[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.951432] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.593159] random: sshd: uninitialized urandom read (32 bytes read) [ 26.006783] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.572637] random: sshd: uninitialized urandom read (32 bytes read) [ 26.755101] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts. [ 32.447818] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.559113] netlink: 'syz-executor341': attribute type 8 has an invalid length. [ 32.567293] [ 32.568924] ============================================ [ 32.574346] WARNING: possible recursive locking detected [ 32.579773] 4.18.0-next-20180814+ #38 Not tainted [ 32.584592] -------------------------------------------- [ 32.590017] syz-executor341/4479 is trying to acquire lock: [ 32.595709] 000000005ca674d4 (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 32.606547] [ 32.606547] but task is already holding lock: [ 32.612499] 000000001a478d33 (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 32.622045] [ 32.622045] other info that might help us debug this: [ 32.628694] Possible unsafe locking scenario: [ 32.628694] [ 32.634728] CPU0 [ 32.637285] ---- [ 32.639841] lock(&(&tlocks[i])->rlock); [ 32.643982] lock(&(&tlocks[i])->rlock); [ 32.648109] [ 32.648109] *** DEADLOCK *** [ 32.648109] [ 32.654147] May be due to missing lock nesting notation [ 32.654147] [ 32.661053] 3 locks held by syz-executor341/4479: [ 32.665904] #0: 000000001c86fe47 (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 32.672839] #1: 000000001a478d33 (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 32.682826] #2: 000000002cbc2aa0 (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 32.693489] [ 32.693489] stack backtrace: [ 32.697974] CPU: 0 PID: 4479 Comm: syz-executor341 Not tainted 4.18.0-next-20180814+ #38 [ 32.706177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.715509] Call Trace: [ 32.718083] dump_stack+0x1c9/0x2b4 [ 32.721709] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.726891] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 32.732252] ? vprintk_func+0x81/0x117 [ 32.736136] __lock_acquire.cold.62+0x1fb/0x486 [ 32.740785] ? __lock_acquire+0x7fc/0x5020 [ 32.745000] ? mark_held_locks+0x160/0x160 [ 32.749235] ? mark_held_locks+0x160/0x160 [ 32.753454] ? __lock_acquire+0x7fc/0x5020 [ 32.757670] ? rcu_is_watching+0x8c/0x150 [ 32.761806] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.766510] ? mark_held_locks+0x160/0x160 [ 32.770752] ? __kernel_text_address+0xd/0x40 [ 32.775228] ? unwind_get_return_address+0x61/0xa0 [ 32.780161] ? __save_stack_trace+0x8d/0xf0 [ 32.784468] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 32.789469] ? save_trace+0x290/0x290 [ 32.793255] ? save_stack_trace+0x1a/0x20 [ 32.797385] ? save_trace+0xe0/0x290 [ 32.801095] ? kasan_check_read+0x11/0x20 [ 32.805236] ? __lock_acquire+0x28d9/0x5020 [ 32.809538] lock_acquire+0x1e4/0x4f0 [ 32.813337] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 32.819998] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 32.826646] ? lock_release+0x9f0/0x9f0 [ 32.830608] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 32.835787] _raw_spin_lock_bh+0x31/0x40 [ 32.839838] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 32.846494] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 32.852985] ? kasan_check_read+0x11/0x20 [ 32.857115] ? rcu_is_watching+0x8c/0x150 [ 32.861274] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.865938] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60 [ 32.872686] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60 [ 32.879336] ? parse_nl_config.isra.13+0x550/0x550 [ 32.884260] ? lock_acquire+0x1e4/0x4f0 [ 32.888214] ? lock_release+0x9f0/0x9f0 [ 32.892177] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.897708] ? ila_init_saved_csum+0x9b/0x330 [ 32.902200] ? kasan_check_write+0x14/0x20 [ 32.906457] ? do_raw_spin_lock+0xc1/0x200 [ 32.910692] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0 [ 32.915881] ? wake_up_klogd+0x110/0x110 [ 32.919938] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30 [ 32.926084] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.930648] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.934952] ? kasan_check_read+0x11/0x20 [ 32.939089] ? ___ratelimit+0x36f/0x655 [ 32.943088] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.948175] ? do_raw_spin_lock+0x200/0x200 [ 32.952484] ? vprintk_default+0x28/0x30 [ 32.956527] ? vprintk_func+0x81/0x117 [ 32.960394] ? printk+0xa7/0xcf [ 32.963673] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.968420] ? __kmalloc+0x272/0x720 [ 32.972118] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 32.977309] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 32.982313] ? validate_nla+0x2d9/0x7b0 [ 32.986274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.991798] ? nla_parse+0x32b/0x4e0 [ 32.995499] ? __netlink_ns_capable+0x100/0x130 [ 33.000151] genl_family_rcv_msg+0x8a3/0x1140 [ 33.004629] ? genl_unregister_family+0x8b0/0x8b0 [ 33.009453] ? lock_downgrade+0x8f0/0x8f0 [ 33.013584] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.018581] ? kasan_check_read+0x11/0x20 [ 33.022739] ? lock_acquire+0x1e4/0x4f0 [ 33.026704] ? genl_rcv+0x19/0x40 [ 33.030146] ? radix_tree_lookup+0x21/0x30 [ 33.034361] genl_rcv_msg+0xc6/0x168 [ 33.038056] netlink_rcv_skb+0x172/0x440 [ 33.042101] ? genl_family_rcv_msg+0x1140/0x1140 [ 33.046859] ? netlink_ack+0xbe0/0xbe0 [ 33.050742] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.055390] genl_rcv+0x28/0x40 [ 33.058662] netlink_unicast+0x5a0/0x760 [ 33.062728] ? netlink_attachskb+0x9a0/0x9a0 [ 33.067133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.072652] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.077649] netlink_sendmsg+0xa18/0xfc0 [ 33.081699] ? netlink_unicast+0x760/0x760 [ 33.085923] ? move_addr_to_kernel.part.18+0x100/0x100 [ 33.091184] ? security_socket_sendmsg+0x94/0xc0 [ 33.095957] ? netlink_unicast+0x760/0x760 [ 33.100212] sock_sendmsg+0xd5/0x120 [ 33.103913] ___sys_sendmsg+0x7fd/0x930 [ 33.107882] ? copy_msghdr_from_user+0x580/0x580 [ 33.112885] ? graph_lock+0x170/0x170 [ 33.116687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.122207] ? __fget_light+0x2f7/0x440 [ 33.126181] ? fget_raw+0x20/0x20 [ 33.129620] ? __do_page_fault+0x620/0xe50 [ 33.133838] ? lock_downgrade+0x8f0/0x8f0 [ 33.137983] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.143502] ? sockfd_lookup_light+0xc5/0x160 [ 33.147984] __sys_sendmsg+0x11d/0x290 [ 33.151860] ? __ia32_sys_shutdown+0x80/0x80 [ 33.156283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.161820] ? __do_page_fault+0x449/0xe50 [ 33.166050] ? do_syscall_64+0x9a/0x820 [ 33.170008] ? do_syscall_64+0x9a/0x820 [ 33.173967] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.179058] __x64_sys_sendmsg+0x78/0xb0 [ 33.183102] do_syscall_64+0x1b9/0x820 [ 33.186979] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.192327] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.197236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.202064] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.207065] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.212066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.217585] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.222584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.227410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.232579] RIP: 0033:0x4400e9 [ 33.235758] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 33.254641] RSP: 002b:00007ffcf6187748 EFLAGS: 00000213 ORIG_RAX: 000000000000002e