[....] Starting OpenBSD Secure Shell server: sshd[ 22.280451] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 22.562170] random: sshd: uninitialized urandom read (32 bytes read)
[ 22.801877] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.339474] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.518781] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
syzkaller login: [ 29.016462] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 29.118448]
[ 29.120105] ============================================
[ 29.125714] WARNING: possible recursive locking detected
[ 29.131454] 4.18.0-rc8-next-20180810+ #36 Not tainted
[ 29.136722] --------------------------------------------
[ 29.142298] syz-executor440/4428 is trying to acquire lock:
[ 29.148166] 00000000e606f0a7 (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0
[ 29.159010]
[ 29.159010] but task is already holding lock:
[ 29.165062] 00000000be84befc (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0
[ 29.174859]
[ 29.174859] other info that might help us debug this:
[ 29.181519] Possible unsafe locking scenario:
[ 29.181519]
[ 29.187682] CPU0
[ 29.190277] ----
[ 29.192859] lock(&(&tlocks[i])->rlock);
[ 29.196999] lock(&(&tlocks[i])->rlock);
[ 29.201141]
[ 29.201141] *** DEADLOCK ***
[ 29.201141]
[ 29.207207] May be due to missing lock nesting notation
[ 29.207207]
[ 29.214170] 3 locks held by syz-executor440/4428:
[ 29.219070] #0: 00000000e04b2a92 (cb_lock){++++}, at: genl_rcv+0x19/0x40
[ 29.226033] #1: 00000000be84befc (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0
[ 29.236006] #2: 00000000ffb4f555 (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0
[ 29.246728]
[ 29.246728] stack backtrace:
[ 29.251233] CPU: 0 PID: 4428 Comm: syz-executor440 Not tainted 4.18.0-rc8-next-20180810+ #36
[ 29.259809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.269197] Call Trace:
[ 29.271796] dump_stack+0x1c9/0x2b4
[ 29.275581] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.280766] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0
[ 29.286214] ? vprintk_func+0x81/0x117
[ 29.290259] __lock_acquire.cold.65+0x1fb/0x486
[ 29.294925] ? __lock_acquire+0x7fc/0x5020
[ 29.299157] ? trace_hardirqs_on+0x10/0x10
[ 29.303399] ? trace_hardirqs_on+0x10/0x10
[ 29.307652] ? __lock_acquire+0x7fc/0x5020
[ 29.311971] ? rcu_is_watching+0x8c/0x150
[ 29.316115] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 29.320983] ? trace_hardirqs_on+0x10/0x10
[ 29.325224] ? __kernel_text_address+0xd/0x40
[ 29.329782] ? unwind_get_return_address+0x61/0xa0
[ 29.334825] ? __save_stack_trace+0x8d/0xf0
[ 29.339146] ? add_lock_to_list.isra.30+0x1ec/0x4b0
[ 29.344169] ? trace_hardirqs_off+0x10/0x10
[ 29.348499] ? save_stack_trace+0x1a/0x20
[ 29.352730] ? save_trace+0xe0/0x290
[ 29.356526] ? kasan_check_read+0x11/0x20
[ 29.360689] ? __lock_acquire+0x28d9/0x5020
[ 29.365063] lock_acquire+0x1e4/0x540
[ 29.369013] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0
[ 29.375684] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0
[ 29.382346] ? lock_release+0xa30/0xa30
[ 29.386408] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 29.391597] _raw_spin_lock_bh+0x31/0x40
[ 29.395675] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0
[ 29.402339] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0
[ 29.408941] ? kasan_check_read+0x11/0x20
[ 29.413222] ? rcu_is_watching+0x8c/0x150
[ 29.417377] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 29.422061] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60
[ 29.428927] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60
[ 29.435592] ? parse_nl_config.isra.13+0x550/0x550
[ 29.440516] ? lock_acquire+0x1e4/0x540
[ 29.444484] ? do_csum+0x345/0x410
[ 29.448079] ? lock_release+0xa30/0xa30
