[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.948881] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.476939] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available) [ 27.934362] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available) [ 28.988636] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. executing program [ 34.841169] IPVS: Creating netns size=2552 id=1 executing program executing program [ 34.880812] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 34.881169] IPVS: stopping backup sync thread 3870 ... [ 34.900875] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 34.904226] IPVS: Creating netns size=2552 id=2 [ 34.915255] IPVS: stopping backup sync thread 3874 ... executing program executing program executing program executing program [ 34.929088] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 34.937841] IPVS: stopping backup sync thread 3877 ... [ 34.951133] IPVS: stopping backup sync thread 3880 ... [ 34.956679] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 34.969357] IPVS: stopping backup sync thread 3887 ... executing program executing program executing program executing program executing program executing program executing program [ 34.974735] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 34.975172] IPVS: stopping backup sync thread 3890 ... [ 34.981884] IPVS: stopping backup sync thread 3893 ... [ 34.990346] IPVS: stopping backup sync thread 3896 ... [ 34.997562] IPVS: stopping backup sync thread 3899 ... [ 35.004399] IPVS: stopping backup sync thread 3902 ... [ 35.014955] IPVS: Creating netns size=2552 id=3 [ 35.018186] IPVS: stopping backup sync thread 3906 ... [ 35.024972] IPVS: stopping backup sync thread 3909 ... executing program [ 35.032510] IPVS: stopping backup sync thread 3912 ... [ 35.038945] IPVS: stopping backup sync thread 3914 ... [ 35.040054] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.041793] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.068247] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program executing program executing program [ 35.084104] IPVS: stopping backup sync thread 3917 ... [ 35.093912] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.094460] IPVS: stopping backup sync thread 3926 ... [ 35.095795] IPVS: stopping backup sync thread 3927 ... [ 35.110870] IPVS: stopping backup sync thread 3931 ... [ 35.118121] IPVS: stopping backup sync thread 3934 ... executing program executing program executing program executing program executing program executing program [ 35.130275] IPVS: Creating netns size=2552 id=4 [ 35.132619] IPVS: stopping backup sync thread 3939 ... [ 35.139341] IPVS: stopping backup sync thread 3942 ... [ 35.145727] IPVS: stopping backup sync thread 3945 ... [ 35.155859] IPVS: stopping backup sync thread 3950 ... [ 35.162332] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.162581] IPVS: stopping backup sync thread 3952 ... [ 35.179421] IPVS: stopping backup sync thread 3954 ... executing program executing program executing program [ 35.183452] IPVS: stopping backup sync thread 3957 ... [ 35.190435] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.208894] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.209217] IPVS: stopping backup sync thread 3964 ... [ 35.210741] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program executing program executing program [ 35.211013] IPVS: stopping backup sync thread 3965 ... [ 35.220136] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.244763] IPVS: stopping backup sync thread 3966 ... [ 35.252803] IPVS: stopping backup sync thread 3975 ... [ 35.255752] IPVS: stopping backup sync thread 3976 ... [ 35.257759] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.263311] IPVS: stopping backup sync thread 3979 ... [ 35.274440] IPVS: Creating netns size=2552 id=5 executing program executing program [ 35.291432] IPVS: stopping backup sync thread 3986 ... [ 35.292396] IPVS: stopping backup sync thread 3987 ... [ 35.302729] IPVS: stopping backup sync thread 3991 ... [ 