[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.188671] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.930149] random: sshd: uninitialized urandom read (32 bytes read) [ 31.362041] random: sshd: uninitialized urandom read (32 bytes read) [ 32.097137] random: sshd: uninitialized urandom read (32 bytes read) [ 165.158726] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. [ 170.736354] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/12 22:14:34 parsed 1 programs [ 171.838861] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/12 22:14:35 executed programs: 0 [ 172.988560] IPVS: ftp: loaded support on port[0] = 21 [ 173.257929] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.265872] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.273097] device bridge_slave_0 entered promiscuous mode [ 173.292840] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.299493] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.307166] device bridge_slave_1 entered promiscuous mode [ 173.326840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.346517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.400148] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.422563] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.506048] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 173.514054] team0: Port device team_slave_0 added [ 173.532578] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 173.540110] team0: Port device team_slave_1 added [ 173.558408] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.581478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.605443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.627207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.784090] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.790617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.797818] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.804402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.363635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.420793] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 174.476986] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 174.483494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.492235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.542214] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.944596] hrtimer: interrupt took 26740 ns [ 175.276240] [ 175.277885] ===================================== [ 175.282708] WARNING: bad unlock balance detected! [ 175.287595] 4.19.0-rc3+ #10 Not tainted [ 175.291548] ------------------------------------- [ 175.296366] kworker/u4:1/23 is trying to release lock (&file->mut) at: [ 175.303022] [] ucma_event_handler+0x788/0xff0 [ 175.309057] but there are no more locks to release! [ 175.314052] [ 175.314052] other info that might help us debug this: [ 175.320701] 4 locks held by kworker/u4:1/23: [ 175.325084] #0: 0000000016ecb973 ((wq_completion)"ib_addr"){+.+.}, at: process_one_work+0xb43/0x1b90 [ 175.334478] #1: 00000000706c6e20 ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0xb9a/0x1b90 [ 175.345109] #2: 00000000979e10cc (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xef/0x5e0 [ 175.353917] #3: 00000000be6ddddc (&file->mut){+.+.