[....] Starting enhanced syslogd: rsyslogd[ 13.254781] audit: type=1400 audit(1541748637.324:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.297544] [ 51.299228] ====================================================== [ 51.305519] [ INFO: possible circular locking dependency detected ] [ 51.311899] 4.4.162+ #10 Not tainted [ 51.315585] ------------------------------------------------------- [ 51.321963] syz-executor322/2084 is trying to acquire lock: [ 51.327682] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 51.335610] [ 51.335610] but task is already holding lock: [ 51.341553] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 51.351682] [ 51.351682] which lock already depends on the new lock. [ 51.351682] [ 51.359971] [ 51.359971] the existing dependency chain (in reverse order) is: [ 51.367566] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 51.372736] [] lock_acquire+0x15e/0x450 [ 51.379007] [] lock_sock_nested+0xc6/0x120 [ 51.385509] [] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 [ 51.392966] [] ipv6_setsockopt+0x97/0x130 [ 51.399383] [] compat_mc_setsockopt+0x278/0x6e0 [ 51.406323] [] compat_ipv6_setsockopt+0x126/0x1d0 [ 51.413457] [] compat_udpv6_setsockopt+0x4a/0x90 [ 51.420481] [] compat_sock_common_setsockopt+0xb4/0x150 [ 51.428116] [] compat_SyS_setsockopt+0x169/0x700 [ 51.435152] [] do_fast_syscall_32+0x31e/0xa80 [ 51.441931] [] sysenter_flags_fixed+0xd/0x1a [ 51.448616] -> #0 (rtnl_mutex){+.+.+.}: [ 51.453229] [] __lock_acquire+0x3e6c/0x5f10 [ 51.459816] [] lock_acquire+0x15e/0x450 [ 51.466058] [] mutex_lock_nested+0xbb/0x8d0 [ 51.472668] [] rtnl_lock+0x17/0x20 [ 51.478477] [] ipv6_sock_mc_close+0x10e/0x350 [ 51.485239] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 51.492717] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 51.499752] [] compat_udpv6_setsockopt+0x4a/0x90 [ 51.506775] [] compat_sock_common_setsockopt+0xb4/0x150 [ 51.514410] [] compat_SyS_setsockopt+0x169/0x700 [ 51.521433] [] do_fast_syscall_32+0x31e/0xa80 [ 51.528198] [] sysenter_flags_fixed+0xd/0x1a [ 51.534876] [ 51.534876] other info that might help us debug this: [ 51.534876] [ 51.543004] Possible unsafe locking scenario: [ 51.543004] [ 51.549036] CPU0 CPU1 [ 51.553679] ---- ---- [ 51.558319] lock(sk_lock-AF_INET6); [ 51.562374] lock(rtnl_mutex); [ 51.568406] lock(sk_lock-AF_INET6); [ 51.574958] lock(rtnl_mutex); [ 51.578462] [ 51.578462] *** DEADLOCK *** [ 51.578462] [ 51.584500] 1 lock held by syz-executor322/2084: [ 51.589226] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 51.599866] [ 51.599866] stack backtrace: [ 51.604339] CPU: 0 PID: 2084 Comm: syz-executor322 Not tainted 4.4.162+ #10 [ 51.611411] 0000000000000000 cda5b913c52a866d ffff8800b697f538 ffffffff81aa526d [ 51.619404] ffffffff83a85b10 ffffffff83ac4060 ffffffff83a85b10 ffff8800b72aa0a8 [ 51.627403] ffff8800b72a97c0 ffff8800b697f580 ffffffff813a834a 0000000000000001 [ 51.635396] Call Trace: [ 51.637957] [] dump_stack+0xc1/0x124 [ 51.643298] [] print_circular_bug.cold.34+0x2f7/0x432 [ 51.650117] [] __lock_acquire+0x3e6c/0x5f10 [ 51.656067] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.662796] [] ? trace_hardirqs_on+0x10/0x10 [ 51.668843] [] lock_acquire+0x15e/0x450 [ 51.674445] [] ? rtnl_lock+0x17/0x20 [ 51.679783] [] ? rtnl_lock+0x17/0x20 [ 51.685121] [] mutex_lock_nested+0xbb/0x8d0 [ 51.691070] [] ? rtnl_lock+0x17/0x20 [ 51.696408] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.703139] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.709866] [] ? mutex_trylock+0x3e0/0x3e0 [ 51.715725] [] ? mark_held_locks+0xc7/0x130 [ 51.721672] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 51.727984] [] rtnl_lock+0x17/0x20 [ 51.733164] [] ipv6_sock_mc_close+0x10e/0x350 [ 51.739289] [] ? fl6_free_socklist+0xb7/0x240 [ 51.745417] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 51.752236] [] ? ip6_ra_control+0x430/0x430 [ 51.758188] [] ? trace_hardirqs_on+0x10/0x10 [ 51.764235] [] ? __lock_acquire+0xa85/0x5f10 [ 51.770289] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 51.776585] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.783312] [] ? avc_has_perm+0x15a/0x3a0 [ 51.789083] [] ? avc_has_perm+0x1cc/0x3a0 [ 51.794857] [] ? avc_has_perm+0x9e/0x3a0 [ 51.800545] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 51.807011] [] ? check_preemption_disabled+0x3b/0x170 [ 51.813827] [] ? sock_has_perm+0x1c1/0x3f0 [ 51.819702] [] ? sock_has_perm+0x2a1/0x3f0 [ 51.825579] [] ? sock_has_perm+0x9f/0x3f0 [ 51.831353] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 51.838864] [] ? __fget+0x12f/0x3d0 [ 51.844138] [] compat_ipv6_setsockopt+0xe9/0x1d0 [ 51.850522] [] compat_udpv6_setsockopt+0x4a/0x90 [ 51.856907] [] compat_sock_common_setsockopt+0xb4/0x150 [ 51.863896] [] ? udpv6_setsockopt+0x90/0x90 [ 51.869843] [] compat_SyS_setsockopt+0x169/0x700 [ 51.876227] [] ? sock_common_setsockopt+0xe0/0xe0 [ 51.882693] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 51.889248] [] ? __do_page_fault+0x2b6/0x7e0 [ 51.895291] [] ? do_fast_syscall_32