[....] Starting enhanced syslogd: rsyslogd[ 16.200197] audit: type=1400 audit(1522178727.790:4): avc: denied { syslog } for pid=3649 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. 2018/03/27 19:25:38 parsed 1 programs 2018/03/27 19:25:38 executed programs: 0 syzkaller login: [ 26.610445] IPVS: Creating netns size=2536 id=1 [ 26.628282] audit: type=1400 audit(1522178738.220:5): avc: denied { associate } for pid=3806 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 26.655799] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.655970] IPVS: stopping backup sync thread 3813 ... [ 26.672849] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.687112] IPVS: stopping backup sync thread 3815 ... [ 26.695689] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.696575] IPVS: stopping backup sync thread 3819 ... [ 26.715077] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.716704] IPVS: stopping backup sync thread 3822 ... [ 26.732339] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.746232] IPVS: stopping backup sync thread 3824 ... [ 26.754717] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.755724] IPVS: stopping backup sync thread 3828 ... [ 26.774656] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.774742] IPVS: stopping backup sync thread 3831 ... [ 26.791721] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.792598] IPVS: stopping backup sync thread 3833 ... [ 26.812509] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.813757] IPVS: stopping backup sync thread 3837 ... [ 26.828313] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.842326] IPVS: stopping backup sync thread 3839 ... [ 26.850709] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.851576] IPVS: stopping backup sync thread 3843 ... [ 26.876268] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.876331] IPVS: stopping backup sync thread 3846 ... [ 26.892429] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.907760] IPVS: stopping backup sync thread 3848 ... [ 26.916254] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.917117] IPVS: stopping backup sync thread 3852 ... [ 26.936388] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.937964] IPVS: stopping backup sync thread 3855 ... [ 26.953556] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.967696] IPVS: stopping backup sync thread 3857 ... [ 26.976159] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.977028] IPVS: stopping backup sync thread 3861 ... [ 26.996258] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 26.997782] IPVS: stopping backup sync thread 3864 ... [ 27.013328] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.027163] IPVS: stopping backup sync thread 3866 ... [ 27.034612] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.035507] IPVS: stopping backup sync thread 3870 ... [ 27.053799] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.055279] IPVS: stopping backup sync thread 3873 ... [ 27.071072] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.085159] IPVS: stopping backup sync thread 3875 ... [ 27.093574] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.094412] IPVS: stopping backup sync thread 3879 ... [ 27.112974] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.113357] IPVS: stopping backup sync thread 3882 ... [ 27.130082] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.144520] IPVS: stopping backup sync thread 3884 ... [ 27.152888] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.167830] IPVS: stopping backup sync thread 3888 ... [ 27.175263] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.176169] IPVS: stopping backup sync thread 3892 ... [ 27.194706] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.195167] IPVS: stopping backup sync thread 3895 ... [ 27.210722] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.224760] IPVS: stopping backup sync thread 3897 ... [ 27.233214] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.234080] IPVS: stopping backup sync thread 3901 ... [ 27.252880] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.255254] IPVS: stopping backup sync thread 3904 ... [ 27.270189] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.284341] IPVS: stopping backup sync thread 3906 ... [ 27.292864] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.293742] IPVS: stopping backup sync thread 3910 ... [ 27.312411] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.312858] IPVS: