[....] Starting enhanced syslogd: rsyslogd[ 13.636238] audit: type=1400 audit(1552027256.623:4): avc: denied { syslog } for pid=1917 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.193448] [ 41.195112] ====================================================== [ 41.201417] [ INFO: possible circular locking dependency detected ] [ 41.207805] 4.4.174+ #4 Not tainted [ 41.211408] ------------------------------------------------------- [ 41.217791] syz-executor256/2075 is trying to acquire lock: [ 41.223478] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 41.231429] [ 41.231429] but task is already holding lock: [ 41.237383] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 41.247563] [ 41.247563] which lock already depends on the new lock. [ 41.247563] [ 41.255859] [ 41.255859] the existing dependency chain (in reverse order) is: [ 41.263461] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 41.268623] [] lock_acquire+0x15e/0x450 [ 41.274880] [] lock_sock_nested+0xc6/0x120 [ 41.281411] [] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0 [ 41.288967] [] ipv6_setsockopt+0xda/0x140 [ 41.295395] [] tcp_setsockopt+0x8a/0xe0 [ 41.301712] [] sock_common_setsockopt+0x9a/0xe0 [ 41.308659] [] SyS_setsockopt+0x159/0x240 [ 41.315087] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 41.322293] -> #0 (rtnl_mutex){+.+.+.}: [ 41.326924] [] __lock_acquire+0x37d6/0x4f50 [ 41.333599] [] lock_acquire+0x15e/0x450 [ 41.339856] [] mutex_lock_nested+0xc1/0xb80 [ 41.346456] [] rtnl_lock+0x17/0x20 [ 41.352280] [] ipv6_sock_mc_close+0x10e/0x350 [ 41.359063] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 41.366622] [] ipv6_setsockopt+0xda/0x140 [ 41.373050] [] tcp_setsockopt+0x8a/0xe0 [ 41.379304] [] sock_common_setsockopt+0x9a/0xe0 [ 41.386247] [] SyS_setsockopt+0x159/0x240 [ 41.392677] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 41.399886] [ 41.399886] other info that might help us debug this: [ 41.399886] [ 41.408007] Possible unsafe locking scenario: [ 41.408007] [ 41.414043] CPU0 CPU1 [ 41.418688] ---- ---- [ 41.423393] lock(sk_lock-AF_INET6); [ 41.427451] lock(rtnl_mutex); [ 41.433549] lock(sk_lock-AF_INET6); [ 41.440106] lock(rtnl_mutex); [ 41.443622] [ 41.443622] *** DEADLOCK *** [ 41.443622] [ 41.449659] 1 lock held by syz-executor256/2075: [ 41.454390] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 41.465067] [ 41.465067] stack backtrace: [ 41.469548] CPU: 1 PID: 2075 Comm: syz-executor256 Not tainted 4.4.174+ #4 [ 41.476538] 0000000000000000 6272864fcdd18299 ffff8801cf2e75b0 ffffffff81aad1a1 [ 41.484571] ffffffff84057a80 ffff8800b6c28000 ffffffff83a8dd00 ffffffff83acc5b0 [ 41.492589] ffffffff83a8dd00 ffff8801cf2e7600 ffffffff813abcda ffff8801cf2e76e0 [ 41.500612] Call Trace: [ 41.503182] [] dump_stack+0xc1/0x120 [ 41.508587] [] print_circular_bug.cold+0x2f7/0x44e [ 41.515151] [] __lock_acquire+0x37d6/0x4f50 [ 41.521105] [] ? __lock_acquire+0x22e3/0x4f50 [ 41.527232] [] ? trace_hardirqs_on+0x10/0x10 [ 41.533270] [] ? trace_hardirqs_on+0x10/0x10 [ 41.539317] [] ? mark_held_locks+0xb1/0x100 [ 41.545268] [] lock_acquire+0x15e/0x450 [ 41.550946] [] ? rtnl_lock+0x17/0x20 [ 41.556294] [] ? rtnl_lock+0x17/0x20 [ 41.561640] [] mutex_lock_nested+0xc1/0xb80 [ 41.567592] [] ? rtnl_lock+0x17/0x20 [ 41.572952] [] ? kvm_clock_get_cycles+0x9/0x10 [ 41.579169] [] ? ktime_get_with_offset+0x176/0x240 [ 41.585733] [] ? bictcp_init+0x33a/0x590 [ 41.591426] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 41.598163] [] ? mutex_trylock+0x500/0x500 [ 41.604027] [] ? mark_held_locks+0xb1/0x100 [ 41.609982] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 41.616283] [] rtnl_lock+0x17/0x20 [ 41.621458] [] ipv6_sock_mc_close+0x10e/0x350 [ 41.627584] [] ? fl6_free_socklist+0xb7/0x240 [ 41.633709] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 41.640614] [] ? ip6_ra_control+0x3c0/0x3c0 [ 41.646568] [] ? trace_hardirqs_on+0x10/0x10 [ 41.652605] [] ? tcp_v4_connect+0x1070/0x1930 [ 41.658729] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 41.665464] [] ? avc_has_perm+0x164/0x3a0 [ 41.671244] [] ? avc_has_perm+0x1d2/0x3a0 [ 41.677024] [] ? avc_has_perm+0xac/0x3a0 [ 41.682715] [] ? avc_has_perm_noaudit+0x300/0x300 [ 41.689190] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 41.695924] [] ? check_preemption_disabled+0x3c/0x200 [ 41.702763] [] ? check_preemption_disabled+0x3c/0x200 [ 41.709586] [] ? sock_has_perm+0x1c8/0x400 [ 41.715455] [] ? sock_has_perm+0x2a8/0x400 [ 41.721318] [] ? sock_has_perm+0xa6/0x400 [ 41.727098] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 41.734611] [] ? _raw_spin_unlock_bh+0x31/0x40 [ 41.740825] [] ? release_sock+0x3a8/0x500 [ 41.746606] [] ? trace_hardirqs_on+0xd/0x10 [ 41.752555] [] ipv6_setsockopt+0xda/0x140 [ 41.758337] [] tcp_setsockopt+0x8a/0xe0 [ 41.763955] [] sock_common_setsockopt+0x9a/0xe0 [ 41.770254] [] SyS_setsockopt+0x159/0x240 [ 41.776035] [] ? SyS_recv+0x40/0x40 [ 41.781293] [] ? retint_user+0x18/0x3c [ 41.786816] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 41.793287] [