[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.125223] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.378840] random: sshd: uninitialized urandom read (32 bytes read) [ 26.830037] random: sshd: uninitialized urandom read (32 bytes read) [ 27.375935] random: sshd: uninitialized urandom read (32 bytes read) [ 29.964558] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. [ 35.430152] random: sshd: uninitialized urandom read (32 bytes read) [ 35.530204] IPVS: ftp: loaded support on port[0] = 21 [ 35.666172] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.672685] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.680716] device bridge_slave_0 entered promiscuous mode [ 35.697213] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.703586] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.710904] device bridge_slave_1 entered promiscuous mode [ 35.732980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 35.749492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 35.797907] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.820856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.900207] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.909261] team0: Port device team_slave_0 added [ 35.927099] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.934198] team0: Port device team_slave_1 added [ 35.952895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.970188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.986630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 36.004960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 36.132079] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.138679] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.145603] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.151978] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 36.603786] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 36.609917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.616416] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.661316] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 36.707624] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 36.713949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 36.721175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.762833] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 37.012769] [ 37.014433] ================================ [ 37.018834] WARNING: inconsistent lock state [ 37.023289] 4.18.0-next-20180814+ #38 Not tainted [ 37.028136] -------------------------------- [ 37.032529] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. [ 37.038662] syz-executor099/4451 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 37.044704] 00000000526df0b0 (&(&tlocks[i])->rlock){+.?.}, at: ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 [ 37.054152] {IN-SOFTIRQ-W} state was registered at: [ 37.059158] lock_acquire+0x1e4/0x4f0 [ 37.063035] _raw_spin_lock_bh+0x31/0x40 [ 37.067174] fdb_create+0x5cc/0x1710 [ 37.070961] br_fdb_update+0x4e7/0xc40 [ 37.074926] br_handle_frame_finish+0xa23/0x1960 [ 37.079821] br_nf_hook_thresh+0x48d/0x5f0 [ 37.084142] br_nf_pre_routing_finish_ipv6+0x7bc/0xef0 [ 37.089502] br_nf_pre_routing_ipv6+0x4af/0xac0 [ 37.094253] br_nf_pre_routing+0xb33/0x17d0 [ 37.098656] nf_hook_slow+0xc2/0x1c0 [ 37.102498] br_handle_frame+0xc0d/0x1a20 [ 37.106736] __netif_receive_skb_core+0x134b/0x39f0 [ 37.111839] __netif_receive_skb_one_core+0xd0/0x200 [ 37.117067] __netif_receive_skb+0x2c/0x1e0 [ 37.121472] process_backlog+0x219/0x760 [ 37.125620] net_rx_action+0x799/0x1900 [ 37.129670] __do_softirq+0x2e8/0xa6d [ 37.133549] do_softirq_own_stack+0x2a/0x40 [ 37.137949] do_softirq.part.18+0x155/0x1a0 [ 37.142348] __local_bh_enable_ip+0x1ec/0x230 [ 37.146926] ip6_finish_output2+0xce8/0x2820 [ 37.151460] ip6_finish_output+0x5fe/0xbc0 [ 37.155826] ip6_output+0x234/0x9d0 [ 37.159540] ndisc_send_skb+0x100d/0x1570 [ 37.163764] ndisc_send_ns+0x3c1/0x8d0 [ 37.167728] addrconf_dad_work+0xbf2/0x1310 [ 37.172133] process_one_work+0xc73/0x1aa0 [ 37.176496] worker_thread+0x189/0x13c0 [ 37.180560] kthread+0x35a/0x420 [ 37.184000] ret_from_fork+0x3a/0x50 [ 37.187842] irq event stamp: 46695 [ 37.191377] hardirqs last enabled at (46695): [] trace_hardirqs_on_thunk+0x1a/0x1c [ 37.200725] hardirqs last disabled at (46693): [] __do_softirq+0x5fa/0xa6d [ 37.209354] softirqs last enabled at (46694): [] __do_softirq+0x746/0xa6d [ 37.218026] softirqs last disabled at (46549): [] irq_exit+0x1d4/0x210 [ 37.226283] [ 37.226283] other info that might help us debug this: [ 37.232953] Possible unsafe locking scenario: [ 37.232953] [ 37.238996] CPU0 [ 37.241605] ---- [ 37.244173] lock(&(&tlocks[i])->rlock); [ 37.248325] [ 37.251069] lock(&(&tlocks[i])->rlock); [ 37.255422] [ 37.255422] *** DEADLOCK *** [ 37.255422] [ 37.261482] 1 lock held by syz-executor099/4451: [ 37.266231] #0: 000000009ac1841d (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 37.273291] [ 37.273291] stack backtrace: [ 37.277799] CPU: 1 PID: 4451 Comm: syz-executor099 Not