[....] Starting enhanced syslogd: rsyslogd[ 12.686068] audit: type=1400 audit(1539195465.812:4): avc: denied { syslog } for pid=1924 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.909925] [ 45.911574] ====================================================== [ 45.917865] [ INFO: possible circular locking dependency detected ] [ 45.924246] 4.4.159+ #44 Not tainted [ 45.927981] ------------------------------------------------------- [ 45.934462] syz-executor376/2088 is trying to acquire lock: [ 45.940326] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 45.948246] [ 45.948246] but task is already holding lock: [ 45.954197] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 45.964281] [ 45.964281] which lock already depends on the new lock. [ 45.964281] [ 45.972575] [ 45.972575] the existing dependency chain (in reverse order) is: [ 45.980237] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 45.985369] [] lock_acquire+0x15e/0x450 [ 45.991790] [] lock_sock_nested+0xc6/0x120 [ 45.998462] [] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 [ 46.005929] [] ipv6_setsockopt+0x97/0x130 [ 46.012357] [] compat_mc_setsockopt+0x278/0x6e0 [ 46.019294] [] compat_ipv6_setsockopt+0x126/0x1d0 [ 46.026407] [] compat_udpv6_setsockopt+0x4a/0x90 [ 46.033430] [] compat_sock_common_setsockopt+0xb4/0x150 [ 46.041235] [] compat_SyS_setsockopt+0x169/0x700 [ 46.048263] [] do_fast_syscall_32+0x31e/0xa80 [ 46.055032] [] sysenter_flags_fixed+0xd/0x1a [ 46.061715] -> #0 (rtnl_mutex){+.+.+.}: [ 46.066314] [] __lock_acquire+0x3e6c/0x5f10 [ 46.072902] [] lock_acquire+0x15e/0x450 [ 46.079146] [] mutex_lock_nested+0xbb/0x8d0 [ 46.085751] [] rtnl_lock+0x17/0x20 [ 46.091622] [] ipv6_sock_mc_close+0x10e/0x350 [ 46.098392] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 46.106005] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 46.113048] [] compat_udpv6_setsockopt+0x4a/0x90 [ 46.120251] [] compat_sock_common_setsockopt+0xb4/0x150 [ 46.127908] [] compat_SyS_setsockopt+0x169/0x700 [ 46.134951] [] do_fast_syscall_32+0x31e/0xa80 [ 46.141824] [] sysenter_flags_fixed+0xd/0x1a [ 46.148503] [ 46.148503] other info that might help us debug this: [ 46.148503] [ 46.156625] Possible unsafe locking scenario: [ 46.156625] [ 46.162666] CPU0 CPU1 [ 46.167321] ---- ---- [ 46.171963] lock(sk_lock-AF_INET6); [ 46.175979] lock(rtnl_mutex); [ 46.182448] lock(sk_lock-AF_INET6); [ 46.189088] lock(rtnl_mutex); [ 46.192580] [ 46.192580] *** DEADLOCK *** [ 46.192580] [ 46.198624] 1 lock held by syz-executor376/2088: [ 46.203356] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 46.214128] [ 46.214128] stack backtrace: [ 46.218609] CPU: 0 PID: 2088 Comm: syz-executor376 Not tainted 4.4.159+ #44 [ 46.225696] 0000000000000000 71bda4cb28f1b408 ffff8801cf507538 ffffffff81a994bd [ 46.233716] ffffffff83a85b10 ffffffff83ac5140 ffffffff83a85b10 ffff8801d52b08e8 [ 46.241723] ffff8801d52b0000 ffff8801cf507580 ffffffff813a84ea 0000000000000001 [ 46.249714] Call Trace: [ 46.252284] [] dump_stack+0xc1/0x124 [ 46.257629] [] print_circular_bug.cold.34+0x2f7/0x432 [ 46.264451] [] __lock_acquire+0x3e6c/0x5f10 [ 46.270401] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 46.277135] [] ? trace_hardirqs_on+0x10/0x10 [ 46.283292] [] ? ip6_mc_add_src+0x79b/0xbb0 [ 46.289315] [] lock_acquire+0x15e/0x450 [ 46.294925] [] ? rtnl_lock+0x17/0x20 [ 46.300268] [] ? rtnl_lock+0x17/0x20 [ 46.305685] [] mutex_lock_nested+0xbb/0x8d0 [ 46.311663] [] ? rtnl_lock+0x17/0x20 [ 46.317013] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 46.323227] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 46.329959] [] ? mutex_trylock+0x3e0/0x3e0 [ 46.335824] [] ? mark_held_locks+0xc7/0x130 [ 46.341924] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 46.348231] [] rtnl_lock+0x17/0x20 [ 46.353408] [] ipv6_sock_mc_close+0x10e/0x350 [ 46.359535] [] ? fl6_free_socklist+0xb7/0x240 [ 46.365671] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 46.372495] [] ? ip6_ra_control+0x430/0x430 [ 46.378445] [] ? trace_hardirqs_on+0x10/0x10 [ 46.384487] [] ? __lock_acquire+0xa85/0x5f10 [ 46.390588] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 46.397351] [] ? avc_has_perm+0x15a/0x3a0 [ 46.403235] [] ? avc_has_perm+0x1cc/0x3a0 [ 46.409125] [] ? avc_has_perm+0x9e/0x3a0 [ 46.414819] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 46.421293] [] ? check_preemption_disabled+0x3b/0x170 [ 46.428117] [] ? sock_has_perm+0x1c1/0x3f0 [ 46.433997] [] ? sock_has_perm+0x2a1/0x3f0 [ 46.439867] [] ? sock_has_perm+0x9f/0x3f0 [ 46.445650] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 46.453170] [] ? __fget+0x12f/0x3d0 [ 46.458435] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 46.464932] [] compat_udpv6_setsockopt+0x4a/0x90 [ 46.471324] [] compat_sock_common_setsockopt+0xb4/0x150 [ 46.478320] [] ? udpv6_setsockopt+0x90/0x90 [ 46.484281] [] compat_SyS_setsockopt+0x169/0x700 [ 46.490683] [] ? sock_common_setsockopt+0xe0/0xe0 [ 46.497169] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 46.503737] [] ? __do_page_fault+0x2b6/0x7e0 [ 46.509776] [