[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 48.614918] audit: type=1400 audit(1599098807.496:8): avc: denied { execmem } for pid=6370 comm="syz-executor412" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 48.637577] ip_tables: iptables: counters copy to user failed while replacing table [ 48.649004] IPVS: ftp: loaded support on port[0] = 21 [ 48.684784] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 49.564167] IPVS: ftp: loaded support on port[0] = 21 [ 49.597292] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 50.485114] IPVS: ftp: loaded support on port[0] = 21 [ 50.519807] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 51.371647] IPVS: ftp: loaded support on port[0] = 21 [ 51.404507] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 52.320674] IPVS: ftp: loaded support on port[0] = 21 [ 52.354566] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 53.258510] IPVS: ftp: loaded support on port[0] = 21 [ 53.291372] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 54.220040] IPVS: ftp: loaded support on port[0] = 21 [ 54.254518] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 55.122584] IPVS: ftp: loaded support on port[0] = 21 [ 55.156229] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 56.068007] IPVS: ftp: loaded support on port[0] = 21 [ 56.102169] ip_tables: iptables: counters copy to user failed while replacing table [ 56.114233] IPVS: ftp: loaded support on port[0] = 21 [ 56.146759] [ 56.148418] ====================================================== [ 56.154713] WARNING: possible circular locking dependency detected [ 56.161005] 4.14.195-syzkaller #0 Not tainted [ 56.165475] ------------------------------------------------------ [ 56.171770] syz-executor412/6569 is trying to acquire lock: [ 56.177452] (&xt[i].mutex){+.+.}, at: [] xt_find_revision+0x88/0x200 [ 56.185586] [ 56.185586] but task is already holding lock: [ 56.191533] (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_msg+0x726/0xc00 [ 56.200103] [ 56.200103] which lock already depends on the new lock. [ 56.200103] [ 56.208396] [ 56.208396] the existing dependency chain (in reverse order) is: [ 56.215992] [ 56.215992] -> #2 (&table[i].mutex){+.+.}: [ 56.221694] __mutex_lock+0xc4/0x1310 [ 56.225992] nf_tables_netdev_event+0x10d/0x4d0 [ 56.231163] notifier_call_chain+0x108/0x1a0 [ 56.236072] rollback_registered_many+0x70b/0xb30 [ 56.241430] unregister_netdevice_many.part.0+0x18/0x2e0 [ 56.247391] unregister_netdevice_many+0x36/0x50 [ 56.252647] ip6gre_exit_net+0x41e/0x570 [ 56.257255] ops_exit_list+0xa5/0x150 [ 56.261556] cleanup_net+0x3b3/0x840 [ 56.265784] process_one_work+0x793/0x14a0 [ 56.270516] worker_thread+0x5cc/0xff0 [ 56.274906] kthread+0x30d/0x420 [ 56.278772] ret_from_fork+0x24/0x30 [ 56.282980] [ 56.282980] -> #1 (rtnl_mutex){+.+.