[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.602479] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.933563] random: sshd: uninitialized urandom read (32 bytes read)
[   26.206490] random: sshd: uninitialized urandom read (32 bytes read)
[   26.796457] random: sshd: uninitialized urandom read (32 bytes read)
[  190.590376] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts.
[  196.343549] random: sshd: uninitialized urandom read (32 bytes read)
2018/09/01 07:07:09 parsed 1 programs
[  197.491220] random: cc1: uninitialized urandom read (8 bytes read)
2018/09/01 07:07:11 executed programs: 0
[  198.692041] IPVS: ftp: loaded support on port[0] = 21
[  198.918118] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.924613] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.932169] device bridge_slave_0 entered promiscuous mode
[  198.949935] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.956314] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.963524] device bridge_slave_1 entered promiscuous mode
[  198.980494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  198.998698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  199.043336] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  199.063070] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  199.129847] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  199.137281] team0: Port device team_slave_0 added
[  199.153750] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  199.161147] team0: Port device team_slave_1 added
[  199.177327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  199.196981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  199.215331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  199.235013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  199.363828] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.370280] bridge0: port 2(bridge_slave_1) entered forwarding state
[  199.377259] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.383701] bridge0: port 1(bridge_slave_0) entered forwarding state
[  199.841369] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  199.847519] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.888084] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  199.900955] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.948068] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  199.954456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.961875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  200.003424] 8021q: adding VLAN 0 to HW filter on device team0
[  200.291866] 
[  200.293684] ======================================================
[  200.299982] WARNING: possible circular locking dependency detected
[  200.306283] 4.19.0-rc1+ #217 Not tainted
[  200.310366] ------------------------------------------------------
[  200.316685] syz-executor0/4935 is trying to acquire lock:
[  200.322224] 0000000012b01868 ((wq_completion)bond_dev->name){+.+.}, at: flush_workqueue+0x2db/0x1e10
[  200.331513] 
[  200.331513] but task is already holding lock:
[  200.337472] 0000000017cdb31d (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30
[  200.345306] 
[  200.345306] which lock already depends on the new lock.
[  200.345306] 
[  200.353723] 
[  200.353723] the existing dependency chain (in reverse order) is:
[  200.361333] 
[  200.361333] -> #2 (rtnl_mutex){+.+.}:
[  200.366628]        __mutex_lock+0x171/0x1700
[  200.371021]        mutex_lock_nested+0x16/0x20
[  200.375715]        rtnl_lock+0x17/0x20
[  200.379588]        bond_netdev_notify_work+0x44/0xd0
[  200.384681]        process_one_work+0xc73/0x1aa0
