[....] Starting enhanced syslogd: rsyslogd[ 13.554484] audit: type=1400 audit(1540543609.587:4): avc: denied { syslog } for pid=1925 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.813026] [ 36.814664] ====================================================== [ 36.820956] [ INFO: possible circular locking dependency detected ] [ 36.827451] 4.4.162+ #7 Not tainted [ 36.831053] ------------------------------------------------------- [ 36.837439] syz-executor530/2083 is trying to acquire lock: [ 36.843125] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 36.851080] [ 36.851080] but task is already holding lock: [ 36.857028] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 36.867119] [ 36.867119] which lock already depends on the new lock. [ 36.867119] [ 36.875411] [ 36.875411] the existing dependency chain (in reverse order) is: [ 36.883015] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 36.888158] [] lock_acquire+0x15e/0x450 [ 36.894409] [] lock_sock_nested+0xc6/0x120 [ 36.900935] [] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 [ 36.908405] [] ipv6_setsockopt+0x97/0x130 [ 36.914821] [] compat_mc_setsockopt+0x278/0x6e0 [ 36.921768] [] compat_ipv6_setsockopt+0x126/0x1d0 [ 36.928887] [] compat_udpv6_setsockopt+0x4a/0x90 [ 36.936040] [] compat_sock_common_setsockopt+0xb4/0x150 [ 36.943685] [] compat_SyS_setsockopt+0x169/0x700 [ 36.950714] [] do_fast_syscall_32+0x31e/0xa80 [ 36.957501] [] sysenter_flags_fixed+0xd/0x1a [ 36.964206] -> #0 (rtnl_mutex){+.+.+.}: [ 36.968823] [] __lock_acquire+0x3e6c/0x5f10 [ 36.975419] [] lock_acquire+0x15e/0x450 [ 36.981683] [] mutex_lock_nested+0xbb/0x8d0 [ 36.988281] [] rtnl_lock+0x17/0x20 [ 36.994137] [] ipv6_sock_mc_close+0x10e/0x350 [ 37.001065] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 37.008526] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 37.015560] [] compat_udpv6_setsockopt+0x4a/0x90 [ 37.022602] [] compat_sock_common_setsockopt+0xb4/0x150 [ 37.030247] [] compat_SyS_setsockopt+0x169/0x700 [ 37.037277] [] do_fast_syscall_32+0x31e/0xa80 [ 37.044114] [] sysenter_flags_fixed+0xd/0x1a [ 37.050795] [ 37.050795] other info that might help us debug this: [ 37.050795] [ 37.058918] Possible unsafe locking scenario: [ 37.058918] [ 37.064950] CPU0 CPU1 [ 37.069638] ---- ---- [ 37.074353] lock(sk_lock-AF_INET6); [ 37.078388] lock(rtnl_mutex); [ 37.084410] lock(sk_lock-AF_INET6); [ 37.090955] lock(rtnl_mutex); [ 37.094458] [ 37.094458] *** DEADLOCK *** [ 37.094458] [ 37.100540] 1 lock held by syz-executor530/2083: [ 37.105276] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 37.115943] [ 37.115943] stack backtrace: [ 37.120426] CPU: 1 PID: 2083 Comm: syz-executor530 Not tainted 4.4.162+ #7 [ 37.127418] 0000000000000000 732e75120adbff7e ffff8800b6477538 ffffffff81a994bd [ 37.135471] ffffffff83a85b10 ffffffff83ac48d0 ffffffff83a85b10 ffff8801d4a95028 [ 37.143484] ffff8801d4a94740 ffff8800b6477580 ffffffff813a834a 0000000000000001 [ 37.151543] Call Trace: [ 37.154117] [] dump_stack+0xc1/0x124 [ 37.159461] [] print_circular_bug.cold.34+0x2f7/0x432 [ 37.166286] [] __lock_acquire+0x3e6c/0x5f10 [ 37.172241] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.178976] [] ? trace_hardirqs_on+0x10/0x10 [ 37.185135] [] lock_acquire+0x15e/0x450 [ 37.190745] [] ? rtnl_lock+0x17/0x20 [ 37.196098] [] ? rtnl_lock+0x17/0x20 [ 37.201444] [] mutex_lock_nested+0xbb/0x8d0 [ 37.207437] [] ? rtnl_lock+0x17/0x20 [ 37.212799] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.219532] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.226265] [] ? mutex_trylock+0x3e0/0x3e0 [ 37.232130] [] ? mark_held_locks+0xc7/0x130 [ 37.238085] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 37.244387] [] rtnl_lock+0x17/0x20 [ 37.249557] [] ipv6_sock_mc_close+0x10e/0x350 [ 37.255684] [] ? fl6_free_socklist+0xb7/0x240 [ 37.261815] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 37.268644] [] ? ip6_ra_control+0x430/0x430 [ 37.274602] [] ? trace_hardirqs_on+0x10/0x10 [ 37.280647] [] ? __lock_acquire+0xa85/0x5f10 [ 37.286742] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 37.293052] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.299792] [] ? avc_has_perm+0x15a/0x3a0 [ 37.305571] [] ? avc_has_perm+0x1cc/0x3a0 [ 37.311348] [] ? avc_has_perm+0x9e/0x3a0 [ 37.317039] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 37.323514] [] ? check_preemption_disabled+0x3b/0x170 [ 37.330338] [] ? sock_has_perm+0x1c1/0x3f0 [ 37.336209] [] ? sock_has_perm+0x2a1/0x3f0 [ 37.342076] [] ? sock_has_perm+0x9f/0x3f0 [ 37.347859] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 37.355462] [] ? __fget+0x12f/0x3d0 [ 37.360727] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 37.367120] [] compat_udpv6_setsockopt+0x4a/0x90 [ 37.373514] [] compat_sock_common_setsockopt+0xb4/0x150 [ 37.380509] [] ? udpv6_setsockopt+0x90/0x90 [ 37.386466] [] compat_SyS_setsockopt+0x169/0x700 [ 37.392861] [] ? sock_common_setsockopt+0xe0/0xe0 [ 37.399336] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 37.405901] [] ? __do_page_fault+0x2b6/0x7e0 [ 37.411940] [] ? do_fas