[....] Starting OpenBSD Secure Shell server: sshd[ 21.739115] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. [ 21.954900] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 22.239587] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.406657] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) [ 23.577093] random: sshd: uninitialized urandom read (32 bytes read, 127 bits of entropy available) [ 23.690109] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 29.252020] IPVS: Creating netns size=2552 id=1 [ 29.285117] IPVS: Creating netns size=2552 id=2 executing program executing program [ 29.320561] IPVS: Creating netns size=2552 id=3 [ 29.337745] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.346652] IPVS: stopping backup sync thread 3877 ... executing program executing program executing program executing program executing program executing program [ 29.371572] IPVS: stopping backup sync thread 3881 ... [ 29.382956] IPVS: stopping backup sync thread 3887 ... [ 29.383165] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.384883] IPVS: stopping backup sync thread 3889 ... [ 29.391797] IPVS: stopping backup sync thread 3892 ... [ 29.399348] IPVS: stopping backup sync thread 3896 ... [ 29.406884] IPVS: stopping backup sync thread 3899 ... executing program executing program executing program executing program [ 29.422558] IPVS: stopping backup sync thread 3903 ... [ 29.425300] IPVS: Creating netns size=2552 id=4 [ 29.434911] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.454019] IPVS: stopping backup sync thread 3909 ... [ 29.458637] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 executing program executing program executing program [ 29.468034] IPVS: stopping backup sync thread 3912 ... [ 29.474446] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.479030] IPVS: stopping backup sync thread 3913 ... [ 29.489809] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.489882] IPVS: stopping backup sync thread 3916 ... [ 29.506522] IPVS: stopping backup sync thread 3920 ... [ 29.510453] IPVS: stopping backup sync thread 3923 ... [ 29.517009] IPVS: stopping backup sync thread 3926 ... executing program executing program executing program executing program [ 29.519100] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.531059] IPVS: stopping backup sync thread 3931 ... [ 29.533119] IPVS: stopping backup sync thread 3932 ... [ 29.545301] IPVS: stopping backup sync thread 3938 ... [ 29.553226] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.555441] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 executing program executing program executing program executing program executing program executing program [ 29.561347] IPVS: stopping backup sync thread 3944 ... [ 29.567407] IPVS: stopping backup sync thread 3947 ... [ 29.573341] IPVS: stopping backup sync thread 3950 ... [ 29.579670] IPVS: stopping backup sync thread 3953 ... [ 29.591888] IPVS: stopping backup sync thread 3958 ... [ 29.591912] IPVS: stopping backup sync thread 3941 ... [ 29.599390] IPVS: Creating netns size=2552 id=5 [ 29.611304] IPVS: stopping backup sync thread 3959 ... executing program executing program executing program executing program executing program executing program [ 29.620901] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.635032] IPVS: stopping backup sync thread 3962 ... [ 29.655181] IPVS: stopping backup sync thread 3970 ... [ 29.658920] IPVS: stopping backup sync thread 3973 ... [ 29.664337] IPVS: stopping backup sync thread 3974 ... executing program executing program executing program executing program executing program executing program [ 29.671709] IPVS: stopping backup sync thread 3978 ... [ 29.677423] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.682552] IPVS: