[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.634173] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.918973] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 23.310425] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 24.298289] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. executing program [ 30.362463] IPVS: Creating netns size=2552 id=1 executing program executing program [ 30.402020] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.402215] IPVS: stopping backup sync thread 3842 ... [ 30.421527] IPVS: stopping backup sync thread 3846 ... [ 30.425294] IPVS: Creating netns size=2552 id=2 [ 30.430960] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program [ 30.458008] IPVS: stopping backup sync thread 3849 ... [ 30.463606] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.476429] IPVS: stopping backup sync thread 3856 ... [ 30.479131] IPVS: stopping backup sync thread 3859 ... [ 30.485089] IPVS: stopping backup sync thread 3862 ... [ 30.486564] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.495995] IPVS: Creating netns size=2552 id=3 executing program executing program executing program executing program executing program [ 30.513932] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.522415] IPVS: stopping backup sync thread 3865 ... [ 30.530099] IPVS: stopping backup sync thread 3868 ... [ 30.546524] IPVS: stopping backup sync thread 3874 ... [ 30.554054] IPVS: stopping backup sync thread 3877 ... [ 30.558166] IPVS: stopping backup sync thread 3881 ... [ 30.565488] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.567015] IPVS: stopping backup sync thread 3885 ... [ 30.573672] IPVS: stopping backup sync thread 3888 ... [ 30.578769] IPVS: stopping backup sync thread 3891 ... [ 30.585258] IPVS: stopping backup sync thread 3895 ... [ 30.587223] IPVS: stopping backup sync thread 3896 ... [ 30.596884] IPVS: stopping backup sync thread 3901 ... [ 30.601341] IPVS: stopping backup sync thread 3902 ... executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 30.607471] IPVS: stopping backup sync thread 3907 ... [ 30.613712] IPVS: stopping backup sync thread 3908 ... [ 30.619219] IPVS: stopping backup sync thread 3912 ... [ 30.624333] IPVS: stopping backup sync thread 3915 ... [ 30.629730] IPVS: stopping backup sync thread 3918 ... [ 30.636429] IPVS: stopping backup sync thread 3920 ... [ 30.644499] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.647391] IPVS: Creating netns size=2552 id=4 [ 30.656455] IPVS: stopping backup sync thread 3926 ... executing program executing program [ 30.669787] IPVS: stopping backup sync thread 3925 ... [ 30.680002] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.681551] IPVS: stopping backup sync thread 3932 ... [ 30.693839] IPVS: stopping backup sync thread 3931 ... [ 30.705626] IPVS: stopping backup sync thread 3937 ... [ 30.713606] IPVS: stopping backup sync thread 3942 ... executing program executing program executing program [ 30.716169] IPVS: Creating netns size=2552 id=5 [ 30.731898] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.745072] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.745512] IPVS: stopping backup sync thread 3949 ... [ 30.745634] IPVS: stopping backup sync thread 3950 ... executing program executing program executing program executing program executing program [ 30.754670] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.772900] IPVS: stopping backup sync thread 3951 ... [ 30.782923] IPVS: stopping backup sync thread 3957 ... [ 30.795183] IPVS: stopping backup sync thread 3962 ... [ 30.799586] IPVS: Creating netns size=2552 id=6 [ 30.805248] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program executing program [ 30.818838] IPVS: stopping backup sync thread 3968 ... [ 30.823602] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.823935] IPVS: stopping backup sync thread 3972 ... [ 30.833030] IPVS: stopping backup sync thread 3973 ... [ 30.845146] IPVS: stopping backup sync thread 3969 ... [ 