[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.317522] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.254278] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 25.606090] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 26.891193] random: nonblocking pool is initialized Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. 2018/07/23 00:24:06 parsed 1 programs 2018/07/23 00:24:09 executed programs: 0 [ 35.417789] IPVS: Creating netns size=2552 id=1 [ 35.531250] device lo entered promiscuous mode [ 35.550736] [ 35.552429] ====================================================== [ 35.558736] [ INFO: possible circular locking dependency detected ] [ 35.565130] 4.4.141-g1b37d68 #7 Not tainted [ 35.569427] ------------------------------------------------------- [ 35.575804] syz-executor0/3885 is trying to acquire lock: [ 35.581321] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 35.589248] [ 35.589248] but task is already holding lock: [ 35.595210] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.9+0x40d/0x32c0 [ 35.605375] [ 35.605375] which lock already depends on the new lock. [ 35.605375] [ 35.613691] [ 35.613691] the existing dependency chain (in reverse order) is: [ 35.621300] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 35.626419] [] lock_acquire+0x15e/0x450 [ 35.632693] [] lock_sock_nested+0xc6/0x120 [ 35.639215] [] do_ipv6_setsockopt.isra.9+0x3da/0x32c0 [ 35.646693] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 35.653730] [] compat_udpv6_setsockopt+0x4a/0x90 [ 35.660783] [] compat_sock_common_setsockopt+0xb4/0x150 [ 35.668427] [] compat_SyS_setsockopt+0x14c/0x2a0 [ 35.675451] [] do_fast_syscall_32+0x326/0x8b0 [ 35.682222] [] sysenter_flags_fixed+0xd/0x17 [ 35.688939] -> #0 (rtnl_mutex){+.+.+.}: [ 35.693544] [] __lock_acquire+0x3902/0x5270 [ 35.700160] [] lock_acquire+0x15e/0x450 [ 35.706404] [] mutex_lock_nested+0xbb/0x850 [ 35.712988] [] rtnl_lock+0x17/0x20 [ 35.718805] [] ipv6_sock_mc_close+0x10e/0x350 [ 35.725561] [] do_ipv6_setsockopt.isra.9+0x28dc/0x32c0 [ 35.733102] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 35.740130] [] compat_udpv6_setsockopt+0x4a/0x90 [ 35.747189] [] compat_sock_common_setsockopt+0xb4/0x150 [ 35.754848] [] compat_SyS_setsockopt+0x14c/0x2a0 [ 35.761890] [] do_fast_syscall_32+0x326/0x8b0 [ 35.768657] [] sysenter_flags_fixed+0xd/0x17 [ 35.775344] [ 35.775344] other info that might help us debug this: [ 35.775344] [ 35.783458] Possible unsafe locking scenario: [ 35.783458] [ 35.789499] CPU0 CPU1 [ 35.794163] ---- ---- [ 35.798801] lock(sk_lock-AF_INET6); [ 35.802814] lock(rtnl_mutex); [ 35.808829] lock(sk_lock-AF_INET6); [ 35.815380] lock(rtnl_mutex); [ 35.818888] [ 35.818888] *** DEADLOCK *** [ 35.818888] [ 35.824924] 1 lock held by syz-executor0/3885: [ 35.829474] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.9+0x40d/0x32c0 [ 35.840113] [ 35.840113] stack backtrace: [ 35.844586] CPU: 1 PID: 3885 Comm: syz-executor0 Not tainted 4.4.141-g1b37d68 #7 [ 35.852117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.861459] 0000000000000000 216adb9cc45c9d0f ffff8801d9717588 ffffffff81e0e18d [ 35.869465] ffffffff8539cdf0 ffffffff853e4b20 ffffffff8539cdf0 ffff8800ac322100 [ 35.877472] ffff8800ac321800 ffff8801d97175d0 ffffffff8140e71b 0000000000000001 [ 35.885466] Call Trace: [ 35.888032] [] dump_stack+0xc1/0x124 [ 35.893376] [] print_circular_bug.cold.50+0x1bd/0x27d [ 35.900209] [] __lock_acquire+0x3902/0x5270 [ 35.906162] [] ? debug_check_no_locks_freed+0x210/0x210 [ 35.913154] [] ? __lock_is_held+0xa2/0xf0 [ 35.918926] [] lock_acquire+0x15e/0x450 [ 35.924533] [] ? rtnl_lock+0x17/0x20 [ 35.929890] [] ? rtnl_lock+0x17/0x20 [ 35.935249] [] mutex_lock_nested+0xbb/0x850 [ 35.941230] [] ? rtnl_lock+0x17/0x20 [ 35.946594] [] ? mutex_lock_killable_nested+0x980/0x980 [ 35.953597] [] ? mark_held_locks+0xc7/0x130 [ 35.959572] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 35.965869] [] rtnl_lock+0x17/0x20 [ 35.971047] [] ipv6_sock_mc_close+0x10e/0x350 [ 35.977173] [] ? fl6_free_socklist+0xb7/0x240 [ 35.983304] [] do_ipv6_setsockopt.isra.9+0x28dc/0x32c0 [ 35.990224] [] ? get_futex_key+0x4f7/0xdc0 [ 35.996087] [] ? ip6_ra_control+0x430/0x430 [ 36.002035] [] ? futex_lock_pi_atomic+0x2b0/0x2b0 [ 36.008508] [] ? hash_futex+0x15/0x210 [ 36.014024] [] ? drop_futex_key_refs.isra.11+0x7a/0xf0 [ 36.020927] [] ? __lock_acquire+0xa86/0x5270 [ 36.026959] [] ? get_futex_key+0xdc0/0xdc0 [ 36.032817] [] ? debug_check_no_locks_freed+0x210/0x210 [ 36.039815] [] ? __lock_acquire+0xa86/0x5270 [ 36.045845] [] ? do_futex+0x12d/0x17f0 [ 36.051364] [] ? __schedule+0x7d4/0x1d70 [ 36.057070] [] ? sock_has_perm+0x1c1/0x400 [ 36.062927] [] ? sock_has_perm+0x29f/0x400 [ 36.068786] [] ? sock_has_perm+0x9f/0x400 [ 36.074557] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 36.081641] [] ? selinux_netlbl_socket_setsockopt+0x97/0x340 [ 36.089070] [] ? selinux_netlbl_sock_rcv_skb+0x400/0x400 [ 36.096148] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 36.102528] [] compat_udpv6_setsockopt+0x4a/0x90 [ 36.108908] [] compat_sock_common_setsockopt+0xb4/0x150 [ 36.115900] [] ? udpv6_destroy_sock+0xd0/0xd0 [ 36.122021] [] compat_SyS_setsockopt+0x14c/0x2a0 [ 36.128417] [] ? sock_common_setsockopt+0xe0/0xe0 [ 36.134903] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 36.141474] [] ? do_fast_syscall_32+0xdb/0x8b0 [ 36.147687] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 36.154246] [] do_fast_syscall_32+0x326/0x8b0 [ 36.160378] [] sysenter_flags_fixed+0xd/0x17 2018/07/23 00:24:14 executed programs: 361 2018/07/23 00:24:19 executed programs: 774