35.308211] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.311527] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.330324] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program executing program executing program [ 35.330392] IPVS: stopping backup sync thread 3994 ... [ 35.335371] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.349661] IPVS: stopping backup sync thread 3999 ... [ 35.358410] IPVS: stopping backup sync thread 3995 ... [ 35.365209] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.369590] IPVS: Creating netns size=2552 id=6 [ 35.380012] IPVS: stopping backup sync thread 4006 ... executing program executing program executing program executing program executing program executing program executing program executing program [ 35.387353] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.396318] IPVS: stopping backup sync thread 4014 ... [ 35.405130] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.413708] IPVS: stopping backup sync thread 4007 ... [ 35.420641] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.422905] IPVS: stopping backup sync thread 4021 ... [ 35.425475] IPVS: stopping backup sync thread 4022 ... executing program executing program executing program [ 35.457329] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.458044] IPVS: stopping backup sync thread 4020 ... [ 35.458292] IPVS: stopping backup sync thread 4033 ... [ 35.462201] IPVS: stopping backup sync thread 4034 ... [ 35.464538] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.464618] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.464891] IPVS: stopping backup sync thread 4036 ... executing program executing program executing program executing program executing program executing program executing program executing program [ 35.471884] IPVS: stopping backup sync thread 4039 ... [ 35.483410] IPVS: stopping backup sync thread 4044 ... [ 35.500939] IPVS: stopping backup sync thread 4047 ... [ 35.517254] IPVS: stopping backup sync thread 4051 ... [ 35.523958] IPVS: stopping backup sync thread 4054 ... [ 35.531971] IPVS: stopping backup sync thread 4035 ... [ 35.534911] IPVS: stopping backup sync thread 4060 ... [ 35.540279] IPVS: stopping backup sync thread 4061 ... [ 35.547376] IPVS: Creating netns size=2552 id=7 executing program executing program executing program executing program executing program executing program [ 35.573680] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.578415] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.579415] IPVS: stopping backup sync thread 4073 ... [ 35.582490] IPVS: stopping backup sync thread 4074 ... [ 35.589216] IPVS: stopping backup sync thread 4077 ... [ 35.600487] IPVS: stopping backup sync thread 4082 ... [ 35.612052] IPVS: stopping backup sync thread 4070 ... [ 35.617893] IPVS: stopping backup sync thread 4071 ... executing program [ 35.623456] IPVS: stopping backup sync thread 4087 ... [ 35.629221] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.642974] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.651866] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.656039] IPVS: stopping backup sync thread 4090 ... [ 35.656333] IPVS: stopping backup sync thread 4092 ... executing program executing program executing program executing program executing program executing program executing program executing program [ 35.659191] IPVS: stopping backup sync thread 4098 ... [ 35.679643] IPVS: stopping backup sync thread 4099 ... [ 35.679679] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.684323] IPVS: stopping backup sync thread 4108 ... [ 35.690053] IPVS: stopping backup sync thread 4109 ... [ 35.701562] IPVS: stopping backup sync thread 4115 ... [ 35.707130] IPVS: stopping backup sync thread 4117 ... [ 35.712561] IPVS: stopping backup sync thread 4120 ... executing program executing program executing program executing program executing program [ 35.719734] IPVS: stopping backup sync thread 4123 ... [ 35.731904] IPVS: Creating netns size=2552 id=8 [ 35.739442] IPVS: stopping backup sync thread 4126 ... [ 35.745619] IPVS: stopping backup sync thread 4132 ... [ 35.751884] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 [ 35.762420] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 0, id = 0 executing program executing program [ 35.773811] [ 35.775455] ============================================= [ 35.776732] IPVS: stopping backup sync thread 4133 ... [ 35.782593] IPVS: stopping backup sync thread 4139 ... [ 35.791520] [ INFO: possible recursive locking detected ] [ 35.797048] 4.4.128-gbd23e3a #20 Not tainted [ 35.801429] --------------------------------------------- [ 35.806951] syz-executor885/4127 is trying to acquire lock: [ 35.812648] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 35.820565] [ 35.820565] but task is already holding lock: [ 35.826516] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 35.834434] [ 35.834434] other info that might help us debug this: [ 35.841073] Possible unsafe locking scenario: [ 35.841073] [ 35.847108] CPU0 [ 35.849663] ---- [ 35.852217] lock(rtnl_mutex); [ 35.855716] lock(rtnl_mutex); [ 35.859209] [ 35.859209] *** DEADLOCK *** [ 35.859209] [ 35.865242] May be due to missing lock nesting notation [ 35.865242] [ 35.872148] 2 locks held by syz-executor885/4127: [ 35.876963] #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 35.885477] #1: (ipvs->sync_mutex){+.+.+.}, at: [] do_ip_vs_set_ctl+0x8e0/0xb70 [ 35.895250] [ 35.895250] stack backtrace: [ 35.899723] CPU: 0 PID: 4127 Comm: syz-executor885 Not tainted 4.4.128-gbd23e3a #20 [ 35.907494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.916830] 0000000000000000 9751045aa9a44347 ffff8801c7f774f0 ffffffff81e0daad [ 35.924814] ffffffff8539cfa0 ffffffff8539cfa0 ffffffff8539cfa0 ffff8801d8840900 [ 35.932817] 00000002d873c0b6 ffff8801c7f77698 ffffffff8140faf1 ffffffff85746a00 [ 35.940795] Call Trace: [ 35.943359] [] dump_stack+0xc1/0x124 [ 35.948702] [] __lock_acquire.cold.58+0x154/0x58a [ 35.955172] [] ? add_lock_to_list.isra.27.constprop.41+0x140/0x1c0 [ 35.963136] [] ? debug_check_no_locks_freed+0x210/0x210 [ 35.970137] [] ? debug_check_no_locks_freed+0x210/0x210 [ 35.977136] [] ? __lock_is_held+0xa2/0xf0 [ 35.982925] [] lock_acquire+0x15e/0x450 [ 35.988532] [] ? rtnl_lock+0x17/0x20 [ 35.993887] [] ? rtnl_lock+0x17/0x20 [ 35.999231] [] mutex_lock_nested+0xbb/0x850 [ 36.005181] [] ? rtnl_lock+0x17/0x20 [ 36.010521] [] ? qtaguid_untag+0x41f/0x620 [ 36.016381] [] ? mutex_lock_killable_nested+0x980/0x980 [ 36.023375] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 36.029586] [] ? qtaguid_untag+0x323/0x620 [ 36.035462] [] ? __lock_is_held+0xa2/0xf0 [ 36.041239] [] rtnl_lock+0x17/0x20 [ 36.046405] [] ip_mc_drop_socket+0x8c/0x230 [ 36.052353] [] inet_release+0x5b/0x1d0 [ 36.057869] [] sock_release+0x96/0x1c0 [ 36.063387] [] start_sync_thread+0xa18/0x1ed0 [ 36.069513] [] ? finish_task_switch+0x1e7/0x4e0 [ 36.075806] [] ? finish_task_switch+0x1bb/0x4e0 [ 36.082112] [] ? ip_vs_proc_sync_conn+0x827/0x827 [ 36.088596] [] ? ip_vs_sync_conn+0x27b0/0x27b0 [ 36.094827] [] ? mark_held_locks+0xc7/0x130 [ 36.100784] [] ? mutex_lock_nested+0x54e/0x850 [ 36.106995] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.113816] [] ? mutex_lock_nested+0x574/0x850 [ 36.120028] [] ? do_ip_vs_set_ctl+0x8e0/0xb70 [ 36.126153] [] ? mutex_lock_killable_nested+0x980/0x980 [ 36.133142] [] ? memcpy+0x45/0x50 [ 36.138222] [] do_ip_vs_set_ctl+0x8f2/0xb70 [ 36.144169] [] ? ip_vs_genl_set_cmd+0x970/0x970 [ 36.150468] [] ? debug_check_no_locks_freed+0x210/0x210 [ 36.157459] [] ? mutex_lock_nested+0x54e/0x850 [ 36.163668] [] ? __mutex_unlock_slowpath+0x209/0x3b0 [ 36.170401] [] ? __ww_mutex_lock+0x14c0/0x14c0 [ 36.176612] [] ? sock_has_perm+0x29f/0x400 [ 36.182474] [] ? mutex_unlock+0x9/0x10 [ 36.188001] [] nf_setsockopt+0x6d/0xc0 [ 36.193519] [] ip_setsockopt+0x9a/0xb0 [ 36.199034] [] tcp_setsockopt+0x88/0xe0 [ 36.204635] [] sock_common_setsockopt+0x9a/0xe0 [ 36.210936] [] SyS_setsockopt+0x166/0x260 [ 36.216719] [] ? vmacache_update+0xfe/0x130 [ 36.222670] [] ? SyS_recv+0x40/0x40 [ 36.227924] [] ? retint_user+0x18/0x3c [ 36.233439] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 36.239997] [] entry_SYSCALL_64_fastpath+0x22/0x9e