[....] Starting OpenBSD Secure Shell server: sshd[ 22.280451] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 22.562170] random: sshd: uninitialized urandom read (32 bytes read) [ 22.801877] random: sshd: uninitialized urandom read (32 bytes read) [ 23.339474] random: sshd: uninitialized urandom read (32 bytes read) [ 23.518781] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. syzkaller login: [ 29.016462] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 29.118448] [ 29.120105] ============================================ [ 29.125714] WARNING: possible recursive locking detected [ 29.131454] 4.18.0-rc8-next-20180810+ #36 Not tainted [ 29.136722] -------------------------------------------- [ 29.142298] syz-executor440/4428 is trying to acquire lock: [ 29.148166] 00000000e606f0a7 (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 29.159010] [ 29.159010] but task is already holding lock: [ 29.165062] 00000000be84befc (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 29.174859] [ 29.174859] other info that might help us debug this: [ 29.181519] Possible unsafe locking scenario: [ 29.181519] [ 29.187682] CPU0 [ 29.190277] ---- [ 29.192859] lock(&(&tlocks[i])->rlock); [ 29.196999] lock(&(&tlocks[i])->rlock); [ 29.201141] [ 29.201141] *** DEADLOCK *** [ 29.201141] [ 29.207207] May be due to missing lock nesting notation [ 29.207207] [ 29.214170] 3 locks held by syz-executor440/4428: [ 29.219070] #0: 00000000e04b2a92 (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 29.226033] #1: 00000000be84befc (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 29.236006] #2: 00000000ffb4f555 (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 29.246728] [ 29.246728] stack backtrace: [ 29.251233] CPU: 0 PID: 4428 Comm: syz-executor440 Not tainted 4.18.0-rc8-next-20180810+ #36 [ 29.259809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.269197] Call Trace: [ 29.271796] dump_stack+0x1c9/0x2b4 [ 29.275581] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.280766] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 29.286214] ? vprintk_func+0x81/0x117 [ 29.290259] __lock_acquire.cold.65+0x1fb/0x486 [ 29.294925] ? __lock_acquire+0x7fc/0x5020 [ 29.299157] ? trace_hardirqs_on+0x10/0x10 [ 29.303399] ? trace_hardirqs_on+0x10/0x10 [ 29.307652] ? __lock_acquire+0x7fc/0x5020 [ 29.311971] ? rcu_is_watching+0x8c/0x150 [ 29.316115] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 29.320983] ? trace_hardirqs_on+0x10/0x10 [ 29.325224] ? __kernel_text_address+0xd/0x40 [ 29.329782] ? unwind_get_return_address+0x61/0xa0 [ 29.334825] ? __save_stack_trace+0x8d/0xf0 [ 29.339146] ? add_lock_to_list.isra.30+0x1ec/0x4b0 [ 29.344169] ? trace_hardirqs_off+0x10/0x10 [ 29.348499] ? save_stack_trace+0x1a/0x20 [ 29.352730] ? save_trace+0xe0/0x290 [ 29.356526] ? kasan_check_read+0x11/0x20 [ 29.360689] ? __lock_acquire+0x28d9/0x5020 [ 29.365063] lock_acquire+0x1e4/0x540 [ 29.369013] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 29.375684] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 29.382346] ? lock_release+0xa30/0xa30 [ 29.386408] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 29.391597] _raw_spin_lock_bh+0x31/0x40 [ 29.395675] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 29.402339] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 29.408941] ? kasan_check_read+0x11/0x20 [ 29.413222] ? rcu_is_watching+0x8c/0x150 [ 29.417377] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 29.422061] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60 [ 29.428927] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60 [ 29.435592] ? parse_nl_config.isra.13+0x550/0x550 [ 29.440516] ? lock_acquire+0x1e4/0x540 [ 29.444484] ? do_csum+0x345/0x410 [ 