30.858730] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program [ 30.882054] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.882200] IPVS: stopping backup sync thread 3984 ... [ 30.883950] IPVS: stopping backup sync thread 3987 ... [ 30.895641] IPVS: stopping backup sync thread 3988 ... [ 30.899029] IPVS: stopping backup sync thread 3989 ... executing program [ 30.929267] IPVS: stopping backup sync thread 4002 ... [ 30.934793] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 30.948912] IPVS: stopping backup sync thread 4005 ... [ 30.964798] IPVS: Creating netns size=2552 id=7 [ 30.970538] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program executing program executing program executing program [ 30.972232] IPVS: stopping backup sync thread 4006 ... [ 30.972534] IPVS: stopping backup sync thread 4011 ... [ 30.985239] IPVS: stopping backup sync thread 4014 ... [ 30.991190] IPVS: stopping backup sync thread 4018 ... [ 31.001997] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.026717] IPVS: stopping backup sync thread 4030 ... executing program executing program executing program executing program executing program executing program [ 31.026974] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.027552] IPVS: stopping backup sync thread 4031 ... [ 31.030416] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.034423] IPVS: stopping backup sync thread 4020 ... [ 31.034626] IPVS: stopping backup sync thread 4033 ... [ 31.045687] IPVS: stopping backup sync thread 4039 ... [ 31.053251] IPVS: stopping backup sync thread 4043 ... [ 31.063769] IPVS: stopping backup sync thread 4048 ... executing program executing program executing program executing program executing program executing program executing program [ 31.077782] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.078299] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.091946] IPVS: stopping backup sync thread 4054 ... [ 31.102988] IPVS: stopping backup sync thread 4032 ... [ 31.109358] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.111254] IPVS: stopping backup sync thread 4052 ... [ 31.111283] IPVS: stopping backup sync thread 4062 ... executing program executing program executing program executing program executing program [ 31.111343] IPVS: stopping backup sync thread 4053 ... [ 31.111856] IPVS: stopping backup sync thread 4063 ... [ 31.117421] IPVS: stopping backup sync thread 4066 ... [ 31.128761] IPVS: stopping backup sync thread 4071 ... [ 31.141786] IPVS: stopping backup sync thread 4073 ... [ 31.155658] IPVS: stopping backup sync thread 4077 ... [ 31.167253] IPVS: stopping backup sync thread 4081 ... [ 31.171194] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program executing program executing program executing program executing program [ 31.181637] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.186268] IPVS: stopping backup sync thread 4089 ... [ 31.192806] IPVS: stopping backup sync thread 4093 ... [ 31.198766] IPVS: stopping backup sync thread 4096 ... [ 31.204625] IPVS: stopping backup sync thread 4099 ... [ 31.210731] IPVS: stopping backup sync thread 4102 ... [ 31.225066] IPVS: Creating netns size=2552 id=8 executing program executing program executing program executing program executing program executing program [ 31.227495] IPVS: stopping backup sync thread 4105 ... [ 31.229295] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 31.229352] IPVS: stopping backup sync thread 4109 ... [ 31.235049] IPVS: stopping backup sync thread 4112 ... [ 31.241879] IPVS: stopping backup sync thread 4115 ... [ 31.253016] IPVS: stopping backup sync thread 4121 ... [ 31.261965] IPVS: stopping backup sync thread 4124 ... [ 31.267614] IPVS: stopping backup sync thread 4127 ... [ 31.269744] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program executing program executing program executing program [ 31.276693] IPVS: stopping backup sync thread 4128 ... [ 31.282872] IPVS: stopping backup sync thread 4135 ... [ 31.291704] IPVS: stopping backup