[ 32.788457] audit: type=1800 audit(1579437600.839:33): pid=7149 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.817406] audit: type=1800 audit(1579437600.849:34): pid=7149 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.899181] random: sshd: uninitialized urandom read (32 bytes read) [ 38.391535] audit: type=1400 audit(1579437606.449:35): avc: denied { map } for pid=7324 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.442453] random: sshd: uninitialized urandom read (32 bytes read) [ 39.127286] random: sshd: uninitialized urandom read (32 bytes read) [ 39.322108] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts. [ 44.850783] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.976023] audit: type=1400 audit(1579437613.029:36): avc: denied { map } for pid=7336 comm="syz-executor298" path="/root/syz-executor298129272" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.004708] ip_tables: iptables: counters copy to user failed while replacing table [ 45.016915] sp0: Synchronizing with TNC [ 45.021886] audit: type=1400 audit(1579437613.079:37): avc: denied { create } for pid=7337 comm="syz-executor298" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 45.046776] audit: type=1400 audit(1579437613.079:38): avc: denied { write } for pid=7337 comm="syz-executor298" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 45.143313] [ 45.145086] ====================================================== [ 45.151482] WARNING: possible circular locking dependency detected [ 45.157797] 4.14.166-syzkaller #0 Not tainted [ 45.162379] ------------------------------------------------------ [ 45.168695] syz-executor298/7348 is trying to acquire lock: [ 45.174417] (rtnl_mutex){+.+.}, at: [] rtnl_lock+0x17/0x20 [ 45.181846] [ 45.181846] but task is already holding lock: [ 45.187901] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x3c/0x3d0 [ 45.196231] [ 45.196231] which lock already depends on the new lock. [ 45.196231] [ 45.204653] [ 45.204653] the existing dependency chain (in reverse order) is: [ 45.212494] [ 45.212494] -> #2 (&xt[i].mutex){+.+.}: [ 45.217961] lock_acquire+0x16f/0x430 [ 45.222288] __mutex_lock+0xe8/0x1470 [ 45.226620] mutex_lock_nested+0x16/0x20 [ 45.231188] xt_find_revision+0x82/0x200 [ 45.235768] nfnl_compat_get+0x229/0x950 [ 45.240539] nfnetlink_rcv_msg+0xa08/0xc00 [ 45.245562] netlink_rcv_skb+0x14f/0x3c0 [ 45.250152] nfnetlink_rcv+0x1ab/0x1650 [ 45.254630] netlink_unicast+0x44d/0x650 [ 45.259215] netlink_sendmsg+0x7c4/0xc60 [ 45.263789] sock_sendmsg+0xce/0x110 [ 45.268005] ___sys_sendmsg+0x70a/0x840 [ 45.272603] __sys_sendmsg+0xb9/0x140 [ 45.276998] SyS_sendmsg+0x2d/0x50 [ 45.281049] do_syscall_64+0x1e8/0x640 [ 45.285485] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.291210] [ 45.291210] -> #1 (&table[i].mutex){+.+.}: [ 45.297219] lock_acquire+0x16f/0x430 [ 45.301547] __mutex_lock+0xe8/0x1470 [ 45.306174] mutex_lock_nested+0x16/0x20 [ 45.310834] nfnl_lock+0x24/0x30 [ 45.314709] nf_tables_netdev_event+0x13f/0x580 [ 45.319905] notifier_call_chain+0x111/0x1b0 [ 45.324852] raw_notifier_call_chain+0x2e/0x40 [ 45.329935] call_netdevice_notifiers_info+0x56/0x70 [ 45.335556] rollback_registered_many+0x70d/0xb60 [ 45.340899] rollback_registered+0xdd/0x180 [ 45.345732] unregister_netdevice_queue+0x1ae/0x230 [ 45.351373] unregister_netdev+0x1d/0x30 [ 