}, at: ucma_event_handler+0x116/0xff0 [ 175.362145] [ 175.362145] stack backtrace: [ 175.366626] CPU: 0 PID: 23 Comm: kworker/u4:1 Not tainted 4.19.0-rc3+ #10 [ 175.373525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.382865] Workqueue: ib_addr process_one_req [ 175.387464] Call Trace: [ 175.390041] dump_stack+0x1c4/0x2b4 [ 175.393654] ? dump_stack_print_info.cold.2+0x52/0x52 [ 175.398832] ? vprintk_func+0x85/0x181 [ 175.402701] ? ucma_event_handler+0x788/0xff0 [ 175.407177] print_unlock_imbalance_bug.cold.48+0xcc/0xd8 [ 175.412698] lock_release+0x785/0x970 [ 175.416527] ? ucma_event_handler+0x788/0xff0 [ 175.421015] ? lock_downgrade+0x900/0x900 [ 175.425145] ? mark_held_locks+0xc7/0x130 [ 175.429276] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 175.434373] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 175.439457] ? lockdep_hardirqs_on+0x421/0x5c0 [ 175.444019] ? trace_hardirqs_on+0xbd/0x310 [ 175.448322] ? kasan_check_read+0x11/0x20 [ 175.452450] ? __wake_up_common_lock+0x1d0/0x330 [ 175.457188] __mutex_unlock_slowpath+0x102/0x8c0 [ 175.461924] ? do_raw_spin_lock+0xc1/0x200 [ 175.466299] ? wait_for_completion+0x8a0/0x8a0 [ 175.470866] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 175.475955] ? __wake_up_common_lock+0x1d0/0x330 [ 175.480694] ? __wake_up_common+0x7d0/0x7d0 [ 175.485003] ? ucma_event_handler+0xd4/0xff0 [ 175.489395] ? rcu_read_lock_sched_held+0x108/0x120 [ 175.494401] mutex_unlock+0xd/0x10 [ 175.497929] ucma_event_handler+0x788/0xff0 [ 175.502232] ? ucma_destroy_id+0x550/0x550 [ 175.506446] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 175.511527] ? cma_comp_exch+0xa8/0xd0 [ 175.515405] addr_handler+0x2ac/0x5e0 [ 175.519204] ? cma_work_handler+0x1f0/0x1f0 [ 175.523520] ? debug_object_deactivate+0x2eb/0x450 [ 175.528435] process_one_req+0x1a6/0x940 [ 175.532479] ? addr_resolve+0xc40/0xc40 [ 175.536434] ? graph_lock+0x170/0x170 [ 175.540219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.545829] ? check_preemption_disabled+0x48/0x200 [ 175.550835] ? check_preemption_disabled+0x48/0x200 [ 175.555835] ? __lock_is_held+0xb5/0x140 [ 175.559876] process_one_work+0xc90/0x1b90 [ 175.564095] ? mark_held_locks+0x130/0x130 [ 175.568317] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 175.572970] ? __switch_to_asm+0x40/0x70 [ 175.577017] ? __switch_to_asm+0x34/0x70 [ 175.581057] ? __switch_to_asm+0x40/0x70 [ 175.585100] ? __switch_to_asm+0x34/0x70 [ 175.589143] ? __switch_to_asm+0x40/0x70 [ 175.593181] ? __switch_to_asm+0x34/0x70 [ 175.597218] ? __switch_to_asm+0x40/0x70 [ 175.601255] ? __switch_to_asm+0x34/0x70 [ 175.605295] ? __switch_to_asm+0x40/0x70 [ 175.609345] ? __schedule+0x874/0x1ed0 [ 175.613216] ? graph_lock+0x170/0x170 [ 175.617007] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.621743] ? lockdep_hardirqs_on+0x421/0x5c0 [ 175.626304] ? find_held_lock+0x36/0x1c0 [ 175.630355] ? lock_acquire+0x1ed/0x520 [ 175.634314] ? worker_thread+0x3e0/0x1390 [ 175.638444] ? lock_release+0x970/0x970 [ 175.642402] ? trace_hardirqs_off+0xb8/0x310 [ 175.646790] ? kasan_check_read+0x11/0x20 [ 175.650917] ? worker_thread+0x3e0/0x1390 [ 175.655043] ? trace_hardirqs_on+0x310/0x310 [ 175.659430] ? kasan_check_write+0x14/0x20 [ 175.663643] ? do_raw_spin_lock+0xc1/0x200 [ 175.667857] worker_thread+0x17f/0x1390 [ 175.671817] ? __switch_to_asm+0x34/0x70 [ 175.675866] ? process_one_work+0x1b90/0x1b90 [ 175.680343] ? graph_lock+0x170/0x170 [ 175.684301] ? __sched_text_start+0x8/0x8 [ 175.688430] ? find_held_lock+0x36/0x1c0 [ 175.692474] ? __kthread_parkme+0xce/0x1a0 [ 175.696695] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 175.701779] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 175.706862] ? lockdep_hardirqs_on+0x421/0x5c0 [ 175.711427] ? trace_hardirqs_on+0xbd/0x310 [ 175.715730] ? kasan_check_read+0x11/0x20 [ 175.719859] ? __kthread_parkme+0xce/0x1a0 [ 175.724078] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 175.729511] ? kasan_check_write+0x14/0x20 [ 175.733731] ? do_raw_spin_lock+0xc1/0x200 [ 175.737948] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 175.743033] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.748576] ? __kthread_parkme+0xfb/0x1a0 [ 175.752797] kthread+0x35a/0x420 [ 175.756145] ? process_one_work+0x1b90/0x1b90 [ 175.760618] ? kthread_bind+0x40/0x40 [ 175.764397] ret_from_fork+0x3a/0x50