[ 29.452189] ? csum_partial+0x21/0x30
[ 29.456085] ? ila_init_saved_csum+0x9b/0x330
[ 29.460576] ? kasan_check_write+0x14/0x20
[ 29.464865] ? do_raw_spin_lock+0xc1/0x200
[ 29.469102] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0
[ 29.474289] ? depot_save_stack+0x291/0x470
[ 29.478806] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30
[ 29.484986] ? __kmalloc+0x14e/0x760
[ 29.488755] ? genl_rcv_msg+0xc6/0x168
[ 29.492670] ? netlink_rcv_skb+0x172/0x440
[ 29.496899] ? genl_rcv+0x28/0x40
[ 29.500346] ? netlink_unicast+0x5a0/0x760
[ 29.504586] ? netlink_sendmsg+0xa18/0xfc0
[ 29.509131] ? sock_sendmsg+0xd5/0x120
[ 29.513019] ? ___sys_sendmsg+0x7fd/0x930
[ 29.517163] ? __sys_sendmsg+0x11d/0x290
[ 29.521309] ? __x64_sys_sendmsg+0x78/0xb0
[ 29.525704] ? do_syscall_64+0x1b9/0x820
[ 29.529763] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 29.535266] ? find_held_lock+0x36/0x1c0
[ 29.539461] ? print_usage_bug+0xc0/0xc0
[ 29.543672] ? graph_lock+0x170/0x170
[ 29.547496] ? __lock_is_held+0xb5/0x140
[ 29.551558] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 29.556746] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.561759] ? validate_nla+0x2d9/0x7b0
[ 29.565846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.571380] ? nla_parse+0x32b/0x4e0
[ 29.575097] ? __netlink_ns_capable+0x100/0x130
[ 29.579763] genl_family_rcv_msg+0x8a3/0x1140
[ 29.584566] ? genl_unregister_family+0x8b0/0x8b0
[ 29.589493] ? lock_downgrade+0x8f0/0x8f0
[ 29.593768] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.598783] ? kasan_check_read+0x11/0x20
[ 29.602927] ? lock_acquire+0x1e4/0x540
[ 29.606986] ? genl_rcv+0x19/0x40
[ 29.610438] ? radix_tree_lookup+0x21/0x30
[ 29.614806] genl_rcv_msg+0xc6/0x168
[ 29.618513] netlink_rcv_skb+0x172/0x440
[ 29.622677] ? genl_family_rcv_msg+0x1140/0x1140
[ 29.627479] ? netlink_ack+0xbe0/0xbe0
[ 29.631417] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 29.636081] genl_rcv+0x28/0x40
[ 29.639358] netlink_unicast+0x5a0/0x760
[ 29.643559] ? netlink_attachskb+0x9a0/0x9a0
[ 29.648231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.653982] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.658997] netlink_sendmsg+0xa18/0xfc0
[ 29.663053] ? netlink_unicast+0x760/0x760
[ 29.667288] ? move_addr_to_kernel.part.18+0x100/0x100
[ 29.672938] ? security_socket_sendmsg+0x94/0xc0
[ 29.677805] ? netlink_unicast+0x760/0x760
[ 29.682034] sock_sendmsg+0xd5/0x120
[ 29.685761] ___sys_sendmsg+0x7fd/0x930
[ 29.689737] ? copy_msghdr_from_user+0x580/0x580
[ 29.694519] ? graph_lock+0x170/0x170
[ 29.698321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.703906] ? __fget_light+0x2f7/0x440
[ 29.707930] ? fget_raw+0x20/0x20
[ 29.711382] ? lock_downgrade+0x8f0/0x8f0
[ 29.715610] ? handle_mm_fault+0x8c4/0xc80
[ 29.720020] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 29.725554] ? sockfd_lookup_light+0xc5/0x160
[ 29.730042] __sys_sendmsg+0x11d/0x290
[ 29.733928] ? __ia32_sys_shutdown+0x80/0x80
[ 29.738335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.743870] ? __do_page_fault+0x449/0xe50
[ 29.748156] __x64_sys_sendmsg+0x78/0xb0
[ 29.752345] do_syscall_64+0x1b9/0x820
[ 29.756238] ? syscall_return_slowpath+0x5e0/0x5e0
[ 29.761267] ? syscall_return_slowpath+0x31d/0x5e0
[ 29.766206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.771753] ? retint_user+0x18/0x18
[ 29.775526] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.780366] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 29.785603] RIP: 0033:0x4400f9
[ 29.788825] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 29.808562] RSP: 002b:00007ffc22d55078 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[ 29.816274] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00