stopping backup sync thread 3983 ... [ 29.684888] IPVS: stopping backup sync thread 3984 ... [ 29.701221] IPVS: Creating netns size=2552 id=6 executing program executing program executing program executing program executing program executing program [ 29.717224] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.717227] IPVS: stopping backup sync thread 3993 ... [ 29.718131] IPVS: stopping backup sync thread 3996 ... [ 29.720845] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.720952] IPVS: stopping backup sync thread 3998 ... [ 29.722616] IPVS: stopping backup sync thread 3997 ... [ 29.726377] IPVS: stopping backup sync thread 4000 ... [ 29.739365] IPVS: stopping backup sync thread 4005 ... [ 29.741625] IPVS: stopping backup sync thread 4006 ... executing program executing program executing program executing program executing program executing program [ 29.760690] IPVS: stopping backup sync thread 4013 ... [ 29.766874] IPVS: stopping backup sync thread 4014 ... [ 29.776702] IPVS: stopping backup sync thread 4019 ... [ 29.784091] IPVS: stopping backup sync thread 4020 ... [ 29.791151] IPVS: stopping backup sync thread 4024 ... [ 29.799354] IPVS: stopping backup sync thread 4027 ... [ 29.806472] IPVS: stopping backup sync thread 4030 ... [ 29.813657] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 executing program executing program executing program executing program executing program [ 29.823354] IPVS: stopping backup sync thread 4034 ... [ 29.844131] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.851661] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.854070] IPVS: stopping backup sync thread 4040 ... [ 29.854157] IPVS: stopping backup sync thread 4038 ... executing program executing program executing program executing program executing program [ 29.854291] IPVS: stopping backup sync thread 4041 ... [ 29.861465] IPVS: stopping backup sync thread 4046 ... [ 29.875367] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.889650] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.892479] IPVS: stopping backup sync thread 4055 ... [ 29.897809] IPVS: stopping backup sync thread 4057 ... [ 29.908024] IPVS: stopping backup sync thread 4063 ... [ 29.913608] IPVS: stopping backup sync thread 4064 ... executing program executing program executing program executing program executing program executing program [ 29.930915] IPVS: Creating netns size=2552 id=7 [ 29.935718] IPVS: stopping backup sync thread 4049 ... [ 29.936309] IPVS: stopping backup sync thread 4052 ... [ 29.945475] IPVS: stopping backup sync thread 4076 ... [ 29.952629] IPVS: stopping backup sync thread 4079 ... [ 29.958406] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 29.966349] IPVS: stopping backup sync thread 4083 ... executing program executing program executing program executing program executing program executing program executing program [ 29.978515] IPVS: stopping backup sync thread 4085 ... [ 29.984204] IPVS: stopping backup sync thread 4090 ... [ 30.007410] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 30.008246] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 30.008260] IPVS: stopping backup sync thread 4096 ... executing program executing program executing program executing program executing program executing program [ 30.010067] IPVS: stopping backup sync thread 4098 ... [ 30.011401] IPVS: stopping backup sync thread 4103 ... [ 30.014995] IPVS: stopping backup sync thread 4105 ... [ 30.032164] IPVS: stopping backup sync thread 4110 ... [ 30.044066] IPVS: stopping backup sync thread 4116 ... [ 30.053567] IPVS: stopping backup sync thread 4120 ... [ 30.061784] IPVS: stopping backup sync thread 4124 ... [ 30.069133] IPVS: stopping backup sync thread 4126 ... [ 30.077422] [ 