[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 17.675411] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.748487] random: sshd: uninitialized urandom read (32 bytes read) [ 21.941607] random: sshd: uninitialized urandom read (32 bytes read) [ 22.467798] random: sshd: uninitialized urandom read (32 bytes read) [ 34.154302] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. [ 39.604098] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.694750] [ 39.696389] ============================================ [ 39.701824] WARNING: possible recursive locking detected [ 39.707257] 4.18.0-rc8+ #179 Not tainted [ 39.711287] -------------------------------------------- [ 39.716711] syz-executor362/4334 is trying to acquire lock: [ 39.722392] (____ptrval____) (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 39.733216] [ 39.733216] but task is already holding lock: [ 39.739163] (____ptrval____) (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 39.748681] [ 39.748681] other info that might help us debug this: [ 39.755324] Possible unsafe locking scenario: [ 39.755324] [ 39.761501] CPU0 [ 39.764128] ---- [ 39.766697] lock(&(&tlocks[i])->rlock); [ 39.770824] lock(&(&tlocks[i])->rlock); [ 39.774948] [ 39.774948] *** DEADLOCK *** [ 39.774948] [ 39.781202] May be due to missing lock nesting notation [ 39.781202] [ 39.788108] 3 locks held by syz-executor362/4334: [ 39.792926] #0: (____ptrval____) (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 39.799850] #1: (____ptrval____) (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 39.809808] #2: (____ptrval____) (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 39.820459] [ 39.820459] stack backtrace: [ 39.824936] CPU: 0 PID: 4334 Comm: syz-executor362 Not tainted 4.18.0-rc8+ #179 [ 39.832356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.841688] Call Trace: [ 39.844257] dump_stack+0x1c9/0x2b4 [ 39.847866] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.853048] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 39.858398] ? vprintk_func+0x81/0xe7 [ 39.862178] __lock_acquire.cold.65+0x1fb/0x486 [ 39.866827] ? __lock_acquire+0x7fc/0x5020 [ 39.871051] ? trace_hardirqs_on+0x10/0x10 [ 39.875268] ? trace_hardirqs_on+0x10/0x10 [ 39.879483] ? __lock_acquire+0x7fc/0x5020 [ 39.883696] ? rcu_is_watching+0x8c/0x150 [ 39.887825] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 39.892214] ? trace_hardirqs_on+0x10/0x10 [ 39.896439] ? __kernel_text_address+0xd/0x40 [ 39.900966] ? unwind_get_return_address+0x61/0xa0 [ 39.905883] ? __save_stack_trace+0x8d/0xf0 [ 39.910188] ? add_lock_to_list.isra.30+0x1ec/0x4b0 [ 39.915185] ? trace_hardirqs_off+0x10/0x10 [ 39.919568] ? save_stack_trace+0x1a/0x20 [ 39.923701] ? save_trace+0xe0/0x290 [ 39.927400] ? kasan_check_read+0x11/0x20 [ 39.931535] ? __lock_acquire+0x28d9/0x5020 [ 39.935841] lock_acquire+0x1e4/0x540 [ 39.939626] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 39.946273] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 39.952918] ? lock_release+0xa30/0xa30 [ 39.956873] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 39.962053] _raw_spin_lock_bh+0x31/0x40 [ 39.966097] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 39.972746] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 39.979218] ? kasan_check_read+0x11/0x20 [ 39.983344] ? rcu_is_watching+0x8c/0x150 [ 39.987471] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 39.991863] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60 [ 39.998596] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60 [ 40.005242] ? parse_nl_config.isra.13+0x550/0x550 [ 40.010159] ? lock_acquire+0x1e4/0x540 [ 40.014113] ? lock_release+0xa30/0xa30 [ 40.018071] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.023588] ? ila_init_saved_csum+0x9b/0x330 [ 40.028081] ? kasan_check_write+0x14/0x20 [ 40.032296] ? do_raw_spin_lock+0xc1/0x200 [ 40.036528] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0 [ 40.041747] ? depot_save_stack+0x291/0x470 [ 40.046060] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30 [ 40.052187] ? __kmalloc+0x14e/0x760 [ 40.055886] ? genl_rcv_msg+0xc6/0x168 [ 40.059755] ? netlink_rcv_skb+0x172/0x440 [ 40.063972] ? genl_rcv+0x28/0x40 [ 40.067493] ? netlink_unicast+0x5a0/0x760 [ 40.071706] ? netlink_sendmsg+0xa18/0xfc0 [ 40.075922] ? sock_sendmsg+0xd5/0x120 [ 40.079790] ? ___sys_sendmsg+0x7fd/0x930 [ 40.083916] ? __sys_sendmsg+0x11d/0x290 [ 40.087953] ? __x64_sys_sendmsg+0x78/0xb0 [ 40.092169] ? do_syscall_64+0x1b9/0x820 [ 40.096210] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.101565] ? find_held_lock+0x36/0x1c0 [ 40.105609] ? print_usage_bug+0xc0/0xc0 [ 40.109653] ? graph_lock+0x170/0x170 [ 40.113442] ? __lock_is_held+0xb5/0x140 [ 40.117492] ? __lock_is_held+0xb5/0x140 [ 40.121535] ? memset+0x31/0x40 [ 40.124797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.130318] ? nla_parse+0x32b/0x4e0 [ 40.134027] ? __netlink_ns_capable+0x100/0x130 [ 40.138687] genl_family_rcv_msg+0x8a3/0x1140 [ 40.143168] ? genl_unregister_family+0x8b0/0x8b0 [ 40.147998] ? lock_downgrade+0x8f0/0x8f0 [ 40.152139] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.157137] ? kasan_check_read+0x11/0x20 [ 40.161267] ? lock_acquire+0x1e4/0x540 [ 40.165218] ? genl_rcv+0x19/0x40 [ 40.168653] ? radix_tree_lookup+0x21/0x30 [ 40.172870] genl_rcv_msg+0xc6/0x168 [ 40.176571] netlink_rcv_skb+0x172/0x440 [ 40.180614] ? genl_family_rcv_msg+0x1140/0x1140 [ 40.185350] ? netlink_ack+0xbe0/0xbe0 [ 40.189215] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 40.193609] genl_rcv+0x28/0x40 [ 40.196877] netlink_unicast+0x5a0/0x760 [ 40.200923] ? netlink_attachskb+0x9a0/0x9a0 [ 40.205311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.210828] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.215823] netlink_sendmsg+0xa18/0xfc0 [ 40.219866] ? netlink_unicast+0x760/0x760 [ 40.224088] ? move_addr_to_kernel.part.18+0x100/0x100 [ 40.229345] ? security_socket_sendmsg+0x94/0xc0 [ 40.234079] ? netlink_unicast+0x760/0x760 [ 40.238295] sock_sendmsg+0xd5/0x120 [ 40.242094] ___sys_sendmsg+0x7fd/0x930 [ 40.246169] ? copy_msghdr_from_user+0x580/0x580 [ 40.250909] ? graph_lock+0x170/0x170 [ 40.254692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.260208] ? __fget_light+0x2f7/0x440 [ 40.264161] ? fget_raw+0x20/0x20 [ 40.267599] ? lock_downgrade+0x8f0/0x8f0 [ 40.271727] ? handle_mm_fault+0x8c4/0xc80 [ 40.275941] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.281458] ? sockfd_lookup_light+0xc5/0x160 [ 40.285932] __sys_sendmsg+0x11d/0x290 [ 40.289803] ? __ia32_sys_shutdown+0x80/0x80 [ 40.294194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.299712] ? __do_page_fault+0x449/0xe50 [ 40.304039] __x64_sys_sendmsg+0x78/0xb0 [ 40.308101] do_syscall_64+0x1b9/0x820 [ 40.311969] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.316880] ? syscall_return_slowpath+0x31d/0x5e0 [ 40.321789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.327307] ? retint_user+0x18/0x18 [ 40.331003] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.335836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.341001] RIP: 0033:0x4400c9 [ 40.344173] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.363258] RSP: 002b:00007fff0efb9fb8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 40.370944] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400c9 [ 40.378191] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 40.385439] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 40.392690] R10: 0000000000000000 R11: 0000000000000213