[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.228807] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.806080] random: sshd: uninitialized urandom read (32 bytes read) [ 26.035688] random: sshd: uninitialized urandom read (32 bytes read) [ 26.590629] random: sshd: uninitialized urandom read (32 bytes read) [ 32.329109] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 37.743595] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.817544] [ 37.819188] ====================================================== [ 37.825472] [ INFO: possible circular locking dependency detected ] [ 37.831844] 4.9.103-g7fd4075 #36 Not tainted [ 37.836218] ------------------------------------------------------- [ 37.842588] syz-executor327/3807 is trying to acquire lock: [ 37.848264] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 37.856037] but task is already holding lock: [ 37.860672] (sk_lock-AF_INET){+.+.+.}, at: [] do_ip_setsockopt.isra.13+0x269/0x2b10 [ 37.870444] which lock already depends on the new lock. [ 37.870444] [ 37.877425] [ 37.877425] the existing dependency chain (in reverse order) is: [ 37.885017] -> #1 (sk_lock-AF_INET){+.+.+.}: [ 37.890044] lock_acquire+0x130/0x3e0 [ 37.894334] lock_sock_nested+0xc6/0x120 [ 37.898882] do_ip_getsockopt+0x167/0x1600 [ 37.903607] ip_getsockopt+0x91/0x180 [ 37.907897] tcp_getsockopt+0x88/0xe0 [ 37.912186] sock_common_getsockopt+0x9a/0xe0 [ 37.917171] SyS_getsockopt+0x150/0x240 [ 37.921635] do_syscall_64+0x1a6/0x490 [ 37.926016] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 37.931606] -> #0 (rtnl_mutex){+.+.+.}: [ 37.936198] __lock_acquire+0x3019/0x4070 [ 37.940837] lock_acquire+0x130/0x3e0 [ 37.945130] mutex_lock_nested+0xc0/0x870 [ 37.949769] rtnl_lock+0x17/0x20 [ 37.953626] mrtsock_destruct+0x3b/0x1e0 [ 37.958177] ip_ra_control+0x2c2/0x420 [ 37.962555] do_ip_setsockopt.isra.13+0x15ff/0x2b10 [ 37.968058] ip_setsockopt+0x3a/0xb0 [ 37.972263] raw_setsockopt+0xb7/0xd0 [ 37.976555] sock_common_setsockopt+0x9a/0xe0 [ 37.981539] SyS_setsockopt+0x166/0x260 [ 37.986005] do_syscall_64+0x1a6/0x490 [ 37.990381] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 37.995975] [ 37.995975] other info that might help us debug this: [ 37.995975] [ 38.004084] Possible unsafe locking scenario: [ 38.004084] [ 38.010110] CPU0 CPU1 [ 38.014744] ---- ---- [ 38.019379] lock(sk_lock-AF_INET); [ 38.023294] lock(rtnl_mutex); [ 38.029292] lock(sk_lock-AF_INET); [ 38.035726] lock(rtnl_mutex); [ 38.039208] [ 38.039208] *** DEADLOCK *** [ 38.039208] [ 38.045235] 1 lock held by syz-executor327/3807: [ 38.049956] #0: (sk_lock-AF_INET){+.+.+.}, at: [] do_ip_setsockopt.isra.13+0x269/0x2b10 [ 38.060278] [ 38.060278] stack backtrace: [ 38.064745] CPU: 1 PID: 3807 Comm: syz-executor327 Not tainted 4.9.103-g7fd4075 #36 [ 38.072507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.081829] ffff8801d93c75f8 ffffffff81eb34a9 ffffffff8559cf30 ffffffff855e7840 [ 38.089803] ffffffff8559cf30 ffff8801b7e1d0e8 ffff8801b7e1c800 ffff8801d93c7640 [ 38.097776] ffffffff8142642d 0000000000000001 00000000b7e1c800 0000000000000001 [ 38.105746] Call Trace: [ 38.108301] [] dump_stack+0xc1/0x128 [ 38.113635] [] print_circular_bug.cold.51+0x1bd/0x27d [ 38.120442] [] __lock_acquire+0x3019/0x4070 [ 38.126383] [] ? debug_check_no_locks_freed+0x210/0x210 [ 38.133366] [] ? add_lock_to_list.isra.27.constprop.41+0x140/0x1c0 [ 38.141302] [] ? __lock_is_held+0xa2/0xf0 [ 38.147067] [] lock_acquire+0x130/0x3e0 [ 38.152659] [] ? rtnl_lock+0x17/0x20 [ 38.157995] [] ? rtnl_lock+0x17/0x20 [ 38.163336] [] mutex_lock_nested+0xc0/0x870 [ 38.169279] [] ? rtnl_lock+0x17/0x20 [ 38.174611] [] ? mutex_trylock+0x3e0/0x3e0 [ 38.180466] [] ? mark_held_locks+0xc7/0x130 [ 38.186407] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 38.192694] [] rtnl_lock+0x17/0x20 [ 38.197853] [] mrtsock_destruct+0x3b/0x1e0 [ 38.203708] [] ? mroute_clean_tables+0x500/0x500 [ 38.210082] [] ip_ra_control+0x2c2/0x420 [ 38.215762] [] do_ip_setsockopt.isra.13+0x15ff/0x2b10 [ 38.222569] [] ? ip_ra_control+0x420/0x420 [ 38.228434] [] ? get_empty_filp+0x8f/0x380 [ 38.234294] [] ? alloc_file+0x20/0x350 [ 38.239802] [] ? sock_alloc_file+0x151/0x330 [ 38.245830] [] ? sock_map_fd+0x34/0x70 [ 38.251335] [] ? SyS_socket+0x10f/0x1b0 [ 38.256927] [] ? do_syscall_64+0x1a6/0x490 [ 38.262782] [] ? entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 38.269849] [] ? debug_check_no_locks_freed+0x210/0x210 [ 38.276831] [] ? debug_check_no_locks_freed+0x210/0x210 [ 38.283814] [] ? check_preemption_disabled+0x3b/0x170 [ 38.290623] [] ? sock_has_perm+0x1c2/0x3e0 [ 38.296478] [] ? sock_has_perm+0x292/0x3e0 [ 38.302329] [] ? sock_has_perm+0x9f/0x3e0 [ 38.308095] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 38.315166] [] ? selinux_netlbl_socket_setsockopt+0x8c/0x340 [ 38.322581] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 38.329650] [] ip_setsockopt+0x3a/0xb0 [ 38.335156] [] raw_setsockopt+0xb7/0xd0 [ 38.340748] [] sock_common_setsockopt+0x9a/0xe0 [ 38.347034] [] SyS_setsockopt+0x166/0x260 [ 38.352801] [] ? SyS_recv+0x40/0x40 [ 38.358045] [] ? __do_page_fault+0x183/0xd50 [ 38.364081] [] ? move_addr_to_kernel+0x50/0x50