[....] Starting enhanced syslogd: rsyslogd[ 13.519794] audit: type=1400 audit(1552322343.662:4): avc: denied { syslog } for pid=1921 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.537852] [ 35.539507] ====================================================== [ 35.545791] [ INFO: possible circular locking dependency detected ] [ 35.552166] 4.4.174+ #17 Not tainted [ 35.555844] ------------------------------------------------------- [ 35.562223] syz-executor076/2079 is trying to acquire lock: [ 35.567897] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 35.575791] [ 35.575791] but task is already holding lock: [ 35.581729] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 35.591788] [ 35.591788] which lock already depends on the new lock. [ 35.591788] [ 35.600087] [ 35.600087] the existing dependency chain (in reverse order) is: [ 35.607677] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 35.612781] [] lock_acquire+0x15e/0x450 [ 35.619014] [] lock_sock_nested+0xc6/0x120 [ 35.625529] [] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0 [ 35.633088] [] ipv6_setsockopt+0xda/0x140 [ 35.639612] [] compat_mc_setsockopt+0x4f7/0x690 [ 35.646536] [] compat_ipv6_setsockopt+0x124/0x1d0 [ 35.653647] [] inet_csk_compat_setsockopt+0x99/0x120 [ 35.661006] [] compat_tcp_setsockopt+0x40/0x70 [ 35.667863] [] compat_sock_common_setsockopt+0xb4/0x150 [ 35.675502] [] compat_SyS_setsockopt+0x15c/0x720 [ 35.682533] [] do_fast_syscall_32+0x32d/0xa90 [ 35.689291] [] sysenter_flags_fixed+0xd/0x1a [ 35.695967] -> #0 (rtnl_mutex){+.+.+.}: [ 35.700552] [] __lock_acquire+0x37d6/0x4f50 [ 35.707216] [] lock_acquire+0x15e/0x450 [ 35.713462] [] mutex_lock_nested+0xc1/0xb80 [ 35.720043] [] rtnl_lock+0x17/0x20 [ 35.725845] [] ipv6_sock_mc_close+0x10e/0x350 [ 35.732635] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 35.740168] [] compat_ipv6_setsockopt+0xe7/0x1d0 [ 35.747201] [] inet_csk_compat_setsockopt+0x99/0x120 [ 35.754563] [] compat_tcp_setsockopt+0x40/0x70 [ 35.761404] [] compat_sock_common_setsockopt+0xb4/0x150 [ 35.769024] [] compat_SyS_setsockopt+0x15c/0x720 [ 35.776036] [] do_fast_syscall_32+0x32d/0xa90 [ 35.782794] [] sysenter_flags_fixed+0xd/0x1a [ 35.789457] [ 35.789457] other info that might help us debug this: [ 35.789457] [ 35.797568] Possible unsafe locking scenario: [ 35.797568] [ 35.803595] CPU0 CPU1 [ 35.808231] ---- ---- [ 35.812866] lock(sk_lock-AF_INET6); [ 35.816883] lock(rtnl_mutex); [ 35.822878] lock(sk_lock-AF_INET6); [ 35.829403] lock(rtnl_mutex); [ 35.832882] [ 35.832882] *** DEADLOCK *** [ 35.832882] [ 35.838908] 1 lock held by syz-executor076/2079: [ 35.843647] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.0+0x28a/0x30c0 [ 35.854273] [ 35.854273] stack backtrace: [ 35.858739] CPU: 1 PID: 2079 Comm: syz-executor076 Not tainted 4.4.174+ #17 [ 35.865807] 0000000000000000 34c9534736b168ff ffff8800b6e97500 ffffffff81aad1a1 [ 35.873779] ffffffff84057a80 ffff8801d4878000 ffffffff83a8dd00 ffffffff83acc910 [ 35.881761] ffffffff83a8dd00 ffff8800b6e97550 ffffffff813abcda ffff8800b6e97630 [ 35.889746] Call Trace: [ 35.892324] [] dump_stack+0xc1/0x120 [ 35.897671] [] print_circular_bug.cold+0x2f7/0x44e [ 35.904239] [] __lock_acquire+0x37d6/0x4f50 [ 35.910176] [] ? check_irq_usage+0xb1/0xe0 [ 35.916029] [] ? trace_hardirqs_on+0x10/0x10 [ 35.922055] [] ? trace_hardirqs_on+0x10/0x10 [ 35.928101] [] lock_acquire+0x15e/0x450 [ 35.933693] [] ? rtnl_lock+0x17/0x20 [ 35.939024] [] ? rtnl_lock+0x17/0x20 [ 35.944357] [] mutex_lock_nested+0xc1/0xb80 [ 35.950295] [] ? rtnl_lock+0x17/0x20 [ 35.955625] [] ? kvm_clock_read+0x23/0x40 [ 35.961389] [] ? kvm_clock_get_cycles+0x9/0x10 [ 35.967593] [] ? ktime_get_with_offset+0x176/0x240 [ 35.974139] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 35.980859] [] ? mutex_trylock+0x500/0x500 [ 35.986724] [] ? mark_held_locks+0xb1/0x100 [ 35.992670] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 35.998958] [] rtnl_lock+0x17/0x20 [ 36.004121] [] ipv6_sock_mc_close+0x10e/0x350 [ 36.010274] [] ? fl6_free_socklist+0xb7/0x240 [ 36.016390] [] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0 [ 36.023459] [] ? ip6_ra_control+0x3c0/0x3c0 [ 36.029399] [] ? trace_hardirqs_on+0x10/0x10 [ 36.035428] [] ? tcp_v4_connect+0x1070/0x1930 [ 36.041542] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.048265] [] ? avc_has_perm+0x164/0x3a0 [ 36.054033] [] ? avc_has_perm+0x1d2/0x3a0 [ 36.059796] [] ? avc_has_perm+0xac/0x3a0 [ 36.065474] [] ? avc_has_perm_noaudit+0x300/0x300 [ 36.072028] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.078751] [] ? check_preemption_disabled+0x3c/0x200 [ 36.085745] [] ? check_preemption_disabled+0x3c/0x200 [ 36.092550] [] ? sock_has_perm+0x1c8/0x400 [ 36.098403] [] ? sock_has_perm+0x2a8/0x400 [ 36.104255] [] ? sock_has_perm+0xa6/0x400 [ 36.110022] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 36.117528] [] ? check_preemption_disabled+0x3c/0x200 [ 36.124336] [] compat_ipv6_setsockopt+0xe7/0x1d0 [ 36.130710] [] inet_csk_compat_setsockopt+0x99/0x120 [ 36.137435] [] ? ipv6_setsockopt+0x140/0x140 [ 36.143550] [] compat_tcp_setsockopt+0x40/0x70 [ 36.149752] [] compat_sock_common_setsockopt+0xb4/0x150 [ 36.156736] [] ? do_tcp_setsockopt.isra.0+0x19a0/0x19a0 [ 36.163725] [] compat_SyS_setsockopt+0x15c/0x720 [ 36.170110] [] ? sock_common_setsockopt+0xe0/0xe0 [ 36.176573] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 36.183124] [] ? __do_page_fault+0x2b3/0x7f0 [ 36.189166] [<