[....] Starting enhanced syslogd: rsyslogd[ 14.838124] audit: type=1400 audit(1552084147.524:4): avc: denied { syslog } for pid=1924 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. syzkaller login: [ 40.307751] [ 40.309423] ====================================================== [ 40.315712] [ INFO: possible circular locking dependency detected ] [ 40.322106] 4.4.174+ #4 Not tainted [ 40.325854] ------------------------------------------------------- [ 40.332232] syz-executor265/2082 is trying to acquire lock: [ 40.337914] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 40.346088] [ 40.346088] but task is already holding lock: [ 40.352032] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 40.362134] [ 40.362134] which lock already depends on the new lock. [ 40.362134] [ 40.370429] [ 40.370429] the existing dependency chain (in reverse order) is: [ 40.378037] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 40.383190] [] lock_acquire+0x15e/0x450 [ 40.389432] [] lock_sock_nested+0xc6/0x120 [ 40.395954] [] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0 [ 40.403501] [] ipv6_setsockopt+0xda/0x140 [ 40.409939] [] tcp_setsockopt+0x8a/0xe0 [ 40.416195] [] sock_common_setsockopt+0x9a/0xe0 [ 40.423129] [] SyS_setsockopt+0x159/0x240 [ 40.429561] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 40.436771] -> #0 (rtnl_mutex){+.+.+.}: [ 40.441393] [] __lock_acquire+0x37d6/0x4f50 [ 40.448004] [] lock_acquire+0x15e/0x450 [ 40.454246] [] mutex_lock_nested+0xc1/0xb80 [ 40.460878] [] rtnl_lock+0x17/0x20 [ 40.466693] [] ipv6_sock_mc_close+0x10e/0x350 [ 40.473467] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 40.481023] [] ipv6_setsockopt+0xda/0x140 [ 40.487434] [] tcp_setsockopt+0x8a/0xe0 [ 40.493696] [] sock_common_setsockopt+0x9a/0xe0 [ 40.500774] [] SyS_setsockopt+0x159/0x240 [ 40.507712] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 40.514909] [ 40.514909] other info that might help us debug this: [ 40.514909] [ 40.523041] Possible unsafe locking scenario: [ 40.523041] [ 40.529083] CPU0 CPU1 [ 40.533725] ---- ---- [ 40.538374] lock(sk_lock-AF_INET6); [ 40.542389] lock(rtnl_mutex); [ 40.548410] lock(sk_lock-AF_INET6); [ 40.554948] lock(rtnl_mutex); [ 40.558457] [ 40.558457] *** DEADLOCK *** [ 40.558457] [ 40.564493] 1 lock held by syz-executor265/2082: [ 40.569219] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 40.579867] [ 40.579867] stack backtrace: [ 40.584343] CPU: 0 PID: 2082 Comm: syz-executor265 Not tainted 4.4.174+ #4 [ 40.591344] 0000000000000000 f2e6f761df1eb68e ffff8801d409f5b0 ffffffff81aad1a1 [ 40.599441] ffffffff84057a80 ffff8800b7755f00 ffffffff83a8db50 ffffffff83acc910 [ 40.607469] ffffffff83a8db50 ffff8801d409f600 ffffffff813abcda ffff8801d409f6e0 [ 40.615502] Call Trace: [ 40.618067] [] dump_stack+0xc1/0x120 [ 40.623423] [] print_circular_bug.cold+0x2f7/0x44e [ 40.629981] [] __lock_acquire+0x37d6/0x4f50 [ 40.635926] [] ? __lock_acquire+0x22e3/0x4f50 [ 40.642062] [] ? trace_hardirqs_on+0x10/0x10 [ 40.648095] [] ? trace_hardirqs_on+0x10/0x10 [ 40.654221] [] ? mark_held_locks+0xb1/0x100 [ 40.660170] [] lock_acquire+0x15e/0x450 [ 40.665774] [] ? rtnl_lock+0x17/0x20 [ 40.671215] [] ? rtnl_lock+0x17/0x20 [ 40.676556] [] mutex_lock_nested+0xc1/0xb80 [ 40.682501] [] ? rtnl_lock+0x17/0x20 [ 40.687865] [] ? kvm_clock_get_cycles+0x9/0x10 [ 40.694086] [] ? ktime_get_with_offset+0x176/0x240 [ 40.700662] [] ? bictcp_init+0x33a/0x590 [ 40.706355] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 40.713086] [] ? mutex_trylock+0x500/0x500 [ 40.718952] [] ? mark_held_locks+0xb1/0x100 [ 40.724903] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 40.731213] [] rtnl_lock+0x17/0x20 [ 40.736392] [] ipv6_sock_mc_close+0x10e/0x350 [ 40.742513] [] ? fl6_free_socklist+0xb7/0x240 [ 40.748797] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 40.755703] [] ? ip6_ra_control+0x3c0/0x3c0 [ 40.761650] [] ? trace_hardirqs_on+0x10/0x10 [ 40.767700] [] ? tcp_v4_connect+0x1070/0x1930 [ 40.773827] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 40.780653] [] ? avc_has_perm+0x164/0x3a0 [ 40.786438] [] ? avc_has_perm+0x1d2/0x3a0 [ 40.792215] [] ? avc_has_perm+0xac/0x3a0 [ 40.797916] [] ? avc_has_perm_noaudit+0x300/0x300 [ 40.804391] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 40.811122] [] ? check_preemption_disabled+0x3c/0x200 [ 40.817939] [] ? check_preemption_disabled+0x3c/0x200 [ 40.824755] [] ? sock_has_perm+0x1c8/0x400 [ 40.830622] [] ? sock_has_perm+0x2a8/0x400 [ 40.836504] [] ? sock_has_perm+0xa6/0x400 [ 40.842283] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 40.849793] [] ? _raw_spin_unlock_bh+0x31/0x40 [ 40.856001] [] ? release_sock+0x3a8/0x500 [ 40.861782] [] ? trace_hardirqs_on+0xd/0x10 [ 40.867751] [] ipv6_setsockopt+0xda/0x140 [ 40.873546] [] tcp_setsockopt+0x8a/0xe0 [ 40.879164] [] sock_common_setsockopt+0x9a/0xe0 [ 40.885460] [] SyS_setsockopt+0x159/0x240 [ 40.891247] [] ? SyS_recv+0x40/0x40 [ 40.896507] [] ? retint_user+0x18/0x3c [ 40.902044] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 40.908532] [