[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.125223] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.378840] random: sshd: uninitialized urandom read (32 bytes read)
[   26.830037] random: sshd: uninitialized urandom read (32 bytes read)
[   27.375935] random: sshd: uninitialized urandom read (32 bytes read)
[   29.964558] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts.
[   35.430152] random: sshd: uninitialized urandom read (32 bytes read)
[   35.530204] IPVS: ftp: loaded support on port[0] = 21
[   35.666172] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.672685] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.680716] device bridge_slave_0 entered promiscuous mode
[   35.697213] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.703586] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.710904] device bridge_slave_1 entered promiscuous mode
[   35.732980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   35.749492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   35.797907] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   35.820856] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   35.900207] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   35.909261] team0: Port device team_slave_0 added
[   35.927099] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   35.934198] team0: Port device team_slave_1 added
[   35.952895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   35.970188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   35.986630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   36.004960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   36.132079] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.138679] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.145603] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.151978] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   36.603786] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   36.609917] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.616416] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   36.661316] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   36.707624] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   36.713949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   36.721175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   36.762833] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   37.012769] 
[   37.014433] ================================
[   37.018834] WARNING: inconsistent lock state
[   37.023289] 4.18.0-next-20180814+ #38 Not tainted
[   37.028136] --------------------------------
[   37.032529] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
[   37.038662] syz-executor099/4451 [HC0[0]:SC0[0]:HE1:SE1] takes:
[   37.044704] 00000000526df0b0 (&(&tlocks[i])->rlock){+.?.}, at: ila_xlat_nl_cmd_del_mapping+0x46b/0xb00
[   37.054152] {IN-SOFTIRQ-W} state was registered at:
[   37.059158]   lock_acquire+0x1e4/0x4f0
[   37.063035]   _raw_spin_lock_bh+0x31/0x40
[   37.067174]   fdb_create+0x5cc/0x1710
[   37.070961]   br_fdb_update+0x4e7/0xc40
[   37.074926]   br_handle_frame_finish+0xa23/0x1960
[   37.079821]   br_nf_hook_thresh+0x48d/0x5f0
[   37.084142]   br_nf_pre_routing_finish_ipv6+0x7bc/0xef0
[   37.089502]   br_nf_pre_routing_ipv6+0x4af/0xac0
[   37.094253]   br_nf_pre_routing+0xb33/0x17d0
[   37.098656]   nf_hook_slow+0xc2/0x1c0
[   37.102498]   br_handle_frame+0xc0d/0x1a20
[   37.106736]   __netif_receive_skb_core+0x134b/0x39f0
[   37.111839]   __netif_receive_skb_one_core+0xd0/0x200
[   37.117067]   __netif_receive_skb+0x2c/0x1e0
[   37.121472]   process_backlog+0x219/0x760
[   37.125620]   net_rx_action+0x799/0x1900
[   37.129670]   __do_softirq+0x2e8/0xa6d
[   37.133549]   do_softirq_own_stack+0x2a/0x40
[   37.137949]   do_softirq.part.18+0x155/0x1a0
[   37.142348]   __local_bh_enable_ip+0x1ec/0x230
[   37.146926]   ip6_finish_output2+0xce8/0x2820
[   37.151460]   ip6_finish_output+0x5fe/0xbc0
[   37.155826]   ip6_output+0x234/0x9d0
[   37.159540]   ndisc_send_skb+0x100d/0x1570
[   37.163764]   ndisc_send_ns+0x3c1/0x8d0
[   37.167728]   addrconf_dad_work+0xbf2/0x1310
[   37.172133]   process_one_work+0xc73/0x1aa0
[   37.176496]   worker_thread+0x189/0x13c0
[   37.180560]   kthread+0x35a/0x420
[   37.184000]   ret_from_fork+0x3a/0x50
[   37.187842] irq event stamp: 46695
[   37.191377] hardirqs last  enabled at (46695): [<ffffffff81007bd4>] trace_hardirqs_on_thunk+0x1a/0x1c
[   37.200725] hardirqs last disabled at (46693): [<ffffffff86e005fa>] __do_softirq+0x5fa/0xa6d
[   37.209354] softirqs last  enabled at (46694): [<ffffffff86e00746>] __do_softirq+0x746/0xa6d
[   37.218026] softirqs last disabled at (46549): [<ffffffff814946a4>] irq_exit+0x1d4/0x210
[   37.226283] 
[   37.226283] other info that might help us debug this:
[   37.232953]  Possible unsafe locking scenario:
[   37.232953] 
[   37.238996]        CPU0
[   37.241605]        ----
[   37.244173]   lock(&(&tlocks[i])->rlock);
[   37.248325]   <Interrupt>
[   37.251069]     lock(&(&tlocks[i])->rlock);
[   37.255422] 
[   37.255422]  *** DEADLOCK ***
[   37.255422] 
[   37.261482] 1 lock held by syz-executor099/4451:
[   37.266231]  #0: 000000009ac1841d (cb_lock){++++}, at: genl_rcv+0x19/0x40
[   37.273291] 
