[....] Starting enhanced syslogd: rsyslogd[ 13.644749] audit: type=1400 audit(1552322331.585:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 30.449757]
[ 30.451401] ======================================================
[ 30.457692] [ INFO: possible circular locking dependency detected ]
[ 30.464073] 4.4.174+ #4 Not tainted
[ 30.467669] -------------------------------------------------------
[ 30.474048] syz-executor288/2072 is trying to acquire lock:
[ 30.479734] (rtnl_mutex){+.+.+.}, at: [<ffffffff8226e537>] rtnl_lock+0x17/0x20
[ 30.487664]
[ 30.487664] but task is already holding lock:
[ 30.493608] (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825fd4aa>] do_ipv6_setsockopt.isra.0+0x28a/0x30c0
[ 30.503735]
[ 30.503735] which lock already depends on the new lock.
[ 30.503735]
[ 30.512024]
[ 30.512024] the existing dependency chain (in reverse order) is:
[ 30.519616]
-> #1 (sk_lock-AF_INET6){+.+.+.}:
[ 30.524737] [<ffffffff81205f6e>] lock_acquire+0x15e/0x450
[ 30.530977] [<ffffffff821e4f06>] lock_sock_nested+0xc6/0x120
[ 30.537486] [<ffffffff826000da>] do_ipv6_setsockopt.isra.0+0x2eba/0x30c0
[ 30.545026] [<ffffffff826003ba>] ipv6_setsockopt+0xda/0x140
[ 30.551441] [<ffffffff823f782a>] tcp_setsockopt+0x8a/0xe0
[ 30.557693] [<ffffffff821def2a>] sock_common_setsockopt+0x9a/0xe0
[ 30.564634] [<ffffffff821dcb59>] SyS_setsockopt+0x159/0x240
[ 30.571047] [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[ 30.578262]
-> #0 (rtnl_mutex){+.+.+.}:
[ 30.582865] [<ffffffff81202d86>] __lock_acquire+0x37d6/0x4f50
[ 30.589473] [<ffffffff81205f6e>] lock_acquire+0x15e/0x450
[ 30.595731] [<ffffffff8270c191>] mutex_lock_nested+0xc1/0xb80
[ 30.602315] [<ffffffff8226e537>] rtnl_lock+0x17/0x20
[ 30.608123] [<ffffffff826369ee>] ipv6_sock_mc_close+0x10e/0x350
[ 30.614884] [<ffffffff825fedf1>] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0
[ 30.622432] [<ffffffff826003ba>] ipv6_setsockopt+0xda/0x140
[ 30.628856] [<ffffffff823f782a>] tcp_setsockopt+0x8a/0xe0
[ 30.635090] [<ffffffff821def2a>] sock_common_setsockopt+0x9a/0xe0
[ 30.642025] [<ffffffff821dcb59>] SyS_setsockopt+0x159/0x240
[ 30.648439] [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[ 30.655644]
[ 30.655644] other info that might help us debug this:
[ 30.655644]
[ 30.663759] Possible unsafe locking scenario:
[ 30.663759]
[ 30.669799] CPU0 CPU1
[ 30.674442] ---- ----
[ 30.679081] lock(sk_lock-AF_INET6);
[ 30.683093] lock(rtnl_mutex);
[ 30.689099] lock(sk_lock-AF_INET6);
[ 30.695724] lock(rtnl_mutex);
[ 30.699218]
[ 30.699218] *** DEADLOCK ***
[ 30.699218]
[ 30.705252] 1 lock held by syz-executor288/2072:
[ 30.709978] #0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825fd4aa>] do_ipv6_setsockopt.isra.0+0x28a/0x30c0
[ 30.720636]
[ 30.720636] stack backtrace:
[ 30.725109] CPU: 0 PID: 2072 Comm: syz-executor288 Not tainted 4.4.174+ #4
[ 30.732104] 0000000000000000 6f19a521d9c3b6f5 ffff8800b73ef5b0 ffffffff81aad1a1
[ 30.740110] ffffffff84057a80 ffff8800b7d197c0 ffffffff83a8db50 ffffffff83acc760
[ 30.748214] ffffffff83a8db50 ffff8800b73ef600 ffffffff813abcda ffff8800b73ef6e0
[ 30.756222] Call Trace:
