[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.448347] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.180898] random: sshd: uninitialized urandom read (32 bytes read) [ 27.595346] random: sshd: uninitialized urandom read (32 bytes read) [ 28.118060] random: sshd: uninitialized urandom read (32 bytes read) [ 28.294656] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. [ 33.854439] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.964424] [ 33.966210] ============================================ [ 33.971638] WARNING: possible recursive locking detected [ 33.977064] 4.18.0-next-20180815+ #40 Not tainted [ 33.981880] -------------------------------------------- [ 33.987310] syz-executor083/4509 is trying to acquire lock: [ 33.992997] 0000000072563105 (&(&tlocks[i])->rlock){+.+.}, at: rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.003848] [ 34.003848] but task is already holding lock: [ 34.009797] 000000000bb06c9e (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 34.019317] [ 34.019317] other info that might help us debug this: [ 34.026026] Possible unsafe locking scenario: [ 34.026026] [ 34.032090] CPU0 [ 34.034649] ---- [ 34.037209] lock(&(&tlocks[i])->rlock); [ 34.041333] lock(&(&tlocks[i])->rlock); [ 34.045457] [ 34.045457] *** DEADLOCK *** [ 34.045457] [ 34.051496] May be due to missing lock nesting notation [ 34.051496] [ 34.058413] 3 locks held by syz-executor083/4509: [ 34.063229] #0: 00000000cdae644c (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 34.070152] #1: 000000000bb06c9e (&(&tlocks[i])->rlock){+.+.}, at: ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 34.080157] #2: 0000000035d353af (rcu_read_lock){....}, at: rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 34.090819] [ 34.090819] stack backtrace: [ 34.095299] CPU: 1 PID: 4509 Comm: syz-executor083 Not tainted 4.18.0-next-20180815+ #40 [ 34.103515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.112846] Call Trace: [ 34.115416] dump_stack+0x1c9/0x2b4 [ 34.119037] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.124213] ? ila_xlat_nl_cmd_add_mapping+0x6bb/0x17e0 [ 34.129560] ? vprintk_func+0x81/0x117 [ 34.133430] __lock_acquire.cold.62+0x1fb/0x486 [ 34.138081] ? __lock_acquire+0x7fc/0x5020 [ 34.142298] ? mark_held_locks+0x160/0x160 [ 34.146511] ? mark_held_locks+0x160/0x160 [ 34.150793] ? __lock_acquire+0x7fc/0x5020 [ 34.155025] ? rcu_is_watching+0x8c/0x150 [ 34.159189] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.163839] ? mark_held_locks+0x160/0x160 [ 34.168071] ? __kernel_text_address+0xd/0x40 [ 34.172671] ? unwind_get_return_address+0x61/0xa0 [ 34.177588] ? __save_stack_trace+0x8d/0xf0 [ 34.181895] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.186896] ? save_trace+0x290/0x290 [ 34.190677] ? save_stack_trace+0x1a/0x20 [ 34.194806] ? save_trace+0xe0/0x290 [ 34.198503] ? kasan_check_read+0x11/0x20 [ 34.202631] ? __lock_acquire+0x28d9/0x5020 [ 34.206943] lock_acquire+0x1e4/0x4f0 [ 34.210790] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.217444] ? rhashtable_lookup_insert_fast.constprop.26+0x1d7/0x13a0 [ 34.224097] ? lock_release+0x9f0/0x9f0 [ 34.228070] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 34.233267] _raw_spin_lock_bh+0x31/0x40 [ 34.237336] ? rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.243987] rhashtable_lookup_insert_fast.constprop.26+0x436/0x13a0 [ 34.250468] ? kasan_check_read+0x11/0x20 [ 34.254609] ? rcu_is_watching+0x8c/0x150 [ 34.258737] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.263390] ? rhashtable_replace_fast.isra.20.constprop.24+0xb60/0xb60 [ 34.270128] ? rhashtable_lookup_fast.isra.18.constprop.30+0x5a3/0xa60 [ 34.276777] ? parse_nl_config.isra.13+0x550/0x550 [ 34.281689] ? lock_acquire+0x1e4/0x4f0 [ 34.285644] ? lock_release+0x9f0/0x9f0 [ 