] [] kfree_skb+0xf7/0x3e0 [ 61.058312] [] __neigh_event_send+0x652/0xc50 [ 61.058331] [] ? __lock_acquire+0xa86/0x5270 [ 61.058342] [] neigh_resolve_output+0x4eb/0x790 [ 61.058354] [] ? check_preemption_disabled+0x3b/0x170 [ 61.058365] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 61.058377] [] ip6_finish_output2+0x929/0x1ca0 [ 61.058389] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 61.058397] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 61.058405] [] ? __lock_is_held+0xa2/0xf0 [ 61.058414] [] ip6_finish_output+0x3b8/0x760 [ 61.058420] [] ip6_output+0x1b8/0x520 [ 61.058428] [] ? ip6_finish_output+0x760/0x760 [ 61.058434] [] ? nf_iterate+0x210/0x210 [ 61.058443] [] ? ip6_fragment+0x3510/0x3510 [ 61.058451] [] ip6_xmit+0xc7a/0x1a00 [ 61.058458] [] ? kasan_slab_free+0x72/0xc0 [ 61.058464] [] ? kfree+0xf4/0x310 [ 61.058471] [] ? pskb_expand_head+0x683/0x970 [ 61.058480] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 61.058487] [] ? dst_release+0x70/0xb0 [ 61.058494] [] ? sk_setup_caps+0xca/0x3a0 [ 61.058502] [] ? ip6_append_data+0x2b0/0x2b0 [ 61.058510] [] inet6_csk_xmit+0x245/0x490 [ 61.058517] [] ? inet6_csk_xmit+0xff/0x490 [ 61.058528] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 61.058539] [] ? ip6_pkt_prohibit_out+0x180/0x180 [ 61.058550] [] ? udp6_set_csum+0xd3/0xa70 [ 61.058561] [] l2tp_xmit_skb+0xbeb/0xeb0 [ 61.058573] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 61.058584] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 61.058595] [] ? pppol2tp_release+0x310/0x310 [ 61.058627] [] sock_sendmsg+0xcc/0x110 [ 61.058638] [] ___sys_sendmsg+0x441/0x880 [ 61.058650] [] ? copy_msghdr_from_user+0x550/0x550 [ 61.058662] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 61.058674] [] ? debug_check_no_locks_freed+0x210/0x210 [ 61.058684] [] ? release_sock+0x3b6/0x500 [ 61.058696] [] ? __might_fault+0x114/0x1d0 [ 61.058707] [] __sys_sendmmsg+0x12e/0x2e0 [ 61.058718] [] ? SyS_sendmsg+0x50/0x50 [ 61.058730] [] ? security_socket_connect+0x8f/0xc0 [ 61.058741] [] ? SYSC_connect+0x22a/0x300 [ 61.058752] [] ? SYSC_bind+0x280/0x280 [ 61.058763] [] ? retint_user+0x18/0x3c [ 61.058775] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 61.058787] [] SyS_sendmmsg+0x35/0x60 [ 61.058798] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 61.058811] BUG: scheduling while atomic: syz-executor554/4180/0x00000603 [ 61.058825] INFO: lockdep is turned off. [ 61.058836] Modules linked in: [ 61.058852] Preemption disabled at:[] sock_sendmsg+0xcc/0x110 [ 61.058857] [ 61.058867] CPU: 0 PID: 4180 Comm: syz-executor554 Not tainted 4.4.147-ga5fc665 #80 [ 61.058874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.058902] 0000000000000000 8468dad2c3a09b73 ffff8800b8db6c68 ffffffff81e12a4d [ 61.058929] ffff8801d7973000 0000000000000603 000000000001f540 0000000000000000 [ 61.058957] 0000000000000000 ffff8800b8db6c88 ffffffff8140eac9 ffff8801db21f540 [ 61.058962] Call Trace: [ 61.058972] [] dump_stack+0xc1/0x124 [ 61.058984] [] __schedule_bug.cold.117+0xde/0x100 [ 61.058994] [] __schedule+0x11ff/0x1d70 [ 61.059008] [] ? dump_trace+0x184/0x360 [ 61.059018] [] schedule+0x7a/0x1b0 [ 61.059028] [] schedule_timeout+0x481/0x8b0 [ 61.059043] [] ? show_stack_log_lvl.cold.1+0x21/0x12e [ 61.059053] [] ? usleep_range+0x140/0x140 [ 61.059061] [] ? wait_for_completion+0x91/0x2e0 [ 61.059068] [] ? ___might_sleep.cold.116+0x1bd/0x1d3 [ 61.059075] [] ? wait_for_completion+0x1f6/0x2e0 [ 61.059082] [] wait_for_completion+0x1fe/0x2e0 [ 61.059090] [] ? wait_for_completion_interruptible+0x460/0x460 [ 61.059097] [] ? wake_up_process+0x20/0x20 [ 61.059104] [] __wait_rcu_gp+0x137/0x1b0 [ 61.059112] [] synchronize_rcu.part.55+0x94/0xd0 [ 61.059120] [] ? synchronize_rcu_bh.part.54+0xd0/0xd0 [ 61.059127] [] ? __call_rcu.constprop.66+0x930/0x930 [ 61.059135] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 61.059143] [] ? lockdep_rcu_suspicious.cold.47+0x110/0x141 [ 61.059151] [] synchronize_rcu+0x37/0xa0 [ 61.059158] [] __l2tp_session_unhash+0x38a/0x520 [ 61.059166] [] ? __l2tp_session_unhash+0x1ac/0x520 [ 61.059173] [] ? l2tp_udp_encap_recv+0xa40/0xa40 [ 61.059181] [] l2tp_tunnel_closeall+0x1cb/0x350 [ 61.059192] [] l2tp_tunnel_destruct+0x2f2/0x590 [ 61.059203] [] ? l2tp_tunnel_destruct+0x1aa/0x590 [ 61.059214] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 61.059225] [] ? __neigh_event_send+0x652/0xc50 [ 61.059236] [] sk_destruct+0x4c/0x4c0 [ 61.059246] [] __sk_free+0x4f/0x220 [ 61.059256] [] sock_wfree+0x103/0x140 [ 61.059266] [] ? sk_receive_skb+0x950/0x950 [ 61.059278] [] skb_release_head_state+0x103/0x210 [ 61.059288] [] skb_release_all+0x15/0x60 [ 61.059298] [] __kfree_skb+0x15/0x20 [ 61.059309] [] kfree_skb+0xf7/0x3e0 [ 61.059319] [] __neigh_event_send+0x652/0xc50 [ 61.059327] [] ? __lock_acquire+0xa86/0x5270 [ 61.059339] [] neigh_resolve_output+0x4eb/0x790 [ 61.059350] [] ? check_preemption_disabled+0x3b/0x170 [ 61.059362] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 61.059374] [] ip6_finish_output2+0x929/0x1ca0 [ 61.059385] [] ? ip6_finish_output2+0x1d5/0x1ca0 [ 61.059397] [] ? ip6_sk_dst_lookup_flow+0x580/0x580 [ 61.059408] [] ? __lock_is_held+0xa2/0xf0 [ 61.059420] [] ip6_finish_output+0x3b8/0x760 [ 61.059430] [] ip6_output+0x1b8/0x520 [ 61.059442] [] ? ip6_finish_output+0x760/0x760 [ 61.059452] [] ? nf_iterate+0x210/0x210 [ 61.059463] [] ? ip6_fragment+0x3510/0x3510 [ 61.059475] [] ip6_xmit+0xc7a/0x1a00 [ 61.059485] [] ? kasan_slab_free+0x72/0xc0 [ 61.059495] [] ? kfree+0xf4/0x310 [ 61.059506] [] ? pskb_expand_head+0x683/0x970 [ 61.059518] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 61.059528] [] ? dst_release+0x70/0xb0 [ 61.059540] [] ? sk_setup_caps+0xca/0x3a0 [ 61.059551] [] ? ip6_append_data+0x2b0/0x2b0 [ 61.059562] [] inet6_csk_xmit+0x245/0x490 [ 61.059572] [] ? inet6_csk_xmit+0xff/0x490 [ 61.059583] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 61.059594] [] ? ip6_pkt_prohibit_out+0x180/0x180 [ 61.059625] [] ? udp6_set_csum+0xd3/0xa70 [ 61.059636] [] l2tp_xmit_skb+0xbeb/0xeb0 [ 61.059647] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 61.059658] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 61.059669] [] ? pppol2tp_release+0x310/0x310 [ 61.059680] [] sock_sendmsg+0xcc/0x110 [ 61.059691] [] ___sys_sendmsg+0x441/0x880 [ 61.059702] [] ? copy_msghdr_from_user+0x550/0x550 [ 61.059714] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 61.059726] [] ? debug_check_no_locks_freed+0x210/0x210 [ 61.059737] [] ? release_sock+0x3b6/0x500 [ 61.059748] [] ? __might_fault+0x114/0x1d0 [ 61.059760] [] __sys_sendmmsg+0x12e/0x2e0 [ 61.059771] [] ? SyS_sendmsg+0x50/0x50 [ 61.059783] [] ? security_socket_connect+0x8f/0xc0 [ 61.059793] [] ? SYSC_connect+0x22a/0x300 [ 61.059804] [] ? SYSC_bind+0x280/0x280 [ 61.059821] [] ? retint_user+0x18/0x3c [ 61.059833] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 61.059844] [] SyS_sendmmsg+0x35/0x60 [ 61.059852] [] entry_SYSCALL_64_fastpath+0x22/0x9e