[  200.389427]        worker_thread+0x189/0x13c0
[  200.393977]        kthread+0x35a/0x420
[  200.398027]        ret_from_fork+0x3a/0x50
[  200.402246] 
[  200.402246] -> #1 ((work_completion)(&(&nnw->work)->work)){+.+.}:
[  200.409964]        process_one_work+0xc0b/0x1aa0
[  200.414722]        worker_thread+0x189/0x13c0
[  200.419201]        kthread+0x35a/0x420
[  200.423076]        ret_from_fork+0x3a/0x50
[  200.427438] 
[  200.427438] -> #0 ((wq_completion)bond_dev->name){+.+.}:
[  200.434371]        lock_acquire+0x1e4/0x4f0
[  200.438692]        flush_workqueue+0x30a/0x1e10
[  200.443357]        drain_workqueue+0x2a9/0x640
[  200.447934]        destroy_workqueue+0xc6/0x9d0
[  200.452614]        __alloc_workqueue_key+0xef9/0x1190
[  200.457797]        bond_init+0x269/0x940
[  200.461909]        register_netdevice+0x337/0x1100
[  200.466891]        bond_newlink+0x49/0xa0
[  200.471026]        rtnl_newlink+0xef4/0x1d50
[  200.475419]        rtnetlink_rcv_msg+0x46e/0xc30
[  200.480158]        netlink_rcv_skb+0x172/0x440
[  200.484720]        rtnetlink_rcv+0x1c/0x20
[  200.488936]        netlink_unicast+0x5a0/0x760
[  200.493504]        netlink_sendmsg+0xa18/0xfc0
[  200.498073]        sock_sendmsg+0xd5/0x120
[  200.502292]        ___sys_sendmsg+0x7fd/0x930
[  200.506775]        __sys_sendmsg+0x11d/0x290
[  200.511180]        __x64_sys_sendmsg+0x78/0xb0
[  200.515752]        do_syscall_64+0x1b9/0x820
[  200.520259]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  200.525952] 
[  200.525952] other info that might help us debug this:
[  200.525952] 
[  200.534091] Chain exists of:
[  200.534091]   (wq_completion)bond_dev->name --> (work_completion)(&(&nnw->work)->work) --> rtnl_mutex
[  200.534091] 
[  200.547895]  Possible unsafe locking scenario:
[  200.547895] 
[  200.553940]        CPU0                    CPU1
[  200.558653]        ----                    ----
[  200.563304]   lock(rtnl_mutex);
[  200.566569]                                lock((work_completion)(&(&nnw->work)->work));
[  200.574820]                                lock(rtnl_mutex);
[  200.580607]   lock((wq_completion)bond_dev->name);
[  200.585516] 
[  200.585516]  *** DEADLOCK ***
[  200.585516] 
[  200.591559] 1 lock held by syz-executor0/4935:
[  200.596119]  #0: 0000000017cdb31d (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30
[  200.604263] 
[  200.604263] stack backtrace:
[  200.608763] CPU: 0 PID: 4935 Comm: syz-executor0 Not tainted 4.19.0-rc1+ #217
[  200.616017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  200.625460] Call Trace:
[  200.628037]  dump_stack+0x1c9/0x2b4
[  200.631652]  ? dump_stack_print_info.cold.2+0x52/0x52
[  200.636834]  ? vprintk_func+0x81/0x117
[  200.640818]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[  200.646512]  ? save_trace+0xe0/0x290
[  200.650211]  __lock_acquire+0x3449/0x5020
[  200.654350]  ? mark_held_locks+0x160/0x160
[  200.658576]  ? mark_held_locks+0x160/0x160
[  200.662797]  ? __lock_is_held+0xb5/0x140
[  200.666847]  ? __account_cfs_rq_runtime+0x770/0x770
[  200.671848]  ? set_next_entity+0x2f0/0xa80
[  200.676060]  lock_acquire+0x1e4/0x4f0
[  200.680122]  ? flush_workqueue+0x2db/0x1e10
[  200.684427]  ? lock_release+0x9f0/0x9f0
[  200.688381]  ? lockdep_init_map+0x9/0x10
[  200.692428]  ? __init_waitqueue_head+0x9e/0x150
[  200.697101]  ? init_wait_entry+0x1c0/0x1c0
[  200.701325]  flush_workqueue+0x30a/0x1e10
[  200.705457]  ? flush_workqueue+0x2db/0x1e10
[  200.709762]  ? lock_acquire+0x1e4/0x4f0
[  200.713722]  ? drain_workqueue+0xa9/0x640
[  200.717854]  ? lock_release+0x9f0/0x9f0
[  200.721812]  ? check_same_owner+0x340/0x340
