[....] Starting OpenBSD Secure Shell server: sshd[ 18.989972] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 19.440448] random: sshd: uninitialized urandom read (32 bytes read) [ 19.645222] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.400134] random: sshd: uninitialized urandom read (32 bytes read) [ 113.598502] random: sshd: uninitialized urandom read (32 bytes read) [ 113.690918] sshd (4511) used greatest stack depth: 16488 bytes left Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 119.068462] random: sshd: uninitialized urandom read (32 bytes read) 2018/05/19 07:13:16 parsed 1 programs 2018/05/19 07:13:16 executed programs: 0 [ 119.566436] IPVS: ftp: loaded support on port[0] = 21 [ 119.688219] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.694681] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.701945] device bridge_slave_0 entered promiscuous mode [ 119.717758] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.724151] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.731564] device bridge_slave_1 entered promiscuous mode [ 119.746988] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.762339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.804932] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.821925] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.883154] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.891555] team0: Port device team_slave_0 added [ 119.906286] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.913479] team0: Port device team_slave_1 added [ 119.929345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.946784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.962914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.980147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.095316] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.101785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.108658] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.115048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.503681] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 120.509811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.549989] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 120.589919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.597388] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 120.638038] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.088149] [ 121.089815] ===================================== [ 121.094636] WARNING: bad unlock balance detected! [ 121.099454] 4.17.0-rc5+ #82 Not tainted [ 121.103399] ------------------------------------- [ 121.108226] kworker/u4:2/43 is trying to release lock (&file->mut) at: [ 121.114884] [] ucma_event_handler+0x780/0xff0 [ 121.120911] but there are no more locks to release! [ 121.125898] [ 121.125898] other info that might help us debug this: [ 121.132542] 4 locks held by kworker/u4:2/43: [ 121.136933] #0: (ptrval) ((wq_completion)"ib_addr"){+.+.}, at: process_one_work+0xaef/0x1b50 [ 121.146292] #1: (ptrval) ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0xb46/0x1b50 [ 121.156855] #2: (ptrval) (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xa6/0x3d0 [ 121.165592] #3: (ptrval) (&file->mut){+.+.}, at: ucma_event_handler+0x10e/0xff0 [ 121.173806] [ 121.173806] stack backtrace: [ 121.178284] CPU: 0 PID: 43 Comm: kworker/u4:2 Not tainted 4.17.0-rc5+ #82 [ 121.185309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.194655] Workqueue: ib_addr process_one_req [ 121.199215] Call Trace: [ 121.201803] dump_stack+0x1b9/0x294 [ 121.205419] ? dump_stack_print_info.cold.2+0x52/0x52 [ 121.210587] ? print_lock+0xd1/0xd6 [ 121.214194] ? vprintk_func+0x81/0xe7 [ 121.217978] ? ucma_event_handler+0x780/0xff0 [ 121.222450] print_unlock_imbalance_bug.cold.50+0xcc/0xd8 [ 121.227969] lock_release+0x77a/0xa10 [ 121.231747] ? ucma_event_handler+0x780/0xff0 [ 121.236222] ? lock_downgrade+0x8e0/0x8e0 [ 121.240362] ? lock_downgrade+0x8e0/0x8e0 [ 121.244494] ? mark_held_locks+0xc9/0x160 [ 121.248619] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 121.253190] __mutex_unlock_slowpath+0xeb/0x8a0 [ 121.257853] ? wait_for_completion+0x870/0x870 [ 121.262430] ? __wake_up_common_lock+0x1c2/0x300 [ 121.267180] ? __wake_up_common+0x730/0x730 [ 121.271489] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 121.277008] ? ib_copy_ah_attr_to_user+0x539/0x930 [ 121.281920] mutex_unlock+0xd/0x10 [ 121.285439] ucma_event_handler+0x780/0xff0 [ 121.289740] ? _raw_read_unlock_irqrestore+0x41/0xc0 [ 121.294820] ? ucma_destroy_id+0x540/0x540 [ 121.299028] ? cma_comp_exch+0xab/0xd0 [ 121.302896] addr_handler+0x2bd/0x3d0 [ 121.306673] ? cma_work_handler+0x1f0/0x1f0 [ 121.310980] ? graph_lock+0x170/0x170 [ 121.314774] ? cma_work_handler+0x1f0/0x1f0 [ 121.319122] process_one_req+0x2e8/0x750 [ 121.323187] ? addr_resolve+0xc20/0xc20 [ 121.327162] ? __lock_is_held+0xb5/0x140 [ 121.331231] process_one_work+0xc1e/0x1b50 [ 121.335459] ? finish_task_switch+0x28b/0x840 [ 121.339944] ? pwq_dec_nr_in_flight+0x490/0x490 [ 121.344601] ? __schedule+0x809/0x1e30 [ 121.348472] ? graph_lock+0x170/0x170 [ 121.352255] ? lock_downgrade+0x8e0/0x8e0 [ 121.356406] ? find_held_lock+0x36/0x1c0 [ 121.360451] ? lock_acquire+0x1dc/0x520 [ 121.364416] ? worker_thread+0x41f/0x1440 [ 121.368547] ? lock_downgrade+0x8e0/0x8e0 [ 121.372683] ? lock_release+0xa10/0xa10 [ 121.376647] ? kasan_check_read+0x11/0x20 [ 121.380789] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 121.385360] worker_thread+0x1cc/0x1440 [ 121.389318] ? process_one_work+0x1b50/0x1b50 [ 121.393800] ? graph_lock+0x170/0x170 [ 121.397585] ? find_held_lock+0x36/0x1c0 [ 121.401629] ? schedule+0xef/0x430 [ 121.405149] ? __schedule+0x1e30/0x1e30 [ 121.409106] ? do_raw_spin_unlock+0x9e/0x2e0 [ 121.413496] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 121.418069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.423588] ? __kthread_parkme+0x111/0x1d0 [ 121.427892] ? parse_args.cold.15+0x1b3/0x1b3 [ 121.432366] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 121.437363] ? trace_hardirqs_on+0xd/0x10 [ 121.441489] kthread+0x345/0x410 [ 121.444841] ? process_one_work+0x1b50/0x1b50 [ 121.449316] ? kthread_bind+0x40/0x40 [ 121.453100] ret_from_fork+0x3a/0x50