[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.690483] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.046212] random: sshd: uninitialized urandom read (32 bytes read) [ 24.257121] random: sshd: uninitialized urandom read (32 bytes read) [ 24.845273] random: sshd: uninitialized urandom read (32 bytes read) [ 112.610239] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. [ 118.132093] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/04 20:01:44 parsed 1 programs [ 119.482864] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/04 20:01:46 executed programs: 0 [ 120.944657] IPVS: ftp: loaded support on port[0] = 21 [ 121.161101] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.167758] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.175081] device bridge_slave_0 entered promiscuous mode [ 121.193786] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.200276] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.207351] device bridge_slave_1 entered promiscuous mode [ 121.224633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 121.242012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 121.285701] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 121.304993] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 121.371438] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 121.378877] team0: Port device team_slave_0 added [ 121.394801] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 121.402131] team0: Port device team_slave_1 added [ 121.420427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 121.439722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.458701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 121.477042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.608304] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.614908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.621931] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.628359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.104164] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 122.110375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.146510] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 122.164903] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 122.212012] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 122.218217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 122.225666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.266169] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.553198] [ 122.554982] ====================================================== [ 122.561278] WARNING: possible circular locking dependency detected [ 122.567679] 4.19.0-rc2-next-20180904+ #55 Not tainted [ 122.572846] ------------------------------------------------------ [ 122.579238] syz-executor0/4927 is trying to acquire lock: [ 122.584755] 000000008995be2b ((wq_completion)bond_dev->name){+.+.}, at: flush_workqueue+0x2db/0x1e10 [ 122.594184] [ 122.594184] but task is already holding lock: [ 122.600665] 000000004c798bc9 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30 [ 122.608371] [ 122.608371] which lock already depends on the new lock. [ 122.608371] [ 122.616855] [ 122.616855] the existing dependency chain (in reverse order) is: [ 122.624472] [ 122.624472] -> #2 (rtnl_mutex){+.+.