30.079061] ============================================= [ 30.084594] [ INFO: possible recursive locking detected ] [ 30.090118] 4.4.128-gbd23e3a #20 Not tainted [ 30.094933] --------------------------------------------- [ 30.100444] syz-executor403/4093 is trying to acquire lock: [ 30.106122] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 30.114042] [ 30.114042] but task is already holding lock: [ 30.119991] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 30.127893] [ 30.127893] other info that might help us debug this: [ 30.134527] Possible unsafe locking scenario: [ 30.134527] [ 30.140552] CPU0 [ 30.143198] ---- [ 30.145753] lock(rtnl_mutex); [ 30.149254] lock(rtnl_mutex); [ 30.152757] [ 30.152757] *** DEADLOCK *** [ 30.152757] [ 30.158801] May be due to missing lock nesting notation [ 30.158801] [ 30.165707] 2 locks held by syz-executor403/4093: [ 30.170519] #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 30.178980] #1: (ipvs->sync_mutex){+.+.+.}, at: [] do_ip_vs_set_ctl+0x8e0/0xb70 [ 30.188728] [ 30.188728] stack backtrace: [ 30.193194] CPU: 0 PID: 4093 Comm: syz-executor403 Not tainted 4.4.128-gbd23e3a #20 [ 30.200956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.210279] 0000000000000000 4e287cbf125019bf ffff8800baef74f0 ffffffff81e0daad [ 30.218254] ffffffff8539cfa0 ffffffff8539cfa0 ffffffff8539cfa0 ffff8800afa6e900 [ 30.226235] 00000002d873a0b6 ffff8800baef7698 ffffffff8140faf1 ffffffff85746f00 [ 30.234208] Call Trace: [ 30.236772] [] dump_stack+0xc1/0x124 [ 30.242108] [] __lock_acquire.cold.58+0x154/0x58a [ 30.248572] [] ? add_lock_to_list.isra.27.constprop.41+0x140/0x1c0 [ 30.256522] [] ? debug_check_no_locks_freed+0x210/0x210 [ 30.263511] [] ? debug_check_no_locks_freed+0x210/0x210 [ 30.270501] [] ? __lock_is_held+0xa2/0xf0 [ 30.276267] [] lock_acquire+0x15e/0x450 [ 30.281863] [] ? rtnl_lock+0x17/0x20 [ 30.287196] [] ? rtnl_lock+0x17/0x20 [ 30.292534] [] mutex_lock_nested+0xbb/0x850 [ 30.298477] [] ? rtnl_lock+0x17/0x20 [ 30.303815] [] ? qtaguid_untag+0x41f/0x620 [ 30.309673] [] ? mutex_lock_killable_nested+0x980/0x980 [ 30.316659] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 30.322864] [] ? qtaguid_untag+0x323/0x620 [ 30.328717] [] rtnl_lock+0x17/0x20 [ 30.333878] [] ip_mc_drop_socket+0x8c/0x230 [ 30.339821] [] inet_release+0x5b/0x1d0 [ 30.345336] [] sock_release+0x96/0x1c0 [ 30.350862] [] start_sync_thread+0xa18/0x1ed0 [ 30.356982] [] ? finish_task_switch+0x1e7/0x4e0 [ 30.363270] [] ? finish_task_switch+0x1bb/0x4e0 [ 30.369561] [] ? ip_vs_proc_sync_conn+0x827/0x827 [ 30.376025] [] ? ip_vs_sync_conn+0x27b0/0x27b0 [ 30.382229] [] ? mark_held_locks+0xc7/0x130 [ 30.388173] [] ? mutex_lock_nested+0x54e/0x850 [ 30.394376] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.401198] [] ? mutex_lock_nested+0x574/0x850 [ 30.407401] [] ? do_ip_vs_set_ctl+0x8e0/0xb70 [ 30.413516] [] ? mutex_lock_killable_nested+0x980/0x980 [ 30.420502] [] ? memcpy+0x45/0x50 [ 30.425577] [] do_ip_vs_set_ctl+0x8f2/0xb70 [ 30.431534] [] ? ip_vs_genl_set_cmd+0x970/0x970 [ 30.437843] [] ? debug_check_no_locks_freed+0x210/0x210 [ 30.444827] [] ? mutex_lock_nested+0x54e/0x850 [ 30.451027] [] ? __mutex_unlock_slowpath+0x209/0x3b0 [ 30.457751] [] ? __ww_mutex_lock+0x14c0/0x14c0 [ 30.463966] [] ? sock_has_perm+0x29f/0x400 [ 30.469823] [] ? mutex_unlock+0x9/0x10 [ 30.475332] [] nf_setsockopt+0x6d/0xc0 [ 30.480863] [] ip_setsockopt+0x9a/0xb0 [ 30.486372] [] tcp_setsockopt+0x88/0xe0 [ 30.491976] [] sock_common_setsockopt+0x9a/0xe0 [ 30.498292] [] SyS_setsockopt+0x166/0x260 [ 30.504064] [] ? vmacache_update+0xfe/0x130 [ 30.510006] [] ? SyS_recv+0x40/0x40 [ 30.515255] [] ? retint_user+0x18/0x3c [ 30.520764] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 30.527315] [] entry_SYSCALL_64_fastpath+0x22/0x9e