Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. 2020/07/24 08:14:40 parsed 1 programs 2020/07/24 08:14:40 executed programs: 0 syzkaller login: [ 32.676070] audit: type=1400 audit(1595578480.279:8): avc: denied { execmem } for pid=6355 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.932717] IPVS: ftp: loaded support on port[0] = 21 [ 33.880571] chnl_net:caif_netlink_parms(): no params data found [ 33.972949] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.979464] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.986935] device bridge_slave_0 entered promiscuous mode [ 33.994114] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.000459] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.008173] device bridge_slave_1 entered promiscuous mode [ 34.023944] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.032510] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.049700] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.057065] team0: Port device team_slave_0 added [ 34.062965] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.069941] team0: Port device team_slave_1 added [ 34.084426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.090640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.115966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.127114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.133443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.158642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.169051] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.176554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.243460] device hsr_slave_0 entered promiscuous mode [ 34.291156] device hsr_slave_1 entered promiscuous mode [ 34.332086] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.339001] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.397857] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.404388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.411202] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.417620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.444393] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.450442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.459001] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.467345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.475129] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.492200] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.501461] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.507524] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.515514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.523285] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.529603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.541361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.548935] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.555309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.566181] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.574040] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.586754] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.596852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.607955] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 34.614812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.622474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.629842] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.637345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.648157] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 34.655963] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.663008] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.672854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.719915] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 34.729684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.754343] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 34.761526] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 34.767873] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 34.778102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.785757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.793029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.801835] device veth0_vlan entered promiscuous mode [ 34.809794] device veth1_vlan entered promiscuous mode [ 34.816082] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 34.825210] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 34.836487] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 34.845406] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 34.852657] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 34.859704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.868274] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.876031] device veth0_macvtap entered promiscuous mode [ 34.884416] device veth1_macvtap entered promiscuous mode [ 34.892864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 34.902675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 34.911569] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 