29.448079] ? lock_release+0xa30/0xa30 [ 29.452189] ? csum_partial+0x21/0x30 [ 29.456085] ? ila_init_saved_csum+0x9b/0x330 [ 29.460576] ? kasan_check_write+0x14/0x20 [ 29.464865] ? do_raw_spin_lock+0xc1/0x200 [ 29.469102] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0 [ 29.474289] ? depot_save_stack+0x291/0x470 [ 29.478806] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30 [ 29.484986] ? __kmalloc+0x14e/0x760 [ 29.488755] ? genl_rcv_msg+0xc6/0x168 [ 29.492670] ? netlink_rcv_skb+0x172/0x440 [ 29.496899] ? genl_rcv+0x28/0x40 [ 29.500346] ? netlink_unicast+0x5a0/0x760 [ 29.504586] ? netlink_sendmsg+0xa18/0xfc0 [ 29.509131] ? sock_sendmsg+0xd5/0x120 [ 29.513019] ? ___sys_sendmsg+0x7fd/0x930 [ 29.517163] ? __sys_sendmsg+0x11d/0x290 [ 29.521309] ? __x64_sys_sendmsg+0x78/0xb0 [ 29.525704] ? do_syscall_64+0x1b9/0x820 [ 29.529763] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.535266] ? find_held_lock+0x36/0x1c0 [ 29.539461] ? print_usage_bug+0xc0/0xc0 [ 29.543672] ? graph_lock+0x170/0x170 [ 29.547496] ? __lock_is_held+0xb5/0x140 [ 29.551558] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 29.556746] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 29.561759] ? validate_nla+0x2d9/0x7b0 [ 29.565846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.571380] ? nla_parse+0x32b/0x4e0 [ 29.575097] ? __netlink_ns_capable+0x100/0x130 [ 29.579763] genl_family_rcv_msg+0x8a3/0x1140 [ 29.584566] ? genl_unregister_family+0x8b0/0x8b0 [ 29.589493] ? lock_downgrade+0x8f0/0x8f0 [ 29.593768] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 29.598783] ? kasan_check_read+0x11/0x20 [ 29.602927] ? lock_acquire+0x1e4/0x540 [ 29.606986] ? genl_rcv+0x19/0x40 [ 29.610438] ? radix_tree_lookup+0x21/0x30 [ 29.614806] genl_rcv_msg+0xc6/0x168 [ 29.618513] netlink_rcv_skb+0x172/0x440 [ 29.622677] ? genl_family_rcv_msg+0x1140/0x1140 [ 29.627479] ? netlink_ack+0xbe0/0xbe0 [ 29.631417] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 29.636081] genl_rcv+0x28/0x40 [ 29.639358] netlink_unicast+0x5a0/0x760 [ 29.643559] ? netlink_attachskb+0x9a0/0x9a0 [ 29.648231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.653982] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 29.658997] netlink_sendmsg+0xa18/0xfc0 [ 29.663053] ? netlink_unicast+0x760/0x760 [ 29.667288] ? move_addr_to_kernel.part.18+0x100/0x100 [ 29.672938] ? security_socket_sendmsg+0x94/0xc0 [ 29.677805] ? netlink_unicast+0x760/0x760 [ 29.682034] sock_sendmsg+0xd5/0x120 [ 29.685761] ___sys_sendmsg+0x7fd/0x930 [ 29.689737] ? copy_msghdr_from_user+0x580/0x580 [ 29.694519] ? graph_lock+0x170/0x170 [ 29.698321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.703906] ? __fget_light+0x2f7/0x440 [ 29.707930] ? fget_raw+0x20/0x20 [ 29.711382] ? lock_downgrade+0x8f0/0x8f0 [ 29.715610] ? handle_mm_fault+0x8c4/0xc80 [ 29.720020] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.725554] ? sockfd_lookup_light+0xc5/0x160 [ 29.730042] __sys_sendmsg+0x11d/0x290 [ 29.733928] ? __ia32_sys_shutdown+0x80/0x80 [ 29.738335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.743870] ? __do_page_fault+0x449/0xe50 [ 29.748156] __x64_sys_sendmsg+0x78/0xb0 [ 29.752345] do_syscall_64+0x1b9/0x820 [ 29.756238] ? syscall_return_slowpath+0x5e0/0x5e0 [ 29.761267] ? syscall_return_slowpath+0x31d/0x5e0 [ 29.766206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.771753] ? retint_user+0x18/0x18 [ 29.775526] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.780366] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.785603] RIP: 0033:0x4400f9 [ 29.788825] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 29.808562] RSP: 002b:00007ffc22d55078 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 29.816274] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00