sync thread 4139 ... [ 31.298971] IPVS: stopping backup sync thread 4143 ... [ 31.301120] [ 31.301123] ============================================= [ 31.301124] [ INFO: possible recursive locking detected ] [ 31.301128] 4.4.130-g12ef385 #28 Not tainted [ 31.301130] --------------------------------------------- [ 31.301133] syz-executor247/4106 is trying to acquire lock: [ 31.301151] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 31.301153] [ 31.301153] but task is already holding lock: [ 31.301163] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 31.301165] [ 31.301165] other info that might help us debug this: [ 31.301166] Possible unsafe locking scenario: [ 31.301166] [ 31.301167] CPU0 [ 31.301169] ---- [ 31.301172] lock(rtnl_mutex); [ 31.301175] lock(rtnl_mutex); [ 31.301177] [ 31.301177] *** DEADLOCK *** [ 31.301177] [ 31.301178] May be due to missing lock nesting notation [ 31.301178] [ 31.301182] 2 locks held by syz-executor247/4106: [ 31.301193] #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 31.301208] #1: (ipvs->sync_mutex){+.+.+.}, at: [] do_ip_vs_set_ctl+0x8e0/0xb70 [ 31.301209] [ 31.301209] stack backtrace: [ 31.301215] CPU: 0 PID: 4106 Comm: syz-executor247 Not tainted 4.4.130-g12ef385 #28 [ 31.301219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.301227] 0000000000000000 41f0fa838d34da70 ffff8801d416f500 ffffffff81e0dc6d [ 31.301235] ffffffff8539cfa0 ffffffff8539cfa0 ffffffff8539cfa0 ffff8801c8fb2100 [ 31.301243] 00000002d873c0b6 ffff8801d416f6a8 ffffffff8140fb01 ffffffff85745d00 [ 31.301244] Call Trace: [ 31.301252] [] dump_stack+0xc1/0x124 [ 31.301262] [] __lock_acquire.cold.58+0x154/0x58a [ 31.301272] [] ? add_lock_to_list.isra.27.constprop.41+0x140/0x1c0 [ 31.301280] [] ? debug_check_no_locks_freed+0x210/0x210 [ 31.301288] [] ? debug_check_no_locks_freed+0x210/0x210 [ 31.301295] [] ? __lock_is_held+0xa2/0xf0 [ 31.301302] [] lock_acquire+0x15e/0x450 [ 31.301308] [] ? rtnl_lock+0x17/0x20 [ 31.301314] [] ? rtnl_lock+0x17/0x20 [ 31.301322] [] mutex_lock_nested+0xbb/0x850 [ 31.301328] [] ? rtnl_lock+0x17/0x20 [ 31.301336] [] ? qtaguid_untag+0x41f/0x620 [ 31.301342] [] ? mutex_lock_killable_nested+0x980/0x980 [ 31.301349] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 31.301355] [] ? qtaguid_untag+0x323/0x620 [ 31.301362] [] ? __lock_is_held+0xa2/0xf0 [ 31.301372] [] rtnl_lock+0x17/0x20 [ 31.301380] [] ip_mc_drop_socket+0x8c/0x230 [ 31.301387] [] inet_release+0x5b/0x1d0 [ 31.301394] [] sock_release+0x96/0x1c0 [ 31.301401] [] start_sync_thread+0xa18/0x1ed0 [ 31.301408] [] ? finish_task_switch+0x27c/0x4e0 [ 31.301415] [] ? finish_task_switch+0x1bb/0x4e0 [ 31.301423] [] ? ip_vs_proc_sync_conn+0x827/0x827 [ 31.301430] [] ? ip_vs_sync_conn+0x27b0/0x27b0 [ 31.301437] [] ? mark_held_locks+0xc7/0x130 [ 31.301443] [] ? mutex_lock_nested+0x54e/0x850 [ 31.301450] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 31.301456] [] ? mutex_lock_nested+0x574/0x850 [ 31.301462] [] ? do_ip_vs_set_ctl+0x8e0/0xb70 [ 31.301469] [] ? mutex_lock_killable_nested+0x980/0x980 [ 31.301476] [] ? memcpy+0x45/0x50 [ 31.301482] [] do_ip_vs_set_ctl+0x8f2/0xb70 [ 31.301489] [] ? ip_vs_genl_set_cmd+0x970/0x970 [ 31.301496] [] ? mark_held_locks+0xc7/0x130 [ 31.301502] [] ? mutex_lock_nested+0x54e/0x850 [ 31.301509] [] ? __mutex_unlock_slowpath+0x209/0x3b0 [ 31.301515] [] ? __ww_mutex_lock+0x14c0/0x14c0 [ 31.301523] [] ? sock_has_perm+0x29f/0x400 [ 31.301530] [] ? sock_has_perm+0x9f/0x400 [ 31.301536] [] ? mutex_unlock+0x9/0x10 [ 31.301543] [] ? nf_sockopt_find.constprop.0+0x1b1/0x230 [ 31.301549] [] nf_setsockopt+0x6d/0xc0 [ 31.301555] [] ip_setsockopt+0x9a/0xb0 [ 31.301561] [] udp_setsockopt+0x4a/0x90 [ 31.301569] [] sock_common_setsockopt+0x9a/0xe0 [ 31.301576] [] SyS_setsockopt+0x166/0x260 [ 31.301583] [] ? vmacache_update+0xfe/0x130 [ 31.301589] [] ? SyS_recv+0x40/0x40 [ 31.301596] [] ? retint_user+0x18/0x3c [ 31.301603] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 31.301610] [] entry_SYSCALL_64_fastpath+0x22/0x9e