[ 30.758798] [<ffffffff81aad1a1>] dump_stack+0xc1/0x120
[ 30.764143] [<ffffffff813abcda>] print_circular_bug.cold+0x2f7/0x44e
[ 30.770706] [<ffffffff81202d86>] __lock_acquire+0x37d6/0x4f50
[ 30.776650] [<ffffffff81201893>] ? __lock_acquire+0x22e3/0x4f50
[ 30.782771] [<ffffffff811ff5b0>] ? trace_hardirqs_on+0x10/0x10
[ 30.788801] [<ffffffff811ff5b0>] ? trace_hardirqs_on+0x10/0x10
[ 30.794834] [<ffffffff811fefb1>] ? mark_held_locks+0xb1/0x100
[ 30.800782] [<ffffffff81205f6e>] lock_acquire+0x15e/0x450
[ 30.806377] [<ffffffff8226e537>] ? rtnl_lock+0x17/0x20
[ 30.811721] [<ffffffff8226e537>] ? rtnl_lock+0x17/0x20
[ 30.817073] [<ffffffff8270c191>] mutex_lock_nested+0xc1/0xb80
[ 30.823018] [<ffffffff8226e537>] ? rtnl_lock+0x17/0x20
[ 30.828357] [<ffffffff810a19d9>] ? kvm_clock_get_cycles+0x9/0x10
[ 30.834565] [<ffffffff812721c6>] ? ktime_get_with_offset+0x176/0x240
[ 30.841117] [<ffffffff8253ac5a>] ? bictcp_init+0x33a/0x590
[ 30.846803] [<ffffffff8123a761>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 30.853538] [<ffffffff8270c0d0>] ? mutex_trylock+0x500/0x500
[ 30.859394] [<ffffffff811fefb1>] ? mark_held_locks+0xb1/0x100
[ 30.865435] [<ffffffff810e17ba>] ? __local_bh_enable_ip+0x6a/0xe0
[ 30.871731] [<ffffffff8226e537>] rtnl_lock+0x17/0x20
[ 30.876895] [<ffffffff826369ee>] ipv6_sock_mc_close+0x10e/0x350
[ 30.883011] [<ffffffff82661bc7>] ? fl6_free_socklist+0xb7/0x240
[ 30.889130] [<ffffffff825fedf1>] do_ipv6_setsockopt.isra.0+0x1bd1/0x30c0
[ 30.896031] [<ffffffff825fd220>] ? ip6_ra_control+0x3c0/0x3c0
[ 30.901988] [<ffffffff811ff5b0>] ? trace_hardirqs_on+0x10/0x10
[ 30.908021] [<ffffffff82446ed0>] ? tcp_v4_connect+0x1070/0x1930
[ 30.914139] [<ffffffff8123a761>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 30.920867] [<ffffffff819564f4>] ? avc_has_perm+0x164/0x3a0
[ 30.926637] [<ffffffff81956562>] ? avc_has_perm+0x1d2/0x3a0
[ 30.932409] [<ffffffff8195643c>] ? avc_has_perm+0xac/0x3a0
[ 30.938092] [<ffffffff81956390>] ? avc_has_perm_noaudit+0x300/0x300
[ 30.944562] [<ffffffff8123a761>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 30.951290] [<ffffffff81b0abec>] ? check_preemption_disabled+0x3c/0x200
[ 30.958103] [<ffffffff81b0abec>] ? check_preemption_disabled+0x3c/0x200
[ 30.964915] [<ffffffff8195fc48>] ? sock_has_perm+0x1c8/0x400
[ 30.970770] [<ffffffff8195fd28>] ? sock_has_perm+0x2a8/0x400
[ 30.976639] [<ffffffff8195fb26>] ? sock_has_perm+0xa6/0x400
[ 30.982411] [<ffffffff8195fa80>] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0
[ 30.989920] [<ffffffff82717fc1>] ? _raw_spin_unlock_bh+0x31/0x40
[ 30.996137] [<ffffffff821e6078>] ? release_sock+0x3a8/0x500
[ 31.001909] [<ffffffff811ff5ad>] ? trace_hardirqs_on+0xd/0x10
[ 31.007853] [<ffffffff826003ba>] ipv6_setsockopt+0xda/0x140
[ 31.013626] [<ffffffff823f782a>] tcp_setsockopt+0x8a/0xe0
[ 31.019223] [<ffffffff821def2a>] sock_common_setsockopt+0x9a/0xe0
[ 31.025519] [<ffffffff821dcb59>] SyS_setsockopt+0x159/0x240
[ 31.031290] [<ffffffff821dca00>] ? SyS_recv+0x40/0x40
[ 31.036540] [<ffffffff82719755>] ? retint_user+0x18/0x3c
[ 31.042054] [<ffffffff810021a4>] ? lockdep_sys_exit_thunk+0x12/0x14
[ 31.048519] [<ffffffff82718ba1>] entry_SY