[....] Starting enhanced syslogd: rsyslogd[ 13.644749] audit: type=1400 audit(1552322331.585:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.449757] [ 30.451401] ====================================================== [ 30.457692] [ INFO: possible circular locking dependency detected ] [ 30.464073] 4.4.174+ #4 Not tainted [ 30.467669] ------------------------------------------------------- [ 30.474048] syz-executor288/2072 is trying to acquire lock: [ 30.479734] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 30.487664] [ 30.487664] but task is already holding lock: [ 30.493608] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 30.503735] [ 30.503735] which lock already depends on the new lock. [ 30.503735] [ 30.512024] [ 30.512024] the existing dependency chain (in reverse order) is: [ 30.519616] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 30.524737] [] lock_acquire+0x15e/0x450 [ 30.530977] [] lock_sock_nested+0xc6/0x120 [ 30.537486] [] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0 [ 30.545026] [] ipv6_setsockopt+0xda/0x140 [ 30.551441] [] tcp_setsockopt+0x8a/0xe0 [ 30.557693] [] sock_common_setsockopt+0x9a/0xe0 [ 30.564634] [] SyS_setsockopt+0x159/0x240 [ 30.571047] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 30.578262] -> #0 (rtnl_mutex){+.+.+.}: [ 30.582865] [] __lock_acquire+0x37d6/0x4f50 [ 30.589473] [] lock_acquire+0x15e/0x450 [ 30.595731] [] mutex_lock_nested+0xc1/0xb80 [ 30.602315] [] rtnl_lock+0x17/0x20 [ 30.608123] [] ipv6_sock_mc_close+0x10e/0x350 [ 30.614884] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 30.622432] [] ipv6_setsockopt+0xda/0x140 [ 30.628856] [] tcp_setsockopt+0x8a/0xe0 [ 30.635090] [] sock_common_setsockopt+0x9a/0xe0 [ 30.642025] [] SyS_setsockopt+0x159/0x240 [ 30.648439] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 30.655644] [ 30.655644] other info that might help us debug this: [ 30.655644] [ 30.663759] Possible unsafe locking scenario: [ 30.663759] [ 30.669799] CPU0 CPU1 [ 30.674442] ---- ---- [ 30.679081] lock(sk_lock-AF_INET6); [ 30.683093] lock(rtnl_mutex); [ 30.689099] lock(sk_lock-AF_INET6); [ 30.695724] lock(rtnl_mutex); [ 30.699218] [ 30.699218] *** DEADLOCK *** [ 30.699218] [ 30.705252] 1 lock held by syz-executor288/2072: [ 30.709978] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 30.720636] [ 30.720636] stack backtrace: [ 30.725109] CPU: 0 PID: 2072 Comm: syz-executor288 Not tainted 4.4.174+ #4 [ 30.732104] 0000000000000000 6f19a521d9c3b6f5 ffff8800b73ef5b0 ffffffff81aad1a1 [ 30.740110] ffffffff84057a80 ffff8800b7d197c0 ffffffff83a8db50 ffffffff83acc760 [ 30.748214] ffffffff83a8db50 ffff8800b73ef600 ffffffff813abcda ffff8800b73ef6e0 [ 30.756222] Call Trace: [ 30.758798] [] dump_stack+0xc1/0x120 [ 30.764143] [] print_circular_bug.cold+0x2f7/0x44e [ 30.770706] [] __lock_acquire+0x37d6/0x4f50 [ 30.776650] [] ? __lock_acquire+0x22e3/0x4f50 [ 30.782771] [] ? trace_hardirqs_on+0x10/0x10 [ 30.788801] [] ? trace_hardirqs_on+0x10/0x10 [ 30.794834] [] ? mark_held_locks+0xb1/0x100 [ 30.800782] [] lock_acquire+0x15e/0x450 [ 30.806377] [] ? rtnl_lock+0x17/0x20 [ 30.811721] [] ? rtnl_lock+0x17/0x20 [ 30.817073] [] mutex_lock_nested+0xc1/0xb80 [ 30.823018] [] ? rtnl_lock+0x17/0x20 [ 30.828357] [] ? kvm_clock_get_cycles+0x9/0x10 [ 30.834565] [] ? ktime_get_with_offset+0x176/0x240 [ 30.841117] [] ? bictcp_init+0x33a/0x590 [ 30.846803] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.853538] [] ? mutex_trylock+0x500/0x500 [ 30.859394] [] ? mark_held_locks+0xb1/0x100 [ 30.865435] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 30.871731] [] rtnl_lock+0x17/0x20 [ 30.876895] [] ipv6_sock_mc_close+0x10e/0x350 [ 30.883011] [] ? fl6_free_socklist+0xb7/0x240 [ 30.889130] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 30.896031] [] ? ip6_ra_control+0x3c0/0x3c0 [ 30.901988] [] ? trace_hardirqs_on+0x10/0x10 [ 30.908021] [] ? tcp_v4_connect+0x1070/0x1930 [ 30.914139] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.920867] [] ? avc_has_perm+0x164/0x3a0 [ 30.926637] [] ? avc_has_perm+0x1d2/0x3a0 [ 30.932409] [] ? avc_has_perm+0xac/0x3a0 [ 30.938092] [] ? avc_has_perm_noaudit+0x300/0x300 [ 30.944562] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.951290] [] ? check_preemption_disabled+0x3c/0x200 [ 30.958103] [] ? check_preemption_disabled+0x3c/0x200 [ 30.964915] [] ? sock_has_perm+0x1c8/0x400 [ 30.970770] [] ? sock_has_perm+0x2a8/0x400 [ 30.976639] [] ? sock_has_perm+0xa6/0x400 [ 30.982411] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 30.989920] [] ? _raw_spin_unlock_bh+0x31/0x40 [ 30.996137] [] ? release_sock+0x3a8/0x500 [ 31.001909] [] ? trace_hardirqs_on+0xd/0x10 [ 31.007853] [] ipv6_setsockopt+0xda/0x140 [ 31.013626] [] tcp_setsockopt+0x8a/0xe0 [ 31.019223] [] sock_common_setsockopt+0x9a/0xe0 [ 31.025519] [] SyS_setsockopt+0x159/0x240 [ 31.031290] [] ? SyS_recv+0x40/0x40 [ 31.036540] [] ? retint_user+0x18/0x3c [ 31.042054] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 31.048519] [] entry_SY