[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.260741] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.261435] random: sshd: uninitialized urandom read (32 bytes read) [ 27.591218] random: sshd: uninitialized urandom read (32 bytes read) [ 28.138712] random: sshd: uninitialized urandom read (32 bytes read) [ 28.312646] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. [ 34.133240] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.229191] [ 34.230849] ============================================ [ 34.236438] WARNING: possible recursive locking detected [ 34.242196] 4.18.0-rc8+ #181 Not tainted [ 34.246337] -------------------------------------------- [ 34.251952] syz-executor719/4438 is trying to acquire lock: [ 34.257652] (____ptrval____) (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.268610] [ 34.268610] but task is already holding lock: [ 34.274574] (____ptrval____) (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 34.284109] [ 34.284109] other info that might help us debug this: [ 34.290854] Possible unsafe locking scenario: [ 34.290854] [ 34.297074] CPU0 [ 34.299671] ---- [ 34.302246] lock(&(&tlocks[i])->rlock); [ 34.306386] lock(&(&tlocks[i])->rlock); [ 34.310671] [ 34.310671] *** DEADLOCK *** [ 34.310671] [ 34.316721] May be due to missing lock nesting notation [ 34.316721] [ 34.323730] 3 locks held by syz-executor719/4438: [ 34.328647] #0: (____ptrval____) (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 34.335580] #1: (____ptrval____) (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 34.345552] #2: (____ptrval____) (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 34.356378] [ 34.356378] stack backtrace: [ 34.360873] CPU: 1 PID: 4438 Comm: syz-executor719 Not tainted 4.18.0-rc8+ #181 [ 34.368311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.377896] Call Trace: [ 34.380490] dump_stack+0x1c9/0x2b4 [ 34.384117] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.389306] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 34.394670] ? vprintk_func+0x81/0xe7 [ 34.398468] __lock_acquire.cold.65+0x1fb/0x486 [ 34.403134] ? __lock_acquire+0x7fc/0x5020 [ 34.407395] ? trace_hardirqs_on+0x10/0x10 [ 34.411628] ? trace_hardirqs_on+0x10/0x10 [ 34.415856] ? __lock_acquire+0x7fc/0x5020 [ 34.420149] ? rcu_is_watching+0x8c/0x150 [ 34.424321] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 34.428726] ? trace_hardirqs_on+0x10/0x10 [ 34.433054] ? __kernel_text_address+0xd/0x40 [ 34.437559] ? unwind_get_return_address+0x61/0xa0 [ 34.442633] ? __save_stack_trace+0x8d/0xf0 [ 34.446953] ? add_lock_to_list.isra.30+0x1ec/0x4b0 [ 34.451971] ? trace_hardirqs_off+0x10/0x10 [ 34.456289] ? save_stack_trace+0x1a/0x20 [ 34.460486] ? save_trace+0xe0/0x290 [ 34.464205] ? kasan_check_read+0x11/0x20 [ 34.468354] ? __lock_acquire+0x28d9/0x5020 [ 34.472672] lock_acquire+0x1e4/0x540 [ 34.476469] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.483125] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 34.489779] ? lock_release+0xa30/0xa30 [ 34.493743] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 34.498928] _raw_spin_lock_bh+0x31/0x40 [ 34.502978] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.509644] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.516119] ? kasan_check_read+0x11/0x20 [ 34.520246] ? rcu_is_watching+0x8c/0x150 [ 34.524372] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 34.528763] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60 [ 34.535497] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60 [ 34.542143] ? parse_nl_config.isra.13+0x550/0x550 [ 34.547057] ? lock_acquire+0x1e4/0x540 [ 34.551012] ? do_csum+0x345/0x410 [ 34.554551] ? lock_release+0xa30/0xa30 [ 34.558504] ? csum_partial+0x21/0x30 [ 