[....] Starting enhanced syslogd: rsyslogd[ 14.883346] audit: type=1400 audit(1539628561.014:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.018440] [ 30.020185] ====================================================== [ 30.026475] [ INFO: possible circular locking dependency detected ] [ 30.032996] 4.4.161+ #110 Not tainted [ 30.036837] ------------------------------------------------------- [ 30.043230] syz-executor194/2072 is trying to acquire lock: [ 30.048911] (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ 30.056826] [ 30.056826] but task is already holding lock: [ 30.062770] (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 30.072890] [ 30.072890] which lock already depends on the new lock. [ 30.072890] [ 30.081354] [ 30.081354] the existing dependency chain (in reverse order) is: [ 30.089081] -> #1 (sk_lock-AF_INET6){+.+.+.}: [ 30.094207] [] lock_acquire+0x15e/0x450 [ 30.100547] [] lock_sock_nested+0xc6/0x120 [ 30.107054] [] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 [ 30.114518] [] ipv6_setsockopt+0x97/0x130 [ 30.120939] [] udpv6_setsockopt+0x4a/0x90 [ 30.127358] [] sock_common_setsockopt+0x9a/0xe0 [ 30.134303] [] SyS_setsockopt+0x166/0x260 [ 30.140717] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 30.147924] -> #0 (rtnl_mutex){+.+.+.}: [ 30.152531] [] __lock_acquire+0x3e6c/0x5f10 [ 30.159126] [] lock_acquire+0x15e/0x450 [ 30.165362] [] mutex_lock_nested+0xbb/0x8d0 [ 30.171957] [] rtnl_lock+0x17/0x20 [ 30.177771] [] ipv6_sock_mc_close+0x10e/0x350 [ 30.184535] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 30.191989] [] ipv6_setsockopt+0x97/0x130 [ 30.198409] [] udpv6_setsockopt+0x4a/0x90 [ 30.204823] [] sock_common_setsockopt+0x9a/0xe0 [ 30.211885] [] SyS_setsockopt+0x166/0x260 [ 30.218356] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 30.225560] [ 30.225560] other info that might help us debug this: [ 30.225560] [ 30.233675] Possible unsafe locking scenario: [ 30.233675] [ 30.239706] CPU0 CPU1 [ 30.244348] ---- ---- [ 30.249056] lock(sk_lock-AF_INET6); [ 30.253078] lock(rtnl_mutex); [ 30.259084] lock(sk_lock-AF_INET6); [ 30.265606] lock(rtnl_mutex); [ 30.269094] [ 30.269094] *** DEADLOCK *** [ 30.269094] [ 30.275129] 1 lock held by syz-executor194/2072: [ 30.279854] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] do_ipv6_setsockopt.isra.4+0x252/0x2d50 [ 30.290493] [ 30.290493] stack backtrace: [ 30.295112] CPU: 0 PID: 2072 Comm: syz-executor194 Not tainted 4.4.161+ #110 [ 30.302388] 0000000000000000 d8dca92f6afefcb8 ffff8800b9c2f5a8 ffffffff81a9969d [ 30.310497] ffffffff83a85b10 ffffffff83ac5800 ffffffff83a85b10 ffff8800b7fab868 [ 30.318491] ffff8800b7faaf80 ffff8800b9c2f5f0 ffffffff813a856a 0000000000000001 [ 30.326488] Call Trace: [ 30.329061] [] dump_stack+0xc1/0x124 [ 30.334408] [] print_circular_bug.cold.34+0x2f7/0x432 [ 30.341241] [] __lock_acquire+0x3e6c/0x5f10 [ 30.347192] [] ? trace_hardirqs_on+0x10/0x10 [ 30.353305] [] lock_acquire+0x15e/0x450 [ 30.358916] [] ? rtnl_lock+0x17/0x20 [ 30.364260] [] ? rtnl_lock+0x17/0x20 [ 30.369605] [] mutex_lock_nested+0xbb/0x8d0 [ 30.375552] [] ? rtnl_lock+0x17/0x20 [ 30.380898] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.387632] [] ? mutex_trylock+0x3e0/0x3e0 [ 30.393498] [] ? mark_held_locks+0xc7/0x130 [ 30.399446] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.405845] [] rtnl_lock+0x17/0x20 [ 30.411020] [] ipv6_sock_mc_close+0x10e/0x350 [ 30.417143] [] ? fl6_free_socklist+0xb7/0x240 [ 30.423264] [] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 [ 30.430082] [] ? ip6_ra_control+0x430/0x430 [ 30.436038] [] ? trace_hardirqs_on+0x10/0x10 [ 30.442072] [] ? __lock_acquire+0xa85/0x5f10 [ 30.448114] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.454410] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.461138] [] ? avc_has_perm+0x15a/0x3a0 [ 30.466980] [] ? avc_has_perm+0x1cc/0x3a0 [ 30.472757] [] ? avc_has_perm+0x9e/0x3a0 [ 30.478542] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 30.485019] [] ? check_preemption_disabled+0x3b/0x170 [ 30.491836] [] ? sock_has_perm+0x1c1/0x3f0 [ 30.497700] [] ? sock_has_perm+0x2a1/0x3f0 [ 30.503562] [] ? sock_has_perm+0x9f/0x3f0 [ 30.509342] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 30.516863] [] ? ip6_da