tainted 4.18.0-next-20180814+ #38 [ 37.286012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.295352] Call Trace: [ 37.297935] dump_stack+0x1c9/0x2b4 [ 37.301556] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.306737] ? irq_exit+0x1d4/0x210 [ 37.310400] ? vprintk_func+0x81/0x117 [ 37.314406] print_usage_bug.cold.60+0x320/0x41a [ 37.319317] ? save_stack_trace+0x1a/0x20 [ 37.323462] mark_lock+0x1048/0x19f0 [ 37.327180] ? print_shortest_lock_dependencies+0x80/0x80 [ 37.332705] ? print_usage_bug+0xc0/0xc0 [ 37.336763] ? graph_lock+0x170/0x170 [ 37.340555] ? find_held_lock+0x36/0x1c0 [ 37.344610] ? graph_lock+0x170/0x170 [ 37.348501] __lock_acquire+0x7ca/0x5020 [ 37.352560] ? find_held_lock+0x36/0x1c0 [ 37.356613] ? mark_held_locks+0x160/0x160 [ 37.360880] ? print_usage_bug+0xc0/0xc0 [ 37.364933] ? kasan_check_read+0x11/0x20 [ 37.369070] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.373480] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.378066] ? mark_held_locks+0xc9/0x160 [ 37.382205] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.386992] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.391574] ? retint_kernel+0x10/0x10 [ 37.395459] ? trace_hardirqs_on_caller+0xc0/0x2b0 [ 37.400394] ? graph_lock+0x170/0x170 [ 37.404185] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.408930] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.414415] ? find_held_lock+0x36/0x1c0 [ 37.418523] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.423330] ? retint_kernel+0x10/0x10 [ 37.427257] lock_acquire+0x1e4/0x4f0 [ 37.431092] ? ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 [ 37.436361] ? lock_release+0x9f0/0x9f0 [ 37.440343] ? __do_once_done+0x24f/0x310 [ 37.444490] ? __do_once_start+0xd0/0xd0 [ 37.448554] _raw_spin_lock+0x2a/0x40 [ 37.452351] ? ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 [ 37.457620] ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 [ 37.462717] ? ila_xlat_nl_cmd_add_mapping+0x17e0/0x17e0 [ 37.468156] ? mark_held_locks+0xc9/0x160 [ 37.472313] ? __kmalloc+0x272/0x720 [ 37.476135] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 37.481339] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.486391] ? validate_nla+0x2d9/0x7b0 [ 37.490401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.495932] ? __netlink_ns_capable+0x100/0x130 [ 37.500634] genl_family_rcv_msg+0x8a3/0x1140 [ 37.505165] ? genl_unregister_family+0x8b0/0x8b0 [ 37.509997] ? lock_downgrade+0x8f0/0x8f0 [ 37.514179] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.519189] ? kasan_check_read+0x11/0x20 [ 37.523344] ? lock_acquire+0x1e4/0x4f0 [ 37.527325] ? genl_rcv+0x19/0x40 [ 37.530778] ? radix_tree_lookup+0x21/0x30 [ 37.535012] genl_rcv_msg+0xc6/0x168 [ 37.538717] netlink_rcv_skb+0x172/0x440 [ 37.542768] ? genl_family_rcv_msg+0x1140/0x1140 [ 37.547567] ? netlink_ack+0xbe0/0xbe0 [ 37.551448] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.556162] genl_rcv+0x28/0x40 [ 37.559483] netlink_unicast+0x5a0/0x760 [ 37.563550] ? netlink_attachskb+0x9a0/0x9a0 [ 37.567951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.573609] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.578618] netlink_sendmsg+0xa18/0xfc0 [ 37.582669] ? netlink_unicast+0x760/0x760 [ 37.586898] ? move_addr_to_kernel.part.18+0x100/0x100 [ 37.592170] ? security_socket_sendmsg+0x94/0xc0 [ 37.596923] ? netlink_unicast+0x760/0x760 [ 37.601200] sock_sendmsg+0xd5/0x120 [ 37.604906] ___sys_sendmsg+0x7fd/0x930 [ 37.608875] ? copy_msghdr_from_user+0x580/0x580 [ 37.613667] ? graph_lock+0x170/0x170 [ 37.617475] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.623017] ? __fget_light+0x2f7/0x440 [ 37.626981] ? fget_raw+0x20/0x20 [ 37.630426] ? __do_page_fault+0x620/0xe50 [ 37.634653] ? lock_downgrade+0x8f0/0x8f0 [ 37.638793] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.644339] ? sockfd_lookup_light+0xc5/0x160 [ 37.648826] __sys_sendmsg+0x11d/0x290 [ 37.652717] ? __ia32_sys_shutdown+0x80/0x80 [ 37.657292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.662930] ? __do_page_fault+0x449/0xe50 [ 37.667156] ? do_syscall_64+0x9a/0x820 [ 37.671123] ? do_syscall_64+0x9a/0x820 [ 37.675091] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.680185] __x64_sys_sendmsg+0x78/0xb0 [ 37.684284] do_syscall_64+0x1b9/0x820 [ 37.688224] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.693579] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.698510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.703349] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.708360] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.713410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.718937] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.723946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.728983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.734224] RIP: 0033:0x441109 [ 37.737410] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.756317] RSP: 002b:00007ffeebcb06b8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 37.764064] RAX: fffffff