}: [ 122.629749] __mutex_lock+0x171/0x1700 [ 122.634252] mutex_lock_nested+0x16/0x20 [ 122.638833] rtnl_lock+0x17/0x20 [ 122.642727] bond_netdev_notify_work+0x44/0xd0 [ 122.647955] process_one_work+0xc73/0x1aa0 [ 122.652798] worker_thread+0x189/0x13c0 [ 122.657276] kthread+0x35a/0x420 [ 122.661144] ret_from_fork+0x3a/0x50 [ 122.665356] [ 122.665356] -> #1 ((work_completion)(&(&nnw->work)->work)){+.+.}: [ 122.673063] process_one_work+0xc0b/0x1aa0 [ 122.677799] worker_thread+0x189/0x13c0 [ 122.682270] kthread+0x35a/0x420 [ 122.686138] ret_from_fork+0x3a/0x50 [ 122.690404] [ 122.690404] -> #0 ((wq_completion)bond_dev->name){+.+.}: [ 122.697401] lock_acquire+0x1e4/0x4f0 [ 122.701852] flush_workqueue+0x30a/0x1e10 [ 122.706669] drain_workqueue+0x2a9/0x640 [ 122.711235] destroy_workqueue+0xc6/0x9d0 [ 122.715982] __alloc_workqueue_key+0xef9/0x1190 [ 122.721170] bond_init+0x269/0x940 [ 122.725214] register_netdevice+0x337/0x1100 [ 122.730137] bond_newlink+0x49/0xa0 [ 122.734270] rtnl_newlink+0xef4/0x1d50 [ 122.738668] rtnetlink_rcv_msg+0x46e/0xc30 [ 122.743407] netlink_rcv_skb+0x172/0x440 [ 122.747998] rtnetlink_rcv+0x1c/0x20 [ 122.752231] netlink_unicast+0x5a0/0x760 [ 122.756790] netlink_sendmsg+0xa18/0xfc0 [ 122.761349] sock_sendmsg+0xd5/0x120 [ 122.765561] ___sys_sendmsg+0x7fd/0x930 [ 122.770032] __sys_sendmsg+0x11d/0x290 [ 122.774424] __x64_sys_sendmsg+0x78/0xb0 [ 122.779051] do_syscall_64+0x1b9/0x820 [ 122.783459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.789155] [ 122.789155] other info that might help us debug this: [ 122.789155] [ 122.797291] Chain exists of: [ 122.797291] (wq_completion)bond_dev->name --> (work_completion)(&(&nnw->work)->work) --> rtnl_mutex [ 122.797291] [ 122.810997] Possible unsafe locking scenario: [ 122.810997] [ 122.817146] CPU0 CPU1 [ 122.826929] ---- ---- [ 122.831578] lock(rtnl_mutex); [ 122.834840] lock((work_completion)(&(&nnw->work)->work)); [ 122.843052] lock(rtnl_mutex); [ 122.848827] lock((wq_completion)bond_dev->name); [ 122.853732] [ 122.853732] *** DEADLOCK *** [ 122.853732] [ 122.859833] 1 lock held by syz-executor0/4927: [ 122.864395] #0: 000000004c798bc9 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30 [ 122.872600] [ 122.872600] stack backtrace: [ 122.877103] CPU: 0 PID: 4927 Comm: syz-executor0 Not tainted 4.19.0-rc2-next-20180904+ #55 [ 122.885482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.894932] Call Trace: [ 122.897516] dump_stack+0x1c9/0x2b4 [ 122.901128] ? dump_stack_print_info.cold.2+0x52/0x52 [ 122.906305] ? vprintk_func+0x81/0x117 [ 122.910171] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 122.915858] ? save_trace+0xe0/0x290 [ 122.920984] __lock_acquire+0x3449/0x5020 [ 122.925126] ? mark_held_locks+0x160/0x160 [ 122.929346] ? __lock_is_held+0xb5/0x140 [ 122.933441] ? update_curr+0x344/0xba0 [ 122.937318] ? __account_cfs_rq_runtime+0x770/0x770 [ 122.942321] ? mark_held_locks+0x160/0x160 [ 122.946539] ? lock_downgrade+0x8f0/0x8f0 [ 122.950668] lock_acquire+0x1e4/0x4f0 [ 122.954455] ? flush_workqueue+0x2db/0x1e10 [ 122.958768] ? lock_release+0x9f0/0x9f0 [ 122.962723] ? lockdep_init_map+0x9/0x10 [ 122.966773] ? __init_waitqueue_head+0x9e/0x150 [ 122.971425] ? init_wait_entry+0x1c0/0x1c0 [ 122.975750] flush_workqueue+0x30a/0x1e10 [ 122.979881] ? flush_workqueue+0x2db/0x1e10 [ 122.984284] ? lock_acquire+0x1e4/0x4f0 [ 122.988242] ? drain_workqueue+0xa9/0x640 [ 122.992368] ? lock_release+0x9f0/0x9f0 [ 122.996321] ? check_same_owner+0x340/0x340 [ 123.000632] ? __queue_delayed_work+0x390/0x390 [ 123.005387] ? graph_lock+0x170/0x170 [ 123.009175] ? kasan_check_write+0x14/0x20 [ 123.013657] ? __mutex_lock+0x6d0/0x1700 [ 123.017715] ? drain_workqueue+0xa9/0x640 [ 123.021855] ? graph_lock+0x170/0x170 [ 123.025644] ? print_usage_bug+0xc0/0xc0 [ 123.029690] ? find_held_lock+0x36/0x1c0 [ 123.033802] ? lock_downgrade+0x8f0/0x8f0 [ 123.037955] ? graph_lock+0x170/0x170 [ 123.041748] ? graph_lock+0x170/0x170 [ 123.045531] ? find_held_lock+0x36/0x1c0 [ 123.049609] ? kasan_check_write+0x14/0x20 [ 123.053857] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 123.058771] ? wait_for_completion+0x8d0/0x8d0 [ 123.063340] ? do_raw_spin_unlock+0xa7/0x2f0 [ 123.067732] ? trace_hardirqs_on+0x2c0/0x2c0 [ 123.072123] drain_workqueue+0x2a9/0x640 [ 123.076169] ? drain_workqueue+0x2a9/0x640 [ 123.080404] ? flush_workqueue+0x1e10/0x1e10 [ 123.084827] ? save_stack+0xa9/0xd0 [ 123.088444] ? save_stack+0x43/0xd0 [ 123.092053] ? __kasan_slab_free+0x11a/0x170 [ 123.096444] ? kasan_slab_free+0xe/0x10 [ 123.100402] ? print_usage_bug+0xc0/0xc0 [ 123.104449] ? bond_init+0x269/0x940 [ 123.108144] ? register_netdevice+0x337/0x1100 [ 123.112709] ? bond_newlink+0x49/0xa0 [ 123.116498] ? rtnl_newlink+0xef4/0x1d50 [ 123.120542] ? rtnetlink_rcv_msg+0x46e/0xc30 [ 123.124941] ? netlink_rcv_skb+0x172/0x440 [ 123.129177] ? rtnetlink_rcv+0x1c/0x20 [ 123.133051] ? netlink_unicast+0x5a0/0x760 [ 123.137324] ? netlink_sendmsg+0xa18/0xfc0 [ 123.141562] ? sock_sendmsg+0xd5/0x120 [ 123.145436] destroy_workqueue+0xc6/0x9d0 [ 123.149574] ? kasan_check_write+0x14/0x20 [ 123.153793] ? wq_watchdog_timer_fn+0x830/0x830 [ 123.158480] ? mark_held_locks+0xc9/0x160 [ 123.162690] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 123.167786] ? kfree+0x111/0x210 [ 123.171132] ? kfree+0x111/0x210 [ 123.174480] ? lockdep_hardirqs_on+0x421/0x5c0 [ 123.179043] ? trace_hardirqs_on+0xbd/0x2c0 [ 123.183349] ? init_rescuer.part.26+0x155/0x190 [ 123.188004] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 123.193092] ? __kasan_slab_free+0x131/0x170 [ 123.197487] ? init_rescuer.part.26+0x155/0x190 [ 123.202142] __alloc_workqueue_key+0xef9/0x1190 [ 123.207005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.212531] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 123.217536] ? put_dec+0xf0/0xf0 [ 123.220888] ? format_decode+0x1b1/0xaf0 [ 123.224935] ? set_precision+0xe0/0xe0 [ 123.228817] ? simple_strtoll+0xa0/0xa0 [ 123.232775] ? graph_lock+0x170/0x170 [ 123.236576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 123.242102] ? vsnprintf+0x20d/0x1b60 [ 123.245888] ? find_held_lock+0x36/0x1c0 [ 123.249942] ? lock_downgrade+0x8f0/0x8f0 [ 123.254087] ? kasan_check_read+0x11/0x20 [ 123.258224] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 123.262883] bond_init+0x269/0x940 [ 123.266407] ? __dev_get_by_name+0x170/0x170 [ 123.270796] ? bond_arp_rcv+0x11c0/0x11c0 [ 123.274935] ? check_same_owner+0x340/0x340 [ 123.280906] ? rcu_note_context_switch+0x680/0x680 [ 123.285842] ? bond_arp_rcv+0x11c0/0x11c0 [ 123.289983] register_netdevice+0x337/0x1100 [ 123.294381] ? netdev_change_features+0x110/0x110 [ 123.300144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.305689] ? ns_capable_common+0x13f/0x170 [ 123.310097] bond_newlink+0x49/0xa0 [ 123.313711] ? bond_changelink+0x2360/0x2360 [ 123.318187] rtnl_newlink+0xef4/0x1d50 [ 123.322328] ? rtnl_link_unregister+0x390/0x390 [ 123.327006] ? print_usage_bug+0xc0/0xc0 [ 123.331056] ? __lock_acquire+0x7fc/0x5020 [ 123.335285] ? print_usage_bug+0xc0/0xc0 [ 123.339330] ? graph_lock+0x170/0x170 [ 123.343123] ? print_usage_bug+0xc0/0xc0 [ 123.347175] ? mark_held_locks+0x160/0x160 [ 123.351400] ? __lock_acquire+0x7fc/0x5020 [ 123.356014] ? lock_acquire+0x1e4/0x4f0 [ 123.359991] ? rtnetlink_rcv_msg+0x412/0xc30 [ 123.364394] ? lock_release+0x9f0/0x9f0 [ 123.368358] ? check_same_owner+0x340/0x340 [ 123.372672] ? mutex_trylock+0x2b0/0x2b0 [ 123.376718] ? __lock_acquire+0x7fc/0x5020 [ 123.380952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.386606] ? refcount_sub_and_test_checked+0x21a/0x350 [ 123.392089] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 123.397615] ? rtnl_get_link+0x170/0x370 [ 123.401661] ? rtnl_dump_all+0x600/0x600 [ 123.405708] ? rcu_is_watching+0x8c/0x150 [ 123.409848] ? rtnl_link_unregister+0x390/0x390 [ 123.414513] rtnetlink_rcv_msg+0x46e/0xc30 [ 123.418731] ? rtnetlink_put_metrics+0x690/0x690 [ 123.423644] netlink_rcv_skb+0x172/0x440 [ 123.427691] ? rtnetlink_put_metrics+0x690/0x690 [ 123.432429] ? netlink_ack+0xbe0/0xbe0 [ 123.436310] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 123.440977] rtnetlink_rcv+0x1c/0x20 [ 123.444685] netlink_unicast+0x5a0/0x760 [ 123.448730] ? netlink_attachskb+0x9a0/0x9a0 [ 123.453127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.458648] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 123.463659] netlink_sendmsg+0xa18/0xfc0 [ 123.467706] ? netlink_unicast+0x760/0x760 [ 123.471958] ? aa_sock_msg_perm.isra.13+0xba/0x160 [ 123.476883] ? apparmor_socket_sendmsg+0x29/0x30 [ 123.481632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.487164] ? security_socket_sendmsg+0x94/0xc0 [ 123.491904] ? netlink_unicast+0x760/0x760 [ 123.496168] sock_sendmsg+0xd5/0x120 [ 123.499875] ___sys_sendmsg+0x7fd/0x930 [ 123.503834] ? copy_msghdr_from_user+0x580/0x580 [ 123.508583] ? lock_downgrade+0x8f0/0x8f0 [ 123.512714] ? __fget_light+0x2f7/0x440 [ 123.516672] ? fget_raw+0x20/0x20 [ 123.520111] ? __fd_install+0x2db/0x880 [ 123.524070] ? get_unused_fd_flags+0x1a0/0x1a0 [ 123.528641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 123.534199] ? sockfd_lookup_light+0xc5/0x160 [ 123.538689] __sys_sendmsg+0x11d/0x290 [ 123.542565] ? __ia32_sys_shutdown+0x80/0x80 [ 123.546972] ? __x64_sys_futex+0x47f/0x6a0 [ 123.551200] ? do_syscall_64+0x9a/0x820 [ 123.555183] ? do_syscall_64+0x9a/0x820 [ 123.559146] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 123.564232] ? trace_hardirqs_off+0xb8/0x2b0 [ 123.568626] __x64_sys_sendmsg+0x78/0xb0 [ 123.572681] do_syscall_64+0x1b9/0x820 [ 123.576558] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 123.581917] ? syscall_return_slowpath+0x5e0/0x5e0 [ 123.586883] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 123.591891] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 123.596891] ? recalc_sigpending_tsk+0x180/0x180 [ 123.601634] ? kasan_check_write+0x14/0x20 [ 123.605853] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.610682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.615853] RIP: 0033:0x457099 [ 123.619055] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 123.637951] RSP: 002b:00007f313b3b4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.645682] RAX: ffffffffffffffda RBX: 00007f313b3b56d4 RCX: 0000000000457099 [ 123.652945] RDX: 0000000000000000 RSI: 0000000020000180 RD