[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.464705] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.169156] random: sshd: uninitialized urandom read (32 bytes read) [ 28.603665] random: sshd: uninitialized urandom read (32 bytes read) [ 29.139670] random: sshd: uninitialized urandom read (32 bytes read) [ 29.314796] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. [ 34.864666] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.960213] netlink: 'syz-executor783': attribute type 8 has an invalid length. [ 34.968219] [ 34.969856] ============================================ [ 34.975283] WARNING: possible recursive locking detected [ 34.980710] 4.18.0-next-20180815+ #40 Not tainted [ 34.985527] -------------------------------------------- [ 34.990952] syz-executor783/4471 is trying to acquire lock: [ 34.996639] 000000008f9fad64 (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 35.007468] [ 35.007468] but task is already holding lock: [ 35.013417] 00000000c99f874c (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 35.022942] [ 35.022942] other info that might help us debug this: [ 35.029585] Possible unsafe locking scenario: [ 35.029585] [ 35.035620] CPU0 [ 35.038178] ---- [ 35.040739] lock(&(&tlocks[i])->rlock); [ 35.044865] lock(&(&tlocks[i])->rlock); [ 35.048995] [ 35.048995] *** DEADLOCK *** [ 35.048995] [ 35.055032] May be due to missing lock nesting notation [ 35.055032] [ 35.061941] 3 locks held by syz-executor783/4471: [ 35.066758] #0: 000000008adb59b2 (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 35.073682] #1: 00000000c99f874c (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 35.083640] #2: 0000000016384f5a (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 35.094317] [ 35.094317] stack backtrace: [ 35.098800] CPU: 1 PID: 4471 Comm: syz-executor783 Not tainted 4.18.0-next-20180815+ #40 [ 35.107024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.116359] Call Trace: [ 35.118935] dump_stack+0x1c9/0x2b4 [ 35.122549] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.127723] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 35.133071] ? vprintk_func+0x81/0x117 [ 35.136943] __lock_acquire.cold.62+0x1fb/0x486 [ 35.141604] ? __lock_acquire+0x7fc/0x5020 [ 35.145821] ? mark_held_locks+0x160/0x160 [ 35.150037] ? mark_held_locks+0x160/0x160 [ 35.154253] ? __lock_acquire+0x7fc/0x5020 [ 35.158471] ? rcu_is_watching+0x8c/0x150 [ 35.162611] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.167277] ? mark_held_locks+0x160/0x160 [ 35.171496] ? __kernel_text_address+0xd/0x40 [ 35.175976] ? unwind_get_return_address+0x61/0xa0 [ 35.180890] ? __save_stack_trace+0x8d/0xf0 [ 35.185196] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.190195] ? save_trace+0x290/0x290 [ 35.193982] ? save_stack_trace+0x1a/0x20 [ 35.198112] ? save_trace+0xe0/0x290 [ 35.201809] ? kasan_check_read+0x11/0x20 [ 35.205941] ? __lock_acquire+0x28d9/0x5020 [ 35.210249] lock_acquire+0x1e4/0x4f0 [ 35.214036] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 35.220688] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 35.227356] ? lock_release+0x9f0/0x9f0 [ 35.231327] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 35.236503] _raw_spin_lock_bh+0x31/0x40 [ 35.240583] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 35.247243] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 35.253721] ? kasan_check_read+0x11/0x20 [ 35.257856] ? rcu_is_watching+0x8c/0x150 [ 35.261988] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.266669] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60 [ 35.273412] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60 [ 35.280073] ? parse_nl_config.isra.13+0x550/0x550 [ 35.285008] ? lock_acquire+0x1e4/0x4f0 [ 35.288968] ? lock_release+0x9f0/0x9f0 [ 35.292932] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.298478] ? ila_init_saved_csum+0x9b/0x330 [ 35.302957] ? kasan_check_write+0x14/0x20 [ 35.307174] ? do_raw_spin_lock+0xc1/0x200 [ 35.311400] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0 [ 35.316601] ? wake_up_klogd+0x110/0x110 [ 35.320650] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30 [ 35.326777] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.331371] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.335688] ? kasan_check_read+0x11/0x20 [ 35.339819] ? ___ratelimit+0x36f/0x655 [ 35.343780] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.348886] ? do_raw_spin_lock+0x200/0x200 [ 35.353194] ? vprintk_default+0x28/0x30 [ 35.357236] ? vprintk_func+0x81/0x117 [ 35.361124] ? printk+0xa7/0xcf [ 35.364395] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.369170] ? __kmalloc+0x272/0x720 [ 35.372868] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 35.378044] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 35.383045] ? validate_nla+0x2d9/0x7b0 [ 35.387028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.392548] ? nla_parse+0x32b/0x4e0 [ 35.396245] ? __netlink_ns_capable+0x100/0x130 [ 35.400896] genl_family_rcv_msg+0x8a3/0x1140 [ 35.405387] ? genl_unregister_family+0x8b0/0x8b0 [ 35.410224] ? lock_downgrade+0x8f0/0x8f0 [ 35.414355] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 35.419367] ? kasan_check_read+0x11/0x20 [ 35.423511] ? lock_acquire+0x1e4/0x4f0 [ 35.427487] ? genl_rcv+0x19/0x40 [ 35.430928] ? radix_tree_lookup+0x21/0x30 [ 35.435145] genl_rcv_msg+0xc6/0x168 [ 35.438843] netlink_rcv_skb+0x172/0x440 [ 35.442886] ? genl_family_rcv_msg+0x1140/0x1140 [ 35.447628] ? netlink_ack+0xbe0/0xbe0 [ 35.451520] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.456175] genl_rcv+0x28/0x40 [ 35.459448] netlink_unicast+0x5a0/0x760 [ 35.463492] ? netlink_attachskb+0x9a0/0x9a0 [ 35.467885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.473410] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 35.478424] netlink_sendmsg+0xa18/0xfc0 [ 35.482472] ? netlink_unicast+0x760/0x760 [ 35.486692] ? move_addr_to_kernel.part.18+0x100/0x100 [ 35.491955] ? security_socket_sendmsg+0x94/0xc0 [ 35.496697] ? netlink_unicast+0x760/0x760 [ 35.500917] sock_sendmsg+0xd5/0x120 [ 35.504640] ___sys_sendmsg+0x7fd/0x930 [ 35.508621] ? copy_msghdr_from_user+0x580/0x580 [ 35.513366] ? graph_lock+0x170/0x170 [ 35.517165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.522686] ? __fget_light+0x2f7/0x440 [ 35.526641] ? fget_raw+0x20/0x20 [ 35.530080] ? __do_page_fault+0x620/0xe50 [ 35.534301] ? lock_downgrade+0x8f0/0x8f0 [ 35.538443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.543966] ? sockfd_lookup_light+0xc5/0x160 [ 35.548449] __sys_sendmsg+0x11d/0x290 [ 35.552324] ? __ia32_sys_shutdown+0x80/0x80 [ 35.556722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.562266] ? __do_page_fault+0x449/0xe50 [ 35.566486] ? do_syscall_64+0x9a/0x820 [ 35.570448] ? do_syscall_64+0x9a/0x820 [ 35.574412] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.579507] __x64_sys_sendmsg+0x78/0xb0 [ 35.583554] do_syscall_64+0x1b9/0x820 [ 35.587435] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.592784] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.597695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.602522] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.607523] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.612523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.618066] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.623068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.627896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.633068] RIP: 0033:0x4400e9 [ 35.636243] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.655148] RSP: 002b:00007ffe6782a1f8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 35.6