34.562290] ? ila_init_saved_csum+0x9b/0x330 [ 34.566771] ? kasan_check_write+0x14/0x20 [ 34.570988] ? do_raw_spin_lock+0xc1/0x200 [ 34.575207] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0 [ 34.580397] ? depot_save_stack+0x291/0x470 [ 34.584702] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30 [ 34.590829] ? __kmalloc+0x14e/0x760 [ 34.594524] ? genl_rcv_msg+0xc6/0x168 [ 34.598393] ? netlink_rcv_skb+0x172/0x440 [ 34.602605] ? genl_rcv+0x28/0x40 [ 34.606046] ? netlink_unicast+0x5a0/0x760 [ 34.610257] ? netlink_sendmsg+0xa18/0xfc0 [ 34.614475] ? sock_sendmsg+0xd5/0x120 [ 34.618344] ? ___sys_sendmsg+0x7fd/0x930 [ 34.622472] ? __sys_sendmsg+0x11d/0x290 [ 34.626513] ? __x64_sys_sendmsg+0x78/0xb0 [ 34.630727] ? do_syscall_64+0x1b9/0x820 [ 34.634769] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.640175] ? find_held_lock+0x36/0x1c0 [ 34.644222] ? print_usage_bug+0xc0/0xc0 [ 34.648266] ? graph_lock+0x170/0x170 [ 34.652052] ? __lock_is_held+0xb5/0x140 [ 34.656106] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 34.661279] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.666280] ? validate_nla+0x2d9/0x7b0 [ 34.670240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.675758] ? nla_parse+0x32b/0x4e0 [ 34.679459] ? __netlink_ns_capable+0x100/0x130 [ 34.684143] genl_family_rcv_msg+0x8a3/0x1140 [ 34.688632] ? genl_unregister_family+0x8b0/0x8b0 [ 34.693483] ? lock_downgrade+0x8f0/0x8f0 [ 34.697615] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.702645] ? kasan_check_read+0x11/0x20 [ 34.706806] ? lock_acquire+0x1e4/0x540 [ 34.710765] ? genl_rcv+0x19/0x40 [ 34.714244] ? radix_tree_lookup+0x21/0x30 [ 34.718474] genl_rcv_msg+0xc6/0x168 [ 34.722175] netlink_rcv_skb+0x172/0x440 [ 34.726228] ? genl_family_rcv_msg+0x1140/0x1140 [ 34.730970] ? netlink_ack+0xbe0/0xbe0 [ 34.734841] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 34.739281] genl_rcv+0x28/0x40 [ 34.742653] netlink_unicast+0x5a0/0x760 [ 34.746703] ? netlink_attachskb+0x9a0/0x9a0 [ 34.751101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.756624] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.761662] netlink_sendmsg+0xa18/0xfc0 [ 34.765744] ? netlink_unicast+0x760/0x760 [ 34.769972] ? move_addr_to_kernel.part.18+0x100/0x100 [ 34.775240] ? security_socket_sendmsg+0x94/0xc0 [ 34.779983] ? netlink_unicast+0x760/0x760 [ 34.784212] sock_sendmsg+0xd5/0x120 [ 34.787920] ___sys_sendmsg+0x7fd/0x930 [ 34.791884] ? copy_msghdr_from_user+0x580/0x580 [ 34.796633] ? graph_lock+0x170/0x170 [ 34.800444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.805973] ? __fget_light+0x2f7/0x440 [ 34.810086] ? fget_raw+0x20/0x20 [ 34.813539] ? lock_downgrade+0x8f0/0x8f0 [ 34.817683] ? handle_mm_fault+0x8c4/0xc80 [ 34.821914] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.827508] ? sockfd_lookup_light+0xc5/0x160 [ 34.831996] __sys_sendmsg+0x11d/0x290 [ 34.835887] ? __ia32_sys_shutdown+0x80/0x80 [ 34.840314] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.845892] ? __do_page_fault+0x449/0xe50 [ 34.850220] __x64_sys_sendmsg+0x78/0xb0 [ 34.854278] do_syscall_64+0x1b9/0x820 [ 34.858184] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.863113] ? syscall_return_slowpath+0x31d/0x5e0 [ 34.868046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.873590] ? retint_user+0x18/0x18 [ 34.877302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.882138] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.887348] RIP: 0033:0x4400f9 [ 34.890530] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.909687] RSP: 002b:00007ffd81c29a08 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 34.917410] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400f9 [ 34.924792] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 3