[....] Starting OpenBSD Secure Shell server: sshd[   18.989972] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   19.440448] random: sshd: uninitialized urandom read (32 bytes read)
[   19.645222] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.400134] random: sshd: uninitialized urandom read (32 bytes read)
[  113.598502] random: sshd: uninitialized urandom read (32 bytes read)
[  113.690918] sshd (4511) used greatest stack depth: 16488 bytes left
Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
[  119.068462] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/19 07:13:16 parsed 1 programs
2018/05/19 07:13:16 executed programs: 0
[  119.566436] IPVS: ftp: loaded support on port[0] = 21
[  119.688219] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.694681] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.701945] device bridge_slave_0 entered promiscuous mode
[  119.717758] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.724151] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.731564] device bridge_slave_1 entered promiscuous mode
[  119.746988] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  119.762339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  119.804932] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  119.821925] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  119.883154] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  119.891555] team0: Port device team_slave_0 added
[  119.906286] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  119.913479] team0: Port device team_slave_1 added
[  119.929345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  119.946784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  119.962914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.980147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  120.095316] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.101785] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.108658] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.115048] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.503681] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  120.509811] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.549989] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  120.589919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  120.597388] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  120.638038] 8021q: adding VLAN 0 to HW filter on device team0
[  121.088149] 
[  121.089815] =====================================
[  121.094636] WARNING: bad unlock balance detected!
[  121.099454] 4.17.0-rc5+ #82 Not tainted
[  121.103399] -------------------------------------
[  121.108226] kworker/u4:2/43 is trying to release lock (&file->mut) at:
[  121.114884] [<ffffffff8593ebf0>] ucma_event_handler+0x780/0xff0
[  121.120911] but there are no more locks to release!
[  121.125898] 
[  121.125898] other info that might help us debug this:
[  121.132542] 4 locks held by kworker/u4:2/43:
[  121.136933]  #0:         (ptrval) ((wq_completion)"ib_addr"){+.+.}, at: process_one_work+0xaef/0x1b50
[  121.146292]  #1:         (ptrval) ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0xb46/0x1b50
[  121.156855]  #2:         (ptrval) (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xa6/0x3d0
[  121.165592]  #3:         (ptrval) (&file->mut){+.+.}, at: ucma_event_handler+0x10e/0xff0
[  121.173806] 
[  121.173806] stack backtrace:
[  121.178284] CPU: 0 PID: 43 Comm: kworker/u4:2 Not tainted 4.17.0-rc5+ #82
[  121.185309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  121.194655] Workqueue: ib_addr process_one_req
[  121.199215] Call Trace:
[  121.201803]  dump_stack+0x1b9/0x294
[  121.205419]  ? dump_stack_print_info.cold.2+0x52/0x52
[  121.210587]  ? print_lock+0xd1/0xd6
[  121.214194]  ? vprintk_func+0x81/0xe7
[  121.217978]  ? ucma_event_handler+0x780/0xff0
[  121.222450]  print_unlock_imbalance_bug.cold.50+0xcc/0xd8
[  121.227969]  lock_release+0x77a/0xa10
[  121.231747]  ? ucma_event_handler+0x780/0xff0
[  121.236222]  ? lock_downgrade+0x8e0/0x8e0
[  121.240362]  ? lock_downgrade+0x8e0/0x8e0
[  121.244494]  ? mark_held_locks+0xc9/0x160
[  121.248619]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  121.253190]  __mutex_unlock_slowpath+0xeb/0x8a0
[  121.257853]  ? wait_for_completion+0x870/0x870
[  121.262430]  ? __wake_up_common_lock+0x1c2/0x300
[  121.267180]  ? __wake_up_common+0x730/0x730
[  121.271489]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  121.277008]  ? ib_copy_ah_attr_to_user+0x539/0x930
[  121.281920]  mutex_unlock+0xd/0x10
[  121.285439]  ucma_event_handler+0x780/0xff0
[  121.289740]  ? _raw_read_unlock_irqrestore+0x41/0xc0
[  121.294820]  ? ucma_destroy_id+0x540/0x540
[  121.299028]  ? cma_comp_exch+0xab/0xd0
[  121.302896]  addr_handler+0x2bd/0x3d0
[  121.306673]  ? cma_work_handler+0x1f0/0x1f0
[  121.310980]  ? graph_lock+0x170/0x170
[  121.314774]  ? cma_work_handler+0x1f0/0x1f0
[  121.319122]  process_one_req+0x2e8/0x750
[  121.323187]  ? addr_resolve+0xc20/0xc20
[  121.327162]  ? __lock_is_held+0xb5/0x140
[  121.331231]  process_one_work+0xc1e/0x1b50
[  121.335459]  ? finish_task_switch+0x28b/0x840
[  121.339944]  ? pwq_dec_nr_in_flight+0x490/0x490
[  121.344601]  ? __schedule+0x809/0x1e30
[  121.348472]  ? graph_lock+0x170/0x170
[  121.352255]  ? lock_downgrade+0x8e0/0x8e0
[  121.356406]  ? find_held_lock+0x36/0x1c0
[  121.360451]  ? lock_acquire+0x1dc/0x520
[  121.364416]  ? worker_thread+0x41f/0x1440
[  121.368547]  ? lock_downgrade+0x8e0/0x8e0
[  121.372683]  ? lock_release+0xa10/0xa10
[  121.376647]  ? kasan_check_read+0x11/0x20
[  121.380789]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  121.385360]  worker_thread+0x1cc/0x1440
[  121.389318]  ? process_one_work+0x1b50/0x1b50
[  121.393800]  ? graph_lock+0x170/0x170
[  121.397585]  ? find_held_lock+0x36/0x1c0
[  121.401629]  ? schedule+0xef/0x430
[  121.405149]  ? __schedule+0x1e30/0x1e30
[  121.409106]  ? do_raw_spin_unlock+0x9e/0x2e0
[  121.413496]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  121.418069]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  121.423588]  ? __kthread_parkme+0x111/0x1d0
[  121.427892]  ? parse_args.cold.15+0x1b3/0x1b3
[  121.432366]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  121.437363]  ? trace_hardirqs_on+0xd/0x10
[  121.441489]  kthread+0x345/0x410
[  121.444841]  ? process_one_work+0x1b50/0x1b50
[  121.449316]  ? kthread_bind+0x40/0x40
[  121.453100]  ret_from_fork+0x3a/0x50