[....] Starting enhanced syslogd: rsyslogd[ 15.022372] audit: type=1400 audit(1554660704.061:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.506437] [ 71.508145] ====================================================== [ 71.514458] [ INFO: possible circular locking dependency detected ] [ 71.520843] 4.4.174+ #4 Not tainted [ 71.524443] ------------------------------------------------------- [ 71.530818] syz-executor971/2096 is trying to acquire lock: [ 71.536550] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 71.544533] [ 71.544533] but task is already holding lock: [ 71.550498] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 71.560641] [ 71.560641] which lock already depends on the new lock. [ 71.560641] [ 71.569020] [ 71.569020] the existing dependency chain (in reverse order) is: [ 71.576680] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 71.581850] [] lock_acquire+0x15e/0x450 [ 71.588254] [] lock_sock_nested+0xc6/0x120 [ 71.594790] [] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0 [ 71.602357] [] ipv6_setsockopt+0xda/0x140 [ 71.608786] [] tcp_setsockopt+0x8a/0xe0 [ 71.615206] [] sock_common_setsockopt+0x9a/0xe0 [ 71.622317] [] SyS_setsockopt+0x159/0x240 [ 71.628739] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 71.636007] -> #0 (rtnl_mutex){+.+.+.}: [ 71.640722] [] __lock_acquire+0x37d6/0x4f50 [ 71.647464] [] lock_acquire+0x15e/0x450 [ 71.653715] [] mutex_lock_nested+0xc1/0xb80 [ 71.660396] [] rtnl_lock+0x17/0x20 [ 71.666230] [] ipv6_sock_mc_close+0x10e/0x350 [ 71.673138] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 71.680688] [] ipv6_setsockopt+0xda/0x140 [ 71.687116] [] tcp_setsockopt+0x8a/0xe0 [ 71.693378] [] sock_common_setsockopt+0x9a/0xe0 [ 71.700386] [] SyS_setsockopt+0x159/0x240 [ 71.706832] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 71.714043] [ 71.714043] other info that might help us debug this: [ 71.714043] [ 71.722171] Possible unsafe locking scenario: [ 71.722171] [ 71.728256] CPU0 CPU1 [ 71.732902] ---- ---- [ 71.737549] lock(sk_lock-AF_INET6); [ 71.741699] lock(rtnl_mutex); [ 71.747812] lock(sk_lock-AF_INET6); [ 71.754344] lock(rtnl_mutex); [ 71.757921] [ 71.757921] *** DEADLOCK *** [ 71.757921] [ 71.763965] 1 lock held by syz-executor971/2096: [ 71.768692] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 71.779401] [ 71.779401] stack backtrace: [ 71.783878] CPU: 0 PID: 2096 Comm: syz-executor971 Not tainted 4.4.174+ #4 [ 71.790871] 0000000000000000 f70e933b7c74fc82 ffff8801cf3b75b0 ffffffff81aad1a1 [ 71.798886] ffffffff84057a80 ffff8801d521c740 ffffffff83a8db50 ffffffff83acc5b0 [ 71.806965] ffffffff83a8db50 ffff8801cf3b7600 ffffffff813abcda ffff8801cf3b76e0 [ 71.814958] Call Trace: [ 71.817534] [] dump_stack+0xc1/0x120 [ 71.822878] [] print_circular_bug.cold+0x2f7/0x44e [ 71.829444] [] __lock_acquire+0x37d6/0x4f50 [ 71.835503] [] ? __lock_acquire+0x22e3/0x4f50 [ 71.841685] [] ? trace_hardirqs_on+0x10/0x10 [ 71.847995] [] ? trace_hardirqs_on+0x10/0x10 [ 71.854034] [] ? mark_held_locks+0xb1/0x100 [ 71.859988] [] lock_acquire+0x15e/0x450 [ 71.865647] [] ? rtnl_lock+0x17/0x20 [ 71.871130] [] ? rtnl_lock+0x17/0x20 [ 71.876476] [] mutex_lock_nested+0xc1/0xb80 [ 71.882425] [] ? rtnl_lock+0x17/0x20 [ 71.887897] [] ? kvm_clock_get_cycles+0x9/0x10 [ 71.894112] [] ? ktime_get_with_offset+0x176/0x240 [ 71.900669] [] ? bictcp_init+0x33a/0x590 [ 71.906356] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 71.913099] [] ? mutex_trylock+0x500/0x500 [ 71.919027] [] ? mark_held_locks+0xb1/0x100 [ 71.924989] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 71.931287] [] rtnl_lock+0x17/0x20 [ 71.936596] [] ipv6_sock_mc_close+0x10e/0x350 [ 71.942728] [] ? fl6_free_socklist+0xb7/0x240 [ 71.948849] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 71.955789] [] ? ip6_ra_control+0x3c0/0x3c0 [ 71.961749] [] ? trace_hardirqs_on+0x10/0x10 [ 71.967790] [] ? tcp_v4_connect+0x1070/0x1930 [ 71.973919] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 71.980658] [] ? avc_has_perm+0x164/0x3a0 [ 71.986435] [] ? avc_has_perm+0x1d2/0x3a0 [ 71.992215] [] ? avc_has_perm+0xac/0x3a0 [ 71.997942] [] ? avc_has_perm_noaudit+0x300/0x300 [ 72.004420] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 72.011150] [] ? check_preemption_disabled+0x3c/0x200 [ 72.017967] [] ? check_preemption_disabled+0x3c/0x200 [ 72.024781] [] ? sock_has_perm+0x1c8/0x400 [ 72.030796] [] ? sock_has_perm+0x2a8/0x400 [ 72.036664] [] ? sock_has_perm+0xa6/0x400 [ 72.042491] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 72.050029] [] ? _raw_spin_unlock_bh+0x31/0x40 [ 72.056297] [] ? release_sock+0x3a8/0x500 [ 72.062129] [] ? trace_hardirqs_on+0xd/0x10 [ 72.068089] [] ipv6_setsockopt+0xda/0x140 [ 72.073866] [] tcp_setsockopt+0x8a/0xe0 [ 72.079569] [] sock_common_setsockopt+0x9a/0xe0 [ 72.085874] [] SyS_setsockopt+0x159/0x240 [ 72.091653] [] ? SyS_recv+0x40/0x40 [ 72.096906] [] ? retint_user+0x18/0x3c [ 72.102528] [] ? lockdep_sys_exit_thunk+0x12/0x14