Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. [ 59.255664] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 59.375460] audit: type=1400 audit(1582646974.191:36): avc: denied { map } for pid=7246 comm="syz-executor520" path="/root/syz-executor520364377" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.404648] ip_tables: iptables: counters copy to user failed while replacing table [ 59.461505] netlink: 4 bytes leftover after parsing attributes in process `syz-executor520'. [ 59.476064] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.490543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.503568] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.516303] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.529508] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.542586] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.555207] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.567974] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.580285] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.593112] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7249 comm=syz-executor520 [ 59.632042] [ 59.633777] ====================================================== [ 59.640074] WARNING: possible circular locking dependency detected [ 59.646376] 4.14.171-syzkaller #0 Not tainted [ 59.650848] ------------------------------------------------------ [ 59.657193] syz-executor520/7252 is trying to acquire lock: [ 59.662985] (rtnl_mutex){+.+.}, at: [] rtnl_lock+0x17/0x20 [ 59.670335] [ 59.670335] but task is already holding lock: [ 59.676295] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x3c/0x3d0 [ 59.684921] [ 59.684921] which lock already depends on the new lock. [ 59.684921] [ 59.693218] [ 59.693218] the existing dependency chain (in reverse order) is: [ 59.700820] [ 59.700820] -> #1 (&xt[i].mutex){+.+.}: [ 59.706261] lock_acquire+0x16f/0x430 [ 59.710585] __mutex_lock+0xe8/0x1470 [ 59.714895] mutex_lock_nested+0x16/0x20 [ 59.719580] xt_find_target+0x3e/0x1e0 [ 59.723500] netlink: 4 bytes leftover after parsing attributes in process `syz-executor520'. [ 59.723982] xt_request_find_target+0x74/0xe0 [ 59.723988] ipt_init_target+0xce/0x290 [ 59.723996] __tcf_ipt_init+0x48c/0xb50 [ 59.746586] tcf_xt_init+0x4e/0x60 [ 59.750709] tcf_action_init_1+0x53c/0xaa0 [ 59.755462] tcf_action_init+0x2ab/0x480 [ 59.760038] tc_ctl_action+0x30a/0x548 [ 59.764490] rtnetlink_rcv_msg+0x3da/0xb70 [ 59.769288] netlink_rcv_skb+0x14f/0x3c0 [ 59.773910] rtnetlink_rcv+0x1d/0x30 [ 59.778127] netlink_unicast+0x44d/0x650 [ 59.782741] netlink_sendmsg+0x7c4/0xc60 [ 59.787312] sock_sendmsg+0xce/0x110 [ 59.791532] kernel_sendmsg+0x44/0x50 [ 59.795840] sock_no_sendpage+0x107/0x130 [ 59.800485] kernel_sendpage+0x92/0xf0 [ 59.804926] sock_sendpage+0x8b/0xc0 [ 59.809151] pipe_to_sendpage+0x242/0x340 [ 59.813850] __splice_from_pipe+0x348/0x780 [ 59.818763] splice_from_pipe+0xf0/0x150 [ 59.823344] generic_splice_sendpage+0x3c/0x50 [ 59.828433] SyS_splice+0xd92/0x1430 [ 59.832647] do_syscall_64+0x1e8/0x640 [ 59.837046] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 59.842745] [ 59.842745] -> #0 (rtnl_mutex){+.+.