[   37.273291] stack backtrace:
[   37.277799] CPU: 1 PID: 4451 Comm: syz-executor099 Not tainted 4.18.0-next-20180814+ #38
[   37.286012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.295352] Call Trace:
[   37.297935]  dump_stack+0x1c9/0x2b4
[   37.301556]  ? dump_stack_print_info.cold.2+0x52/0x52
[   37.306737]  ? irq_exit+0x1d4/0x210
[   37.310400]  ? vprintk_func+0x81/0x117
[   37.314406]  print_usage_bug.cold.60+0x320/0x41a
[   37.319317]  ? save_stack_trace+0x1a/0x20
[   37.323462]  mark_lock+0x1048/0x19f0
[   37.327180]  ? print_shortest_lock_dependencies+0x80/0x80
[   37.332705]  ? print_usage_bug+0xc0/0xc0
[   37.336763]  ? graph_lock+0x170/0x170
[   37.340555]  ? find_held_lock+0x36/0x1c0
[   37.344610]  ? graph_lock+0x170/0x170
[   37.348501]  __lock_acquire+0x7ca/0x5020
[   37.352560]  ? find_held_lock+0x36/0x1c0
[   37.356613]  ? mark_held_locks+0x160/0x160
[   37.360880]  ? print_usage_bug+0xc0/0xc0
[   37.364933]  ? kasan_check_read+0x11/0x20
[   37.369070]  ? do_raw_spin_unlock+0xa7/0x2f0
[   37.373480]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   37.378066]  ? mark_held_locks+0xc9/0x160
[   37.382205]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.386992]  ? lockdep_hardirqs_on+0x421/0x5c0
[   37.391574]  ? retint_kernel+0x10/0x10
[   37.395459]  ? trace_hardirqs_on_caller+0xc0/0x2b0
[   37.400394]  ? graph_lock+0x170/0x170
[   37.404185]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.408930]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   37.414415]  ? find_held_lock+0x36/0x1c0
[   37.418523]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.423330]  ? retint_kernel+0x10/0x10
[   37.427257]  lock_acquire+0x1e4/0x4f0
[   37.431092]  ? ila_xlat_nl_cmd_del_mapping+0x46b/0xb00
[   37.436361]  ? lock_release+0x9f0/0x9f0
[   37.440343]  ? __do_once_done+0x24f/0x310
[   37.444490]  ? __do_once_start+0xd0/0xd0
[   37.448554]  _raw_spin_lock+0x2a/0x40
[   37.452351]  ? ila_xlat_nl_cmd_del_mapping+0x46b/0xb00
[   37.457620]  ila_xlat_nl_cmd_del_mapping+0x46b/0xb00
[   37.462717]  ? ila_xlat_nl_cmd_add_mapping+0x17e0/0x17e0
[   37.468156]  ? mark_held_locks+0xc9/0x160
[   37.472313]  ? __kmalloc+0x272/0x720
[   37.476135]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   37.481339]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.486391]  ? validate_nla+0x2d9/0x7b0
[   37.490401]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.495932]  ? __netlink_ns_capable+0x100/0x130
[   37.500634]  genl_family_rcv_msg+0x8a3/0x1140
[   37.505165]  ? genl_unregister_family+0x8b0/0x8b0
[   37.509997]  ? lock_downgrade+0x8f0/0x8f0
[   37.514179]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.519189]  ? kasan_check_read+0x11/0x20
[   37.523344]  ? lock_acquire+0x1e4/0x4f0
[   37.527325]  ? genl_rcv+0x19/0x40
[   37.530778]  ? radix_tree_lookup+0x21/0x30
[   37.535012]  genl_rcv_msg+0xc6/0x168
[   37.538717]  netlink_rcv_skb+0x172/0x440
[   37.542768]  ? genl_family_rcv_msg+0x1140/0x1140
[   37.547567]  ? netlink_ack+0xbe0/0xbe0
[   37.551448]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   37.556162]  genl_rcv+0x28/0x40
[   37.559483]  netlink_unicast+0x5a0/0x760
[   37.563550]  ? netlink_attachskb+0x9a0/0x9a0
[   37.567951]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.573609]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.578618]  netlink_sendmsg+0xa18/0xfc0
[   37.582669]  ? netlink_unicast+0x760/0x760
[   37.586898]  ? move_addr_to_kernel.part.18+0x100/0x100
[   37.592170]  ? security_socket_sendmsg+0x94/0xc0
[   37.596923]  ? netlink_unicast+0x760/0x760
[   37.601200]  sock_sendmsg+0xd5/0x120
[   37.604906]  ___sys_sendmsg+0x7fd/0x930
[   37.608875]  ? copy_msghdr_from_user+0x580/0x580
[   37.613667]  ? graph_lock+0x170/0x170
[   37.617475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.623017]  ? __fget_light+0x2f7/0x440
[   37.626981]  ? fget_raw+0x20/0x20
[   37.630426]  ? __do_page_fault+0x620/0xe50
[   37.634653]  ? lock_downgrade+0x8f0/0x8f0
[   37.638793]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.644339]  ? sockfd_lookup_light+0xc5/0x160
[   37.648826]  __sys_sendmsg+0x11d/0x290
[   37.652717]  ? __ia32_sys_shutdown+0x80/0x80
[   37.657292]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.662930]  ? __do_page_fault+0x449/0xe50
[   37.667156]  ? do_syscall_64+0x9a/0x820
[   37.671123]  ? do_syscall_64+0x9a/0x820
[   37.675091]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   37.680185]  __x64_sys_sendmsg+0x78/0xb0
[   37.684284]  do_syscall_64+0x1b9/0x820
[   37.688224]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.693579]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.698510]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.703349]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   37.708360]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.713410]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.718937]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.723946]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.728983]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.734224] RIP: 0033:0x441109
[   37.737410] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.756317] RSP: 002b:00007ffeebcb06b8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   37.764064] RAX: fffffff