34.918637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.926338] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.934299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.944153] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 34.951046] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.957548] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.965230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.822779] ip_tables: iptables: counters copy to user failed while replacing table [ 35.832552] [ 35.834181] ====================================================== [ 35.840482] WARNING: possible circular locking dependency detected [ 35.846778] 4.14.189-syzkaller #0 Not tainted [ 35.851243] ------------------------------------------------------ [ 35.857526] syz-executor.0/6593 is trying to acquire lock: [ 35.863117] (&table[i].mutex){+.+.}, at: [] ip_set_nfnl_put+0x11a/0x310 [ 35.871512] [ 35.871512] but task is already holding lock: [ 35.877472] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 35.885769] [ 35.885769] which lock already depends on the new lock. [ 35.885769] [ 35.894055] [ 35.894055] the existing dependency chain (in reverse order) is: [ 35.901686] [ 35.901686] -> #1 (&xt[i].mutex){+.+.}: [ 35.907118] __mutex_lock+0xc4/0x1310 [ 35.911412] xt_find_revision+0x88/0x200 [ 35.915960] nfnl_compat_get+0x1f7/0x870 [ 35.920512] nfnetlink_rcv_msg+0x9bb/0xc00 [ 35.925241] netlink_rcv_skb+0x125/0x390 [ 35.929799] nfnetlink_rcv+0x1ab/0x1da0 [ 35.934269] netlink_unicast+0x437/0x610 [ 35.938821] netlink_sendmsg+0x62e/0xb80 [ 35.943374] sock_sendmsg+0xb5/0x100 [ 35.947577] ___sys_sendmsg+0x6c8/0x800 [ 35.952040] __sys_sendmsg+0xa3/0x120 [ 35.956332] SyS_sendmsg+0x27/0x40 [ 35.960365] do_syscall_64+0x1d5/0x640 [ 35.964741] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.970422] [ 35.970422] -> #0 (&table[i].mutex){+.+.}: [ 35.976120] lock_acquire+0x170/0x3f0 [ 35.980411] __mutex_lock+0xc4/0x1310 [ 35.984706] ip_set_nfnl_put+0x11a/0x310 [ 35.989257] cleanup_entry+0x117/0x2d0 [ 35.993639] __do_replace+0x38d/0x570 [ 35.997930] do_ipt_set_ctl+0x256/0x39e [ 36.002400] nf_setsockopt+0x5f/0xb0 [ 36.006610] ip_setsockopt+0x94/0xb0 [ 36.010813] tcp_setsockopt+0x7b/0xc0 [ 36.015103] SyS_setsockopt+0x110/0x1e0 [ 36.019569] do_syscall_64+0x1d5/0x640 [ 36.023950] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.029631] [ 36.029631] other info that might help us debug this: [ 36.029631] [ 36.037741] Possible unsafe locking scenario: [ 36.037741] [ 36.043768] CPU0 CPU1 [ 36.048410] ---- ---- [ 36.053049] lock(&xt[i].mutex); [ 36.056480] lock(&table[i].mutex); [ 36.062679] lock(&xt[i].mutex); [ 36.068616] lock(&table[i].mutex); [ 36.072309] [ 36.072309] *** DEADLOCK *** [ 36.072309] [ 36.078359] 1 lock held by syz-executor.0/6593: [ 36.082995] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 36.091760] [ 36.091760] stack backtrace: [ 36.096225] CPU: 1 PID: 6593 Comm: syz-executor.0 Not tainted 4.14.189-syzkaller #0 [ 36.103986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.113309] Call Trace: [ 36.115872] dump_stack+0x1b2/0x283 [ 36.119474] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 36.125241] __lock_acquire+0x2e0e/0x3f20 [ 36.129362] ? __kernel_text_address+0x9/0x30 [ 36.133832] ? unwind_get_return_address+0x51/0x90 [ 36.138731] ? trace_hardirqs_on+0x10/0x10 [ 36.142940] ? __lock_acquire+0x5fc/0x3f20 [ 36.147149] lock_acquire+0x170/0x3f0 [ 36.150921] ? ip_set_nfnl_put+0x11a/0x310 [ 36.155126] ? ip_set_nfnl_put+0x11a/0x310 [ 36.159331] __mutex_lock+0xc4/0x1310 [ 36.163107] ? ip_set_nfnl_put+0x11a/0x310 [ 36.167314] ? lock_acquire+0x170/0x3f0 [ 36.171257] ? ip_set_nfnl_put+0x11a/0x310 [ 36.175463] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 36.180881] ? __mutex_lock+0x360/0x1310 [ 36.184913] ? ip_set_nfnl_put+0xe9/0x310 [ 36.189032] ? lock_acquire+0x170/0x3f0 [ 36.192974] ? lock_downgrade+0x740/0x740 [ 36.197093] ? set_target_v0_destroy+0x150/0x150 [ 36.201817] ip_set_nfnl_put+0x11a/0x310 [ 36.205851] cleanup_entry+0x117/0x2d0 [ 36.209708] ? compat_do_ipt_get_ctl+0x7b0/0x7b0 [ 36.214437] __do_replace+0x38d/0x570 [ 36.218229] ? ipt_unregister_table+0x60/0x60 [ 36.222700] do_ipt_set_ctl+0x256/0x39e [ 36.226659] ? compat_do_ipt_set_ctl+0x140/0x140 [ 36.231392] ? nf_sockopt_find.constprop.0+0x1ad/0x220 [ 36.236729] nf_setsockopt+0x5f/0xb0 [ 36.240419] ip_setsockopt+0x94/0xb0 [ 36.244107] tcp_setsockopt+0x7b/0xc0 [ 36.247880] SyS_setsockopt+0x110/0x1e0 [ 36.251827] ? SyS_recv+0x40/0x40 [ 36.255257] ? SyS_clock_gettime+0xf5/0x180 [ 36.259582] ? SyS_clock_settime+0x1a0/0x1a0 [ 36.264058] ? do_syscall_64+0x4c/0x640 [ 36.268005] ? SyS_recv+0x40/0x40 [ 36.271437] do_syscall_64+0x1d5/0x640 [ 36.275296] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.280456] RIP: 0033:0x45c1f9 [ 36.283615] RSP: 002b:00007f605bf0ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 36.291307] RAX: ffffffffffffffda RBX: 000000000002c480 RCX: 000000000045c1f9 [ 36.298560] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 [ 36.305820] RBP: 000000000078bff0 R08: 0000000000000001 R09: 0000000000000000 [ 36.313102] R10: 0000000020000440 R11: 0000000000000246 R12: 000000000078bfac [ 36.320341] R13: 00007fffe8136dbf R14: 00007f605bf0