45.355954] sixpack_close+0x158/0x1c0 [ 45.360351] tty_ldisc_close.isra.0+0x99/0xd0 [ 45.365355] tty_ldisc_kill+0x4b/0xc0 [ 45.369664] tty_ldisc_release+0xb6/0x230 [ 45.374423] tty_release_struct+0x1b/0x50 [ 45.379083] tty_release+0xaa3/0xd60 [ 45.383303] __fput+0x275/0x7a0 [ 45.387083] ____fput+0x16/0x20 [ 45.390955] task_work_run+0x114/0x190 [ 45.395343] do_exit+0xa1a/0x2cd0 [ 45.399294] do_group_exit+0x111/0x330 [ 45.403688] SyS_exit_group+0x1d/0x20 [ 45.407999] do_syscall_64+0x1e8/0x640 [ 45.412390] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.418076] [ 45.418076] -> #0 (rtnl_mutex){+.+.}: [ 45.423507] __lock_acquire+0x2cb3/0x4620 [ 45.428163] lock_acquire+0x16f/0x430 [ 45.432483] __mutex_lock+0xe8/0x1470 [ 45.436791] mutex_lock_nested+0x16/0x20 [ 45.441369] rtnl_lock+0x17/0x20 [ 45.445243] unregister_netdevice_notifier+0x5f/0x2c0 [ 45.451064] tee_tg_destroy+0x61/0xc0 [ 45.455486] cleanup_entry+0x17d/0x230 [ 45.460028] __do_replace+0x3c5/0x5b0 [ 45.464340] do_ipt_set_ctl+0x296/0x3ee [ 45.468824] nf_setsockopt+0x67/0xc0 [ 45.473570] ip_setsockopt+0x9b/0xb0 [ 45.477826] udp_setsockopt+0x4e/0x90 [ 45.482245] sock_common_setsockopt+0x94/0xd0 [ 45.487389] SyS_setsockopt+0x13c/0x210 [ 45.491874] do_syscall_64+0x1e8/0x640 [ 45.496262] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.501949] [ 45.501949] other info that might help us debug this: [ 45.501949] [ 45.510072] Chain exists of: [ 45.510072] rtnl_mutex --> &table[i].mutex --> &xt[i].mutex [ 45.510072] [ 45.520409] Possible unsafe locking scenario: [ 45.520409] [ 45.527362] CPU0 CPU1 [ 45.532013] ---- ---- [ 45.536669] lock(&xt[i].mutex); [ 45.540212] lock(&table[i].mutex); [ 45.546426] lock(&xt[i].mutex); [ 45.552509] lock(rtnl_mutex); [ 45.555771] [ 45.555771] *** DEADLOCK *** [ 45.555771] [ 45.562697] 1 lock held by syz-executor298/7348: [ 45.567431] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x3c/0x3d0 [ 45.576185] [ 45.576185] stack backtrace: [ 45.580842] CPU: 1 PID: 7348 Comm: syz-executor298 Not tainted 4.14.166-syzkaller #0 [ 45.589048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.598575] Call Trace: [ 45.601163] dump_stack+0x142/0x197 [ 45.605307] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 45.610666] __lock_acquire+0x2cb3/0x4620 [ 45.614805] ? trace_hardirqs_on+0x10/0x10 [ 45.619031] ? __kernel_text_address+0xd/0x40 [ 45.623516] lock_acquire+0x16f/0x430 [ 45.627321] ? rtnl_lock+0x17/0x20 [ 45.631076] ? rtnl_lock+0x17/0x20 [ 45.634601] __mutex_lock+0xe8/0x1470 [ 45.638411] ? rtnl_lock+0x17/0x20 [ 45.642079] ? __bitmap_weight+0xbd/0xf0 [ 45.646207] ? rtnl_lock+0x17/0x20 [ 45.649734] ? pcpu_next_md_free_region+0x14c/0x2f0 [ 45.654736] ? mutex_trylock+0x1c0/0x1c0 [ 45.658779] ? pcpu_chunk_refresh_hint+0x29b/0x350 [ 45.663690] ? free_percpu+0x232/0x710 [ 45.667566] ? find_held_lock+0x35/0x130 [ 45.671629] ? free_percpu+0x232/0x710 [ 45.675502] mutex_lock_nested+0x16/0x20 [ 45.679576] ? mutex_lock_nested+0x16/0x20 [ 45.683803] rtnl_lock+0x17/0x20 [ 45.687178] unregister_netdevice_notifier+0x5f/0x2c0 [ 45.692357] ? trace_hardirqs_on_caller+0x400/0x590 [ 45.697361] ? register_netdevice_notifier+0x520/0x520 [ 45.702723] ? icmp_checkentry+0x90/0x90 [ 45.706915] tee_tg_destroy+0x61/0xc0 [ 45.711341] ? tee_tg6+0x160/0x160 [ 45.715308] cleanup_entry+0x17d/0x230 [ 45.719195] ? cleanup_match+0x140/0x140 [ 45.723359] __do_replace+0x3c5/0x5b0 [ 45.727152] ? compat_do_ipt_get_ctl+0x7f0/0x7f0 [ 45.732157] ? _copy_from_user+0x99/0x110 [ 45.736294] do_ipt_set_ctl+0x296/0x3ee [ 45.740259] ? compat_do_ipt_set_ctl+0x150/0x150 [ 45.745135] ? mutex_unlock+0xd/0x10 [ 45.748841] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 45.754110] nf_setsockopt+0x67/0xc0 [ 45.757814] ip_setsockopt+0x9b/0xb0 [ 45.761613] udp_setsockopt+0x4e/0x90 [ 45.765398] sock_common_setsockopt+0x94/0xd0 [ 45.770039] SyS_setsockopt+0x13c/0x210 [ 45.774104] ? SyS_recv+0x40/0x40 [ 45.777540] ? do_syscall_64+0x53/0x640 [ 45.781502] ? SyS_recv+0x40/0x40 [ 45.784957] do_syscall_64+0x1e8/0x640 [ 45.788832] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.794961] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.800129] RIP: 0033:0x441379 [ 45.803300] RSP: 002b:00007ffc00e480f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 45.810991] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441379 [ 45.818247] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 45.825508] RBP: 000000000000afb2 R08: 0000000000000001 R09: 00000000004002c8 [ 45.832765] R10: 0000000020000640 R11: 0000000000000246 R12: 00000000004021a0 [ 45.840038] R13: 0000000000402230 R14: 0000000000000000 R15: 0000000000000000 [ 45.848552] ip_tables: iptables: counters copy to user failed while replacing table [ 45.858242] sp0: Synchronizing with TNC [ 45.901575] ip_tables: iptables: counters copy to user failed while replacing table [ 45.915409] sp0: Synchronizing with TNC [ 45.992247] ip_tables: iptables: counters copy to user failed while replacing table [ 46.030933] sp0: Synchronizing with TNC [ 46.081170] ip_tables: iptables: counters copy to user failed while replacing table [ 46.106507] sp0: Synchronizing with TNC [ 46.184212] ip_tables: iptables: counters copy to user failed while replacing table [ 46.220872] sp0: Synchronizing with TNC [ 46.321436] ip_tables: iptables: counters copy to user failed while replacing table [ 46.355032] sp0: Synchronizing with TNC [ 46.425190] ip_tables: iptables: counters copy to user failed while replacing table [ 46.451469] sp0: Synchronizing with TNC [ 46.520139] ip_tables: iptables: counters copy to user failed while replacing table [ 46.557066] sp0: Synchronizing with TNC [ 46.636051] ip_tables: iptables: counters copy to user failed while replacing table [ 46.661710] sp0: Synchronizing with TNC [ 46.744722] sp0: Synchronizing with TNC [ 46.827432] sp0: Synchronizing with TNC [ 46.914552] sp0: Synchronizing with TNC [ 47.015533] sp0: Synchronizing with TNC [ 47.147657] sp0: Synchronizing with TNC [ 47.255605] sp0: Synchronizing with TNC [ 47.365767] sp0: Synchronizing with TNC [ 47.440931] sp0: Synchronizing with TNC [ 47.531067] sp0: Synchronizing with TNC [ 47.633248] sp0: Synchronizing with TNC [ 47.754891] sp0: Synchronizing with TNC [ 47.853800] sp0: Synchronizing with TNC [ 47.962384] sp0: Synchronizing with TNC [ 48.028757] sp0: Synchronizing with TNC [ 48.147951] sp0: Synchronizing with TNC [ 48.259852] sp0: Synchronizing with TNC [ 48.381537] sp0: Synchronizing with TNC [ 48.481183] sp0: Synchronizing with TNC [ 48.593850] sp0: Synchronizing with TNC [ 48.667486] sp0: Synchronizing with TNC [ 48.767709] sp0: Synchronizing with TNC [ 48.873047] sp0: Synchronizing with TNC [ 48.947171] sp0: