[....] Starting enhanced syslogd: rsyslogd[ 15.092817] audit: type=1400 audit(1552162382.135:4): avc: denied { syslog } for pid=1928 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.424363] [ 44.426013] ====================================================== [ 44.432303] [ INFO: possible circular locking dependency detected ] [ 44.438682] 4.4.174+ #17 Not tainted [ 44.442366] ------------------------------------------------------- [ 44.448745] syz-executor605/2086 is trying to acquire lock: [ 44.454425] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 44.462359] [ 44.462359] but task is already holding lock: [ 44.468302] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 44.478376] [ 44.478376] which lock already depends on the new lock. [ 44.478376] [ 44.486674] [ 44.486674] the existing dependency chain (in reverse order) is: [ 44.494266] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 44.499422] [] lock_acquire+0x15e/0x450 [ 44.505658] [] lock_sock_nested+0xc6/0x120 [ 44.512152] [] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0 [ 44.519689] [] ipv6_setsockopt+0xda/0x140 [ 44.526095] [] compat_mc_setsockopt+0x4f7/0x690 [ 44.533048] [] compat_ipv6_setsockopt+0x124/0x1d0 [ 44.540166] [] inet_csk_compat_setsockopt+0x99/0x120 [ 44.547531] [] compat_tcp_setsockopt+0x40/0x70 [ 44.554374] [] compat_sock_common_setsockopt+0xb4/0x150 [ 44.562025] [] compat_SyS_setsockopt+0x15c/0x720 [ 44.569167] [] do_fast_syscall_32+0x32d/0xa90 [ 44.575923] [] sysenter_flags_fixed+0xd/0x1a [ 44.582597] -> #0 (rtnl_mutex){+.+.+.}: [ 44.587264] [] __lock_acquire+0x37d6/0x4f50 [ 44.593850] [] lock_acquire+0x15e/0x450 [ 44.600114] [] mutex_lock_nested+0xc1/0xb80 [ 44.606699] [] rtnl_lock+0x17/0x20 [ 44.612502] [] ipv6_sock_mc_close+0x10e/0x350 [ 44.619262] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 44.626811] [] compat_ipv6_setsockopt+0xe7/0x1d0 [ 44.633840] [] inet_csk_compat_setsockopt+0x99/0x120 [ 44.641217] [] compat_tcp_setsockopt+0x40/0x70 [ 44.648075] [] compat_sock_common_setsockopt+0xb4/0x150 [ 44.655697] [] compat_SyS_setsockopt+0x15c/0x720 [ 44.662705] [] do_fast_syscall_32+0x32d/0xa90 [ 44.669480] [] sysenter_flags_fixed+0xd/0x1a [ 44.676148] [ 44.676148] other info that might help us debug this: [ 44.676148] [ 44.684257] Possible unsafe locking scenario: [ 44.684257] [ 44.690283] CPU0 CPU1 [ 44.694917] ---- ---- [ 44.699552] lock(sk_lock-AF_INET6); [ 44.703558] lock(rtnl_mutex); [ 44.709564] lock(sk_lock-AF_INET6); [ 44.716211] lock(rtnl_mutex); [ 44.719711] [ 44.719711] *** DEADLOCK *** [ 44.719711] [ 44.725744] 1 lock held by syz-executor605/2086: [ 44.730469] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 44.741114] [ 44.741114] stack backtrace: [ 44.745599] CPU: 1 PID: 2086 Comm: syz-executor605 Not tainted 4.4.174+ #17 [ 44.752685] 0000000000000000 638b56c67ec5a922 ffff8801d3f17500 ffffffff81aad1a1 [ 44.760669] ffffffff84057a80 ffff8801d4434740 ffffffff83a8db50 ffffffff83accac0 [ 44.768644] ffffffff83a8db50 ffff8801d3f17550 ffffffff813abcda ffff8801d3f17630 [ 44.776627] Call Trace: [ 44.779189] [] dump_stack+0xc1/0x120 [ 44.784528] [] print_circular_bug.cold+0x2f7/0x44e [ 44.791082] [] __lock_acquire+0x37d6/0x4f50 [ 44.797026] [] ? check_irq_usage+0xb1/0xe0 [ 44.802881] [] ? trace_hardirqs_on+0x10/0x10 [ 44.808911] [] ? trace_hardirqs_on+0x10/0x10 [ 44.814940] [] lock_acquire+0x15e/0x450 [ 44.820608] [] ? rtnl_lock+0x17/0x20 [ 44.825952] [] ? rtnl_lock+0x17/0x20 [ 44.831296] [] mutex_lock_nested+0xc1/0xb80 [ 44.837241] [] ? rtnl_lock+0x17/0x20 [ 44.842580] [] ? kvm_clock_read+0x23/0x40 [ 44.848349] [] ? kvm_clock_get_cycles+0x9/0x10 [ 44.854561] [] ? ktime_get_with_offset+0x176/0x240 [ 44.861141] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.867883] [] ? mutex_trylock+0x500/0x500 [ 44.873759] [] ? mark_held_locks+0xb1/0x100 [ 44.879701] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 44.885989] [] rtnl_lock+0x17/0x20 [ 44.891154] [] ipv6_sock_mc_close+0x10e/0x350 [ 44.897270] [] ? fl6_free_socklist+0xb7/0x240 [ 44.903392] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 44.910293] [] ? ip6_ra_control+0x3c0/0x3c0 [ 44.916235] [] ? trace_hardirqs_on+0x10/0x10 [ 44.922265] [] ? tcp_v4_connect+0x1070/0x1930 [ 44.928387] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.935122] [] ? avc_has_perm+0x164/0x3a0 [ 44.940891] [] ? avc_has_perm+0x1d2/0x3a0 [ 44.946659] [] ? avc_has_perm+0xac/0x3a0 [ 44.952344] [] ? avc_has_perm_noaudit+0x300/0x300 [ 44.958806] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.965535] [] ? check_preemption_disabled+0x3c/0x200 [ 44.972347] [] ? check_preemption_disabled+0x3c/0x200 [ 44.979174] [] ? sock_has_perm+0x1c8/0x400 [ 44.985033] [] ? sock_has_perm+0x2a8/0x400 [ 44.990908] [] ? sock_has_perm+0xa6/0x400 [ 44.996789] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 45.004298] [] ? check_preemption_disabled+0x3c/0x200 [ 45.011214] [] compat_ipv6_setsockopt+0xe7/0x1d0 [ 45.017597] [] inet_csk_compat_setsockopt+0x99/0x120 [ 45.024322] [] ? ipv6_setsockopt+0x140/0x140 [ 45.030408] [] compat_tcp_setsockopt+0x40/0x70 [ 45.036610] [] compat_sock_common_setsockopt+0xb4/0x150 [ 45.043593] [] ? do_tcp_setsockopt.isra.0+0x19a0/0x19a0 [ 45.050582] [] compat_SyS_setsockopt+0x15c/0x720 [ 45.056961] [] ? sock_common_setsockopt+0xe0/0xe0 [ 45.063440] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 45.069999] [] ? __do_page_fault+0x2b3/0x7f0 [ 45.076038]