[  200.726121]  ? __queue_delayed_work+0x390/0x390
[  200.730774]  ? graph_lock+0x170/0x170
[  200.734559]  ? kasan_check_write+0x14/0x20
[  200.738779]  ? __mutex_lock+0x6d0/0x1700
[  200.742825]  ? drain_workqueue+0xa9/0x640
[  200.746957]  ? finish_task_switch+0x2ca/0x870
[  200.751475]  ? find_held_lock+0x36/0x1c0
[  200.755518]  ? lock_downgrade+0x8f0/0x8f0
[  200.759663]  ? __schedule+0x884/0x1df0
[  200.763537]  ? graph_lock+0x170/0x170
[  200.767322]  ? find_held_lock+0x36/0x1c0
[  200.771368]  ? kasan_check_write+0x14/0x20
[  200.775586]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  200.780730]  ? wait_for_completion+0x8d0/0x8d0
[  200.785300]  ? do_raw_spin_unlock+0xa7/0x2f0
[  200.789693]  ? trace_hardirqs_on+0x2c0/0x2c0
[  200.794111]  drain_workqueue+0x2a9/0x640
[  200.798167]  ? drain_workqueue+0x2a9/0x640
[  200.802389]  ? flush_workqueue+0x1e10/0x1e10
[  200.806788]  ? save_stack+0xa9/0xd0
[  200.810400]  ? save_stack+0x43/0xd0
[  200.814008]  ? __kasan_slab_free+0x11a/0x170
[  200.818435]  ? kasan_slab_free+0xe/0x10
[  200.822401]  ? print_usage_bug+0xc0/0xc0
[  200.826442]  ? bond_init+0x269/0x940
[  200.830156]  ? register_netdevice+0x337/0x1100
[  200.834722]  ? bond_newlink+0x49/0xa0
[  200.838506]  ? rtnl_newlink+0xef4/0x1d50
[  200.842549]  ? rtnetlink_rcv_msg+0x46e/0xc30
[  200.846939]  ? netlink_rcv_skb+0x172/0x440
[  200.851159]  ? rtnetlink_rcv+0x1c/0x20
[  200.855028]  ? netlink_unicast+0x5a0/0x760
[  200.859257]  ? netlink_sendmsg+0xa18/0xfc0
[  200.863518]  ? sock_sendmsg+0xd5/0x120
[  200.867396]  destroy_workqueue+0xc6/0x9d0
[  200.871530]  ? kasan_check_write+0x14/0x20
[  200.875760]  ? wq_watchdog_timer_fn+0x830/0x830
[  200.880413]  ? mark_held_locks+0xc9/0x160
[  200.884542]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[  200.889648]  ? kfree+0x111/0x210
[  200.893001]  ? kfree+0x111/0x210
[  200.896349]  ? lockdep_hardirqs_on+0x421/0x5c0
[  200.900913]  ? trace_hardirqs_on+0xbd/0x2c0
[  200.905244]  ? init_rescuer.part.26+0x155/0x190
[  200.909898]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  200.914989]  ? __kasan_slab_free+0x131/0x170
[  200.919382]  ? init_rescuer.part.26+0x155/0x190
[  200.924039]  __alloc_workqueue_key+0xef9/0x1190
[  200.928696]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  200.934223]  ? workqueue_sysfs_register+0x3f0/0x3f0
[  200.939226]  ? put_dec+0xf0/0xf0
[  200.942597]  ? format_decode+0x1b1/0xaf0
[  200.946667]  ? set_precision+0xe0/0xe0
[  200.950556]  ? simple_strtoll+0xa0/0xa0
[  200.954512]  ? graph_lock+0x170/0x170
[  200.958300]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  200.963820]  ? vsnprintf+0x20d/0x1b60
[  200.967626]  ? find_held_lock+0x36/0x1c0
[  200.971702]  ? lock_downgrade+0x8f0/0x8f0
[  200.975836]  ? kasan_check_read+0x11/0x20
[  200.979970]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  200.984640]  bond_init+0x269/0x940
[  200.988181]  ? __dev_get_by_name+0x170/0x170
[  200.992572]  ? bond_arp_rcv+0x11c0/0x11c0
[  200.996703]  ? check_same_owner+0x340/0x340
[  201.001016]  ? rcu_note_context_switch+0x680/0x680
[  201.005933]  ? bond_arp_rcv+0x11c0/0x11c0
[  201.010079]  register_netdevice+0x337/0x1100
[  201.014499]  ? netdev_change_features+0x110/0x110
[  201.019328]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  201.024855]  ? ns_capable_common+0x13f/0x170
[  201.029245]  ? ns_capable+0x22/0x30
[  201.032866]  bond_newlink+0x49/0xa0
[  201.036486]  ? bond_changelink+0x2360/0x2360
[  201.040891]  rtnl_newlink+0xef4/0x1d50
[  201.044768]  ? rtnl_link_unregister+0x390/0x390
[  201.049429]  ? print_usage_bug+0xc0/0xc0
[  201.053481]  ? __lock_acquire+0x7fc/0x5020