Synchronizing with TNC [ 49.083288] sp0: Synchronizing with TNC [ 49.178274] sp0: Synchronizing with TNC [ 49.258090] sp0: Synchronizing with TNC [ 49.343650] sp0: Synchronizing with TNC [ 49.477764] sp0: Synchronizing with TNC [ 49.590867] sp0: Synchronizing with TNC [ 49.711934] sp0: Synchronizing with TNC [ 49.820487] sp0: Synchronizing with TNC [ 49.894613] sp0: Synchronizing with TNC [ 49.992573] sp0: Synchronizing with TNC [ 50.121792] net_ratelimit: 33 callbacks suppressed [ 50.121795] ip_tables: iptables: counters copy to user failed while replacing table [ 50.161335] sp0: Synchronizing with TNC [ 50.254028] ip_tables: iptables: counters copy to user failed while replacing table [ 50.292533] sp0: Synchronizing with TNC [ 50.372470] ip_tables: iptables: counters copy to user failed while replacing table [ 50.409227] sp0: Synchronizing with TNC [ 50.474997] ip_tables: iptables: counters copy to user failed while replacing table [ 50.500911] sp0: Synchronizing with TNC [ 50.561105] ip_tables: iptables: counters copy to user failed while replacing table [ 50.600848] sp0: Synchronizing with TNC [ 50.679006] ip_tables: iptables: counters copy to user failed while replacing table [ 50.725843] sp0: Synchronizing with TNC [ 50.808215] ip_tables: iptables: counters copy to user failed while replacing table [ 50.837420] sp0: Synchronizing with TNC [ 50.909757] ip_tables: iptables: counters copy to user failed while replacing table [ 50.936605] sp0: Synchronizing with TNC [ 51.001245] ip_tables: iptables: counters copy to user failed while replacing table [ 51.041605] sp0: Synchronizing with TNC [ 51.126662] ip_tables: iptables: counters copy to user failed while replacing table [ 51.163791] sp0: Synchronizing with TNC [ 51.231549] sp0: Synchronizing with TNC [ 51.360981] sp0: Synchronizing with TNC [ 51.447061] sp0: Synchronizing with TNC [ 51.532387] sp0: Synchronizing with TNC [ 51.622137] sp0: Synchronizing with TNC [ 51.711116] sp0: Synchronizing with TNC [ 51.775001] sp0: Synchronizing with TNC [ 51.870407] sp0: Synchronizing with TNC [ 51.972805] sp0: Synchronizing with TNC [ 52.070637] sp0: Synchronizing with TNC [ 52.200174] sp0: Synchronizing with TNC [ 52.374829] sp0: Synchronizing with TNC [ 52.472674] sp0: Synchronizing with TNC [ 52.545020] sp0: Synchronizing with TNC [ 52.634396] sp0: Synchronizing with TNC [ 52.731354] sp0: Synchronizing with TNC [ 52.825544] sp0: Synchronizing with TNC [ 52.947251] sp0: Synchronizing with TNC [ 53.072376] sp0: Synchronizing with TNC [ 53.170766] sp0: Synchronizing with TNC [ 53.272664] sp0: Synchronizing with TNC [ 53.376932] sp0: Synchronizing with TNC [ 53.489331] sp0: Synchronizing with TNC [ 53.614243] sp0: Synchronizing with TNC [ 53.711943] sp0: Synchronizing with TNC [ 53.791264] sp0: Synchronizing with TNC [ 53.891848] sp0: Synchronizing with TNC [ 53.986774] sp0: Synchronizing with TNC [ 54.076336] sp0: Synchronizing with TNC [ 54.196042] sp0: Synchronizing with TNC [ 54.331375] sp0: Synchronizing with TNC [ 54.429944] sp0: Synchronizing with TNC [ 54.514926] sp0: Synchronizing with TNC [ 54.613077] sp0: Synchronizing with TNC [ 54.729258] sp0: Synchronizing with TNC [ 54.827446] sp0: Synchronizing with TNC [ 54.921132] sp0: Synchronizing with TNC [ 55.035529] sp0: Synchronizing with TNC [ 55.142953] sp0: Synchronizing with TNC