34.289615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.295134] ? ila_init_saved_csum+0x9b/0x330 [ 34.299612] ? kasan_check_write+0x14/0x20 [ 34.303827] ? do_raw_spin_lock+0xc1/0x200 [ 34.308055] ila_xlat_nl_cmd_add_mapping+0xafe/0x17e0 [ 34.313239] ? depot_save_stack+0x291/0x470 [ 34.317570] ? __rhashtable_remove_fast.constprop.25+0xe30/0xe30 [ 34.323699] ? __kmalloc+0x14e/0x720 [ 34.327394] ? genl_rcv_msg+0xc6/0x168 [ 34.331263] ? netlink_rcv_skb+0x172/0x440 [ 34.335474] ? genl_rcv+0x28/0x40 [ 34.338906] ? netlink_unicast+0x5a0/0x760 [ 34.343130] ? netlink_sendmsg+0xa18/0xfc0 [ 34.347407] ? sock_sendmsg+0xd5/0x120 [ 34.351278] ? ___sys_sendmsg+0x7fd/0x930 [ 34.355405] ? __sys_sendmsg+0x11d/0x290 [ 34.359446] ? __x64_sys_sendmsg+0x78/0xb0 [ 34.363660] ? do_syscall_64+0x1b9/0x820 [ 34.367703] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.373064] ? find_held_lock+0x36/0x1c0 [ 34.377116] ? graph_lock+0x170/0x170 [ 34.380897] ? mark_held_locks+0xc9/0x160 [ 34.385037] ? __kmalloc+0x272/0x720 [ 34.388741] ? __lock_is_held+0xb5/0x140 [ 34.392783] ? memset+0x31/0x40 [ 34.396062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.401583] ? nla_parse+0x32b/0x4e0 [ 34.405277] ? __netlink_ns_capable+0x100/0x130 [ 34.409936] genl_family_rcv_msg+0x8a3/0x1140 [ 34.414418] ? genl_unregister_family+0x8b0/0x8b0 [ 34.419240] ? lock_downgrade+0x8f0/0x8f0 [ 34.423368] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.428364] ? kasan_check_read+0x11/0x20 [ 34.432556] ? lock_acquire+0x1e4/0x4f0 [ 34.436518] ? genl_rcv+0x19/0x40 [ 34.439966] ? radix_tree_lookup+0x21/0x30 [ 34.444182] genl_rcv_msg+0xc6/0x168 [ 34.447877] netlink_rcv_skb+0x172/0x440 [ 34.451928] ? genl_family_rcv_msg+0x1140/0x1140 [ 34.456667] ? netlink_ack+0xbe0/0xbe0 [ 34.460537] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.465188] genl_rcv+0x28/0x40 [ 34.468496] netlink_unicast+0x5a0/0x760 [ 34.472550] ? netlink_attachskb+0x9a0/0x9a0 [ 34.476962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.482502] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.487512] netlink_sendmsg+0xa18/0xfc0 [ 34.491557] ? netlink_unicast+0x760/0x760 [ 34.495799] ? move_addr_to_kernel.part.18+0x100/0x100 [ 34.501065] ? security_socket_sendmsg+0x94/0xc0 [ 34.505801] ? netlink_unicast+0x760/0x760 [ 34.510038] sock_sendmsg+0xd5/0x120 [ 34.513741] ___sys_sendmsg+0x7fd/0x930 [ 34.517701] ? copy_msghdr_from_user+0x580/0x580 [ 34.522442] ? graph_lock+0x170/0x170 [ 34.526227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.531746] ? __fget_light+0x2f7/0x440 [ 34.535702] ? fget_raw+0x20/0x20 [ 34.539141] ? __do_page_fault+0x620/0xe50 [ 34.543357] ? lock_downgrade+0x8f0/0x8f0 [ 34.547503] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.553029] ? sockfd_lookup_light+0xc5/0x160 [ 34.557513] __sys_sendmsg+0x11d/0x290 [ 34.561381] ? __ia32_sys_shutdown+0x80/0x80 [ 34.565769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.571285] ? __do_page_fault+0x449/0xe50 [ 34.575501] ? do_syscall_64+0x9a/0x820 [ 34.579455] ? do_syscall_64+0x9a/0x820 [ 34.583410] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.588560] __x64_sys_sendmsg+0x78/0xb0 [ 34.592611] do_syscall_64+0x1b9/0x820 [ 34.596495] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.601839] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.606774] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.611599] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.616596] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.621593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.627114] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.632110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.636947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.642117] RIP: 0033:0x4400c9 [ 34.645355] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.664284] RSP: 002b:00007ffeb5b53