[  201.057697]  ? print_usage_bug+0xc0/0xc0
[  201.061773]  ? graph_lock+0x170/0x170
[  201.065570]  ? print_usage_bug+0xc0/0xc0
[  201.069650]  ? mark_held_locks+0x160/0x160
[  201.073967]  ? __lock_acquire+0x7fc/0x5020
[  201.078185]  ? lock_acquire+0x1e4/0x4f0
[  201.082151]  ? rtnetlink_rcv_msg+0x412/0xc30
[  201.086598]  ? lock_release+0x9f0/0x9f0
[  201.090577]  ? check_same_owner+0x340/0x340
[  201.094893]  ? mutex_trylock+0x2b0/0x2b0
[  201.098949]  ? __lock_acquire+0x7fc/0x5020
[  201.103203]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  201.108735]  ? refcount_sub_and_test_checked+0x21a/0x350
[  201.114186]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  201.119713]  ? rtnl_get_link+0x170/0x370
[  201.123764]  ? rtnl_dump_all+0x600/0x600
[  201.127812]  ? rcu_is_watching+0x8c/0x150
[  201.131959]  ? rtnl_link_unregister+0x390/0x390
[  201.136662]  rtnetlink_rcv_msg+0x46e/0xc30
[  201.140897]  ? rtnetlink_put_metrics+0x690/0x690
[  201.145669]  netlink_rcv_skb+0x172/0x440
[  201.149753]  ? rtnetlink_put_metrics+0x690/0x690
[  201.154495]  ? netlink_ack+0xbe0/0xbe0
[  201.158395]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  201.163055]  rtnetlink_rcv+0x1c/0x20
[  201.166777]  netlink_unicast+0x5a0/0x760
[  201.170822]  ? netlink_attachskb+0x9a0/0x9a0
[  201.175211]  ? netlink_sendmsg+0x979/0xfc0
[  201.179428]  netlink_sendmsg+0xa18/0xfc0
[  201.183472]  ? netlink_unicast+0x760/0x760
[  201.187696]  ? aa_sock_msg_perm.isra.13+0xba/0x160
[  201.192614]  ? apparmor_socket_sendmsg+0x29/0x30
[  201.197399]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  201.202921]  ? security_socket_sendmsg+0x94/0xc0
[  201.207665]  ? netlink_unicast+0x760/0x760
[  201.211886]  sock_sendmsg+0xd5/0x120
[  201.215597]  ___sys_sendmsg+0x7fd/0x930
[  201.219563]  ? copy_msghdr_from_user+0x580/0x580
[  201.224326]  ? lock_downgrade+0x8f0/0x8f0
[  201.228460]  ? __fget_light+0x2f7/0x440
[  201.232434]  ? fget_raw+0x20/0x20
[  201.235895]  ? __fd_install+0x2db/0x880
[  201.239853]  ? get_unused_fd_flags+0x1a0/0x1a0
[  201.244442]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  201.249964]  ? sockfd_lookup_light+0xc5/0x160
[  201.254457]  __sys_sendmsg+0x11d/0x290
[  201.258341]  ? __ia32_sys_shutdown+0x80/0x80
[  201.262734]  ? __x64_sys_futex+0x47f/0x6a0
[  201.266954]  ? do_syscall_64+0x9a/0x820
[  201.270910]  ? do_syscall_64+0x9a/0x820
[  201.274870]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  201.279964]  ? trace_hardirqs_off+0xb8/0x2b0
[  201.284367]  __x64_sys_sendmsg+0x78/0xb0
[  201.288415]  do_syscall_64+0x1b9/0x820
[  201.292295]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  201.297655]  ? syscall_return_slowpath+0x5e0/0x5e0
[  201.302584]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[  201.307589]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  201.312613]  ? recalc_sigpending_tsk+0x180/0x180
[  201.317408]  ? kasan_check_write+0x14/0x20
[  201.321679]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  201.326508]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  201.331683] RIP: 0033:0x457099
[  201.334861] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  201.353747] RSP: 002b:00007ff8b6e20c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  201.361456] RAX: ffffffffffffffda RBX: 00007ff8b6e216d4 RCX: 0000000000457099
[  201.368719] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[  201.375993] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  201.383278] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  201.390530] R13: 00000000004d4890 R14: 00000000004c8ee5 R15: 0000000000