[....] Starting enhanced syslogd: rsyslogd[ 14.247188] audit: type=1400 audit(1540542500.958:4): avc: denied { syslog } for pid=1923 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.034111] [ 39.035756] ====================================================== [ 39.042076] [ INFO: possible circular locking dependency detected ] [ 39.048454] 4.4.162+ #117 Not tainted [ 39.052224] ------------------------------------------------------- [ 39.058599] syz-executor241/2081 is trying to acquire lock: [ 39.064277] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 39.072188] [ 39.072188] but task is already holding lock: [ 39.078136] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 39.088242] [ 39.088242] which lock already depends on the new lock. [ 39.088242] [ 39.096532] [ 39.096532] the existing dependency chain (in reverse order) is: [ 39.104126] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 39.109293] [] lock_acquire+0x15e/0x450 [ 39.115561] [] lock_sock_nested+0xc6/0x120 [ 39.122137] [] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 [ 39.129596] [] ipv6_setsockopt+0x97/0x130 [ 39.136013] [] udpv6_setsockopt+0x4a/0x90 [ 39.142431] [] sock_common_setsockopt+0x9a/0xe0 [ 39.149373] [] SyS_setsockopt+0x166/0x260 [ 39.155787] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.163000] -> #0 (rtnl_mutex){+.+.+.}: [ 39.167601] [] __lock_acquire+0x3e6c/0x5f10 [ 39.174189] [] lock_acquire+0x15e/0x450 [ 39.180432] [] mutex_lock_nested+0xbb/0x8d0 [ 39.187069] [] rtnl_lock+0x17/0x20 [ 39.192875] [] ipv6_sock_mc_close+0x10e/0x350 [ 39.199651] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 39.207125] [] ipv6_setsockopt+0x97/0x130 [ 39.213554] [] udpv6_setsockopt+0x4a/0x90 [ 39.219979] [] sock_common_setsockopt+0x9a/0xe0 [ 39.226913] [] SyS_setsockopt+0x166/0x260 [ 39.233329] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.240536] [ 39.240536] other info that might help us debug this: [ 39.240536] [ 39.248655] Possible unsafe locking scenario: [ 39.248655] [ 39.254689] CPU0 CPU1 [ 39.259329] ---- ---- [ 39.263974] lock(sk_lock-AF_INET6); [ 39.268047] lock(rtnl_mutex); [ 39.274061] lock(sk_lock-AF_INET6); [ 39.280590] lock(rtnl_mutex); [ 39.284072] [ 39.284072] *** DEADLOCK *** [ 39.284072] [ 39.290114] 1 lock held by syz-executor241/2081: [ 39.294840] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 39.305469] [ 39.305469] stack backtrace: [ 39.309984] CPU: 0 PID: 2081 Comm: syz-executor241 Not tainted 4.4.162+ #117 [ 39.317147] 0000000000000000 11f84f167585bf17 ffff8800b9cd75a8 ffffffff81a994bd [ 39.325171] ffffffff83a85b10 ffffffff83ac4720 ffffffff83a85b10 ffff8801d4c720a8 [ 39.333178] ffff8801d4c717c0 ffff8800b9cd75f0 ffffffff813a834a 0000000000000001 [ 39.341157] Call Trace: [ 39.343721] [] dump_stack+0xc1/0x124 [ 39.349061] [] print_circular_bug.cold.34+0x2f7/0x432 [ 39.355881] [] __lock_acquire+0x3e6c/0x5f10 [ 39.361830] [] ? trace_hardirqs_on+0x10/0x10 [ 39.367862] [] lock_acquire+0x15e/0x450 [ 39.373463] [] ? rtnl_lock+0x17/0x20 [ 39.378805] [] ? rtnl_lock+0x17/0x20 [ 39.384147] [] mutex_lock_nested+0xbb/0x8d0 [ 39.390207] [] ? rtnl_lock+0x17/0x20 [ 39.395548] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.402281] [] ? mutex_trylock+0x3e0/0x3e0 [ 39.408145] [] ? mark_held_locks+0xc7/0x130 [ 39.414095] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 39.420391] [] rtnl_lock+0x17/0x20 [ 39.425557] [] ipv6_sock_mc_close+0x10e/0x350 [ 39.431689] [] ? fl6_free_socklist+0xb7/0x240 [ 39.437810] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 39.444628] [] ? ip6_ra_control+0x430/0x430 [ 39.450573] [] ? trace_hardirqs_on+0x10/0x10 [ 39.456608] [] ? __lock_acquire+0xa85/0x5f10 [ 39.462640] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 39.469272] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.476007] [] ? avc_has_perm+0x15a/0x3a0 [ 39.481779] [] ? avc_has_perm+0x1cc/0x3a0 [ 39.487551] [] ? avc_has_perm+0x9e/0x3a0 [ 39.493238] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 39.499709] [] ? check_preemption_disabled+0x3b/0x170 [ 39.506721] [] ? sock_has_perm+0x1c1/0x3f0 [ 39.512579] [] ? sock_has_perm+0x2a1/0x3f0 [ 39.518497] [] ? sock_has_perm+0x9f/0x3f0 [ 39.524291] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 39.531805] [] ? ip6_datagram