}: [ 59.848054] __lock_acquire+0x2cb3/0x4620 [ 59.852717] lock_acquire+0x16f/0x430 [ 59.857026] __mutex_lock+0xe8/0x1470 [ 59.861338] mutex_lock_nested+0x16/0x20 [ 59.865899] rtnl_lock+0x17/0x20 [ 59.869775] unregister_netdevice_notifier+0x5f/0x2c0 [ 59.875483] tee_tg_destroy+0x61/0xc0 [ 59.879788] cleanup_entry+0x17d/0x230 [ 59.884179] __do_replace+0x3c5/0x5b0 [ 59.888489] do_ipt_set_ctl+0x296/0x3ee [ 59.892972] nf_setsockopt+0x67/0xc0 [ 59.897200] ip_setsockopt+0x9b/0xb0 [ 59.901423] udp_setsockopt+0x4e/0x90 [ 59.905722] sock_common_setsockopt+0x94/0xd0 [ 59.910772] SyS_setsockopt+0x13c/0x210 [ 59.915247] do_syscall_64+0x1e8/0x640 [ 59.919639] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 59.925409] [ 59.925409] other info that might help us debug this: [ 59.925409] [ 59.933533] Possible unsafe locking scenario: [ 59.933533] [ 59.939693] CPU0 CPU1 [ 59.944337] ---- ---- [ 59.949007] lock(&xt[i].mutex); [ 59.952453] lock(rtnl_mutex); [ 59.958279] lock(&xt[i].mutex); [ 59.964242] lock(rtnl_mutex); [ 59.967526] [ 59.967526] *** DEADLOCK *** [ 59.967526] [ 59.973610] 1 lock held by syz-executor520/7252: [ 59.978343] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x3c/0x3d0 [ 59.987115] [ 59.987115] stack backtrace: [ 59.991600] CPU: 0 PID: 7252 Comm: syz-executor520 Not tainted 4.14.171-syzkaller #0 [ 59.999460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.008886] Call Trace: [ 60.011464] dump_stack+0x142/0x197 [ 60.015079] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 60.020434] __lock_acquire+0x2cb3/0x4620 [ 60.024572] ? trace_hardirqs_on+0x10/0x10 [ 60.028820] ? __kernel_text_address+0xd/0x40 [ 60.033301] lock_acquire+0x16f/0x430 [ 60.037133] ? rtnl_lock+0x17/0x20 [ 60.040710] ? rtnl_lock+0x17/0x20 [ 60.044355] __mutex_lock+0xe8/0x1470 [ 60.048141] ? rtnl_lock+0x17/0x20 [ 60.051670] ? __bitmap_weight+0xbd/0xf0 [ 60.055717] ? rtnl_lock+0x17/0x20 [ 60.059354] ? pcpu_next_md_free_region+0x14c/0x2f0 [ 60.064393] ? mutex_trylock+0x1c0/0x1c0 [ 60.068462] ? pcpu_chunk_refresh_hint+0x29b/0x350 [ 60.073447] ? free_percpu+0x232/0x710 [ 60.077319] ? find_held_lock+0x35/0x130 [ 60.081371] ? free_percpu+0x232/0x710 [ 60.085350] mutex_lock_nested+0x16/0x20 [ 60.089397] ? mutex_lock_nested+0x16/0x20 [ 60.093622] rtnl_lock+0x17/0x20 [ 60.097152] unregister_netdevice_notifier+0x5f/0x2c0 [ 60.102333] ? trace_hardirqs_on_caller+0x400/0x590 [ 60.107338] ? register_netdevice_notifier+0x520/0x520 [ 60.113730] ? free_percpu+0x24f/0x710 [ 60.117640] tee_tg_destroy+0x61/0xc0 [ 60.121433] ? tee_tg6+0x160/0x160 [ 60.125401] cleanup_entry+0x17d/0x230 [ 60.129272] ? cleanup_match+0x140/0x140 [ 60.133348] __do_replace+0x3c5/0x5b0 [ 60.137132] ? compat_do_ipt_get_ctl+0x7f0/0x7f0 [ 60.141873] ? _copy_from_user+0x99/0x110 [ 60.146004] do_ipt_set_ctl+0x296/0x3ee [ 60.149965] ? compat_do_ipt_set_ctl+0x150/0x150 [ 60.154716] ? mutex_unlock+0xd/0x10 [ 60.158462] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 60.163958] nf_setsockopt+0x67/0xc0 [ 60.167669] ip_setsockopt+0x9b/0xb0 [ 60.171414] udp_setsockopt+0x4e/0x90 [ 60.175199] sock_common_setsockopt+0x94/0xd0 [ 60.179684] SyS_setsockopt+0x13c/0x210 [ 60.183648] ? SyS_recv+0x40/0x40 [ 60.187084] ? do_syscall_64+0x53/0x640 [ 60.191045] ? SyS_recv+0x40/0x40 [ 60.194478] do_syscall_64+0x1e8/0x640 [ 60.198361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.203190] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 60.208386] RIP: 0033:0x447649 [ 60.211571] RSP: 002b:00007f6553cb1d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 60.219256] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000447649 [ 60.226566] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 60.233820] RBP: 00000000006dcc40 R08: 0000000000000408 R09: 0000000000000000 [ 60.241227] R10: 0000000020000700 R11: 0000000000000246 R12: 00000000006dcc4c [ 60.248484] R13: 0000000000000000 R14: 0000000000000000 R15: 00005443454a4552