[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.773241] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.494127] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 22.733473] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 24.059174] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) [ 24.237503] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. [ 29.709412] random: nonblocking pool is initialized executing program [ 29.801138] [ 29.802773] ====================================================== [ 29.809077] [ INFO: possible circular locking dependency detected ] [ 29.815515] 4.4.141-g1b37d68 #71 Not tainted [ 29.819910] ------------------------------------------------------- [ 29.826288] syz-executor209/3832 is trying to acquire lock: [ 29.831972] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 29.839917] [ 29.839917] but task is already holding lock: [ 29.845862] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.9+0x40d/0x32c0 [ 29.856067] [ 29.856067] which lock already depends on the new lock. [ 29.856067] [ 29.864790] [ 29.864790] the existing dependency chain (in reverse order) is: [ 29.872472] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 29.877634] [] lock_acquire+0x15e/0x450 [ 29.883884] [] lock_sock_nested+0xc6/0x120 [ 29.890401] [] do_ipv6_setsockopt.isra.9+0x3da/0x32c0 [ 29.897872] [] ipv6_setsockopt+0x97/0x130 [ 29.904490] [] udpv6_setsockopt+0x4a/0x90 [ 29.910908] [] sock_common_setsockopt+0x9a/0xe0 [ 29.917840] [] SyS_setsockopt+0x166/0x260 [ 29.924252] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 29.931450] -> #0 (rtnl_mutex){+.+.+.}: [ 29.936057] [] __lock_acquire+0x3902/0x5270 [ 29.942680] [] lock_acquire+0x15e/0x450 [ 29.948938] [] mutex_lock_nested+0xbb/0x850 [ 29.955545] [] rtnl_lock+0x17/0x20 [ 29.961359] [] ipv6_sock_mc_close+0x10e/0x350 [ 29.968124] [] do_ipv6_setsockopt.isra.9+0x28dc/0x32c0 [ 29.975672] [] ipv6_setsockopt+0x97/0x130 [ 29.982089] [] udpv6_setsockopt+0x4a/0x90 [ 29.988497] [] sock_common_setsockopt+0x9a/0xe0 [ 29.995434] [] SyS_setsockopt+0x166/0x260 [ 30.001874] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 30.009102] [ 30.009102] other info that might help us debug this: [ 30.009102] [ 30.017324] Possible unsafe locking scenario: [ 30.017324] [ 30.023357] CPU0 CPU1 [ 30.028007] ---- ---- [ 30.032646] lock(sk_lock-AF_INET6); [ 30.036699] lock(rtnl_mutex); [ 30.042733] lock(sk_lock-AF_INET6); [ 30.049263] lock(rtnl_mutex); [ 30.052782] [ 30.052782] *** DEADLOCK *** [ 30.052782] [ 30.058818] 1 lock held by syz-executor209/3832: [ 30.063554] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.9+0x40d/0x32c0 [ 30.074233] [ 30.074233] stack backtrace: [ 30.078707] CPU: 1 PID: 3832 Comm: syz-executor209 Not tainted 4.4.141-g1b37d68 #71 [ 30.086485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.095821] 0000000000000000 c4204f1a20bd06c5 ffff8801d37f75b8 ffffffff81e0e18d [ 30.104021] ffffffff8539cdf0 ffffffff853e4610 ffffffff8539cdf0 ffff8800acd4d100 [ 30.112021] ffff8800acd4c800 ffff8801d37f7600 ffffffff8140e71b 0000000000000001 [ 30.120052] Call Trace: [ 30.122618] [] dump_stack+0xc1/0x124 [ 30.127982] [] print_circular_bug.cold.50+0x1bd/0x27d [ 30.134892] [] __lock_acquire+0x3902/0x5270 [ 30.140841] [] ? debug_check_no_locks_freed+0x210/0x210 [ 30.147833] [] ? __lock_is_held+0xa2/0xf0 [ 30.153640] [] lock_acquire+0x15e/0x450 [ 30.159237] [] ? rtnl_lock+0x17/0x20 [ 30.164581] [] ? rtnl_lock+0x17/0x20 [ 30.169948] [] mutex_lock_nested+0xbb/0x850 [ 30.175905] [] ? rtnl_lock+0x17/0x20 [ 30.181358] [] ? mutex_lock_killable_nested+0x980/0x980 [ 30.188347] [] ? mark_held_locks+0xc7/0x130 [ 30.194646] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.200965] [] rtnl_lock+0x17/0x20 [ 30.206139] [] ipv6_sock_mc_close+0x10e/0x350 [ 30.212266] [] ? fl6_free_socklist+0xb7/0x240 [ 30.218581] [] do_ipv6_setsockopt.isra.9+0x28dc/0x32c0 [ 30.225503] [] ? ip6_ra_control+0x430/0x430 [ 30.231464] [] ? save_stack+0xa9/0xd0 [ 30.236911] [] ? save_stack_trace+0x26/0x50 [ 30.242869] [] ? save_stack+0x43/0xd0 [ 30.248305] [] ? kasan_kmalloc+0xc7/0xe0 [ 30.253997] [] ? kasan_slab_alloc+0x12/0x20 [ 30.259961] [] ? kmem_cache_alloc+0xbe/0x2a0 [ 30.266003] [] ? ptlock_alloc+0x20/0x80 [ 30.271623] [] ? pte_alloc_one+0x62/0x100 [ 30.277420] [] ? do_huge_pmd_anonymous_page+0x1fd/0x9d0 [ 30.284410] [] ? handle_mm_fault+0x2852/0x30b0 [ 30.290631] [] ? __do_page_fault+0x365/0xa10 [ 30.296663] [] ? do_page_fault+0x27/0x30 [ 30.302351] [] ? page_fault+0x28/0x30 [ 30.307778] [] ? __alloc_pages_nodemask+0x117b/0x1660 [ 30.314597] [] ? __lock_acquire+0xa86/0x5270 [ 30.320634] [] ? debug_check_no_locks_freed+0x210/0x210 [ 30.327620] [] ? __lock_is_held+0xa2/0xf0 [ 30.333405] [] ? sock_has_perm+0x1c1/0x400 [ 30.339263] [] ? sock_has_perm+0x29f/0x400 [ 30.345223] [] ? sock_has_perm+0x9f/0x400 [ 30.351174] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 30.358343] [] ? selinux_netlbl_socket_setsockopt+0x97/0x340 [ 30.365894] [] ? selinux_netlbl_sock_rcv_skb+0x400/0x400 [ 30.372985] [] ipv6_setsockopt+0x97/0x130 [ 30.378770] [] udpv6_setsockopt+0x4a/0x90 [ 30.384541] [] sock_common_setsockopt+0x9a/0xe0 [ 30.390841] [] SyS_setsockopt+0x166/0x260 [ 30.396611] [] ? SyS_recv+0x40/0x40 [ 30.401861] [