stopping backup sync thread 3913 ... [ 27.329947] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.344106] IPVS: stopping backup sync thread 3915 ... [ 27.352642] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.353636] IPVS: stopping backup sync thread 3919 ... [ 27.372714] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 0, id = 0 [ 27.372795] IPVS: stopping backup sync thread 3922 ... [ 27.409606] [ 27.411262] ============================================= [ 27.416775] [ INFO: possible recursive locking detected ] [ 27.422286] 4.9.90-gdd1e37e #6 Not tainted [ 27.426532] --------------------------------------------- [ 27.432042] syz-executor0/3921 is trying to acquire lock: [ 27.437549] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 27.445357] but task is already holding lock: [ 27.449994] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 27.457786] other info that might help us debug this: [ 27.463130] Possible unsafe locking scenario: [ 27.463130] [ 27.469156] CPU0 [ 27.471710] ---- [ 27.474267] lock(rtnl_mutex); [ 27.477751] lock(rtnl_mutex); [ 27.481236] [ 27.481236] *** DEADLOCK *** [ 27.481236] [ 27.487265] May be due to missing lock nesting notation [ 27.487265] [ 27.494165] 2 locks held by syz-executor0/3921: [ 27.498804] #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 27.507142] #1: (ipvs->sync_mutex){+.+.+.}, at: [] do_ip_vs_set_ctl+0x8e7/0xc00 [ 27.516785] [ 27.516785] stack backtrace: [ 27.521257] CPU: 1 PID: 3921 Comm: syz-executor0 Not tainted 4.9.90-gdd1e37e #6 [ 27.528675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.538004] ffff8801d7a3f450 ffffffff81d94ee9 ffffffff8536ff30 ffffffff8536ff30 [ 27.545976] dffffc0000000000 6435c843d8073350 0000000000000000 ffff8801d7a3f620 [ 27.553957] ffffffff8123b925 ffffffff84c6bca0 ffffffff84fc5398 ffffffff84c6bca4 [ 27.561929] Call Trace: [ 27.564493] [] dump_stack+0xc1/0x128 [ 27.569829] [] __lock_acquire+0xe35/0x3640 [ 27.575684] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.582666] [] ? __lock_is_held+0xa1/0xf0 [ 27.588433] [] lock_acquire+0x12e/0x410 [ 27.594033] [] ? rtnl_lock+0x17/0x20 [ 27.599368] [] ? rtnl_lock+0x17/0x20 [ 27.604705] [] mutex_lock_nested+0xbb/0x870 [ 27.610644] [] ? rtnl_lock+0x17/0x20 [ 27.615990] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.622804] [] ? qtaguid_untag+0x487/0x680 [ 27.628668] [] ? mutex_lock_killable_nested+0x960/0x960 [ 27.635654] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 27.641861] [] ? qtaguid_untag+0x326/0x680 [ 27.647730] [] rtnl_lock+0x17/0x20 [ 27.652901] [] ip_mc_drop_socket+0x88/0x230 [ 27.658844] [] inet_release+0x5b/0x1d0 [ 27.664376] [] sock_release+0x8d/0x1e0 [ 27.669896] [] start_sync_thread+0x191b/0x1ef0 [ 27.676100] [] ? ip_vs_proc_sync_conn+0xc90/0xc90 [ 27.682565] [] ? ip_vs_sync_conn+0x2b30/0x2b30 [ 27.688772] [] ? mark_held_locks+0xaf/0x100 [ 27.694720] [] ? mutex_lock_nested+0x5e3/0x870 [ 27.700925] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.707741] [] ? mutex_lock_nested+0x56f/0x870 [ 27.713957] [] ? do_ip_vs_set_ctl+0x8e7/0xc00 [ 27.720079] [] ? mutex_lock_killable_nested+0x960/0x960 [ 27.727065] [] ? memcpy+0x45/0x50 [ 27.732143] [] do_ip_vs_set_ctl+0x8fb/0xc00 [ 27.738087] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 27.744902] [] ? mutex_lock_nested+0x5e3/0x870 [ 27.751105] [] ? __mutex_unlock_slowpath+0x220/0x3d0 [ 27.757833] [] ? __ww_mutex_lock_interruptible+0x14a0/0x14a0 [ 27.765257] [] ? sock_has_perm+0x1c2/0x3e0 [ 27.771114] [] ? mutex_unlock+0x9/0x10 [ 27.776638] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 27.783723] [] compat_nf_setsockopt+0xfa/0x130 [ 27.789931] [] compat_ip_setsockopt+0x8b/0xd0 [ 27.796052] [] inet_csk_compat_setsockopt+0x95/0x120 [ 27.802795] [] ? ip_setsockopt+0xa0/0xa0 [ 27.808501] [] compat_tcp_setsockopt+0x3d/0x70 [ 27.814719] [] compat_sock_common_setsockopt+0xb2/0x140 [ 27.821704] [] ? tcp_setsockopt+0xd0/0xd0 [ 27.827476] [] compat_SyS_setsockopt+0x149/0x290 [ 27.833855] [] ? sock_common_setsockopt+0xd0/0xd0 [ 27.840320] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 27.846875] [] ? compat_SyS_ioctl+0x8c/0x2050 [ 27.852992] [] ? do_fast_syscall_32+0xcf/0x870 [ 27.859196] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 27.865746] [] do_fast_syscall_32+0x2f5/0x870 [ 27.871870] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.878518] [] entry_SYSENTER_compat+0x90/0xa2