}: [ 56.288246] __mutex_lock+0xc4/0x1310 [ 56.292552] unregister_netdevice_notifier+0x5e/0x2b0 [ 56.298239] tee_tg_destroy+0x5c/0xb0 [ 56.302542] cleanup_entry+0x1fd/0x2d0 [ 56.306926] __do_replace+0x38d/0x570 [ 56.311224] do_ipt_set_ctl+0x256/0x39e [ 56.315697] nf_setsockopt+0x5f/0xb0 [ 56.319907] ip_setsockopt+0x94/0xb0 [ 56.324121] udp_setsockopt+0x45/0x80 [ 56.328435] SyS_setsockopt+0x110/0x1e0 [ 56.332907] do_syscall_64+0x1d5/0x640 [ 56.337298] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 56.342983] [ 56.342983] -> #0 (&xt[i].mutex){+.+.}: [ 56.348423] lock_acquire+0x170/0x3f0 [ 56.352739] __mutex_lock+0xc4/0x1310 [ 56.357040] xt_find_revision+0x88/0x200 [ 56.361600] nfnl_compat_get+0x1f7/0x870 [ 56.366157] nfnetlink_rcv_msg+0x9bb/0xc00 [ 56.370890] netlink_rcv_skb+0x125/0x390 [ 56.375449] nfnetlink_rcv+0x1ab/0x1da0 [ 56.379918] netlink_unicast+0x437/0x610 [ 56.384478] netlink_sendmsg+0x62e/0xb80 [ 56.389037] sock_sendmsg+0xb5/0x100 [ 56.393249] ___sys_sendmsg+0x6c8/0x800 [ 56.397723] __sys_sendmsg+0xa3/0x120 [ 56.402020] SyS_sendmsg+0x27/0x40 [ 56.406073] do_syscall_64+0x1d5/0x640 [ 56.410461] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 56.416147] [ 56.416147] other info that might help us debug this: [ 56.416147] [ 56.424279] Chain exists of: [ 56.424279] &xt[i].mutex --> rtnl_mutex --> &table[i].mutex [ 56.424279] [ 56.434495] Possible unsafe locking scenario: [ 56.434495] [ 56.440527] CPU0 CPU1 [ 56.445187] ---- ---- [ 56.449829] lock(&table[i].mutex); [ 56.453521] lock(rtnl_mutex); [ 56.459312] lock(&table[i].mutex); [ 56.465520] lock(&xt[i].mutex); [ 56.468954] [ 56.468954] *** DEADLOCK *** [ 56.468954] [ 56.474992] 1 lock held by syz-executor412/6569: [ 56.479719] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_msg+0x726/0xc00 [ 56.488718] [ 56.488718] stack backtrace: [ 56.493194] CPU: 0 PID: 6569 Comm: syz-executor412 Not tainted 4.14.195-syzkaller #0 [ 56.501049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.510409] Call Trace: [ 56.512979] dump_stack+0x1b2/0x283 [ 56.516601] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 56.522383] __lock_acquire+0x2e0e/0x3f20 [ 56.526515] ? __lock_acquire+0x5fc/0x3f20 [ 56.530733] ? trace_hardirqs_on+0x10/0x10 [ 56.534954] lock_acquire+0x170/0x3f0 [ 56.538750] ? xt_find_revision+0x88/0x200 [ 56.542965] ? xt_find_revision+0x88/0x200 [ 56.547179] __mutex_lock+0xc4/0x1310 [ 56.550959] ? xt_find_revision+0x88/0x200 [ 56.555176] ? __lock_acquire+0x5fc/0x3f20 [ 56.559405] ? xt_find_revision+0x88/0x200 [ 56.563622] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 56.569066] ? __lock_acquire+0x5fc/0x3f20 [ 56.573295] ? lock_acquire+0x170/0x3f0 [ 56.577248] ? nfnetlink_rcv_msg+0x726/0xc00 [ 56.581637] xt_find_revision+0x88/0x200 [ 56.585677] ? match_revfn+0x1e0/0x1e0 [ 56.589548] ? deref_stack_reg+0x124/0x1a0 [ 56.593763] ? nfnetlink_rcv_msg+0x726/0xc00 [ 56.598167] nfnl_compat_get+0x1f7/0x870 [ 56.602225] ? nft_target_validate+0x240/0x240 [ 56.606789] ? nft_target_validate+0x240/0x240 [ 56.611353] nfnetlink_rcv_msg+0x9bb/0xc00 [ 56.615570] ? lock_downgrade+0x740/0x740 [ 56.619716] netlink_rcv_skb+0x125/0x390 [ 56.623756] ? nfnetlink_net_exit_batch+0x150/0x150 [ 56.628751] ? netlink_ack+0x9a0/0x9a0 [ 56.632636] ? ns_capable_common+0x127/0x150 [ 56.637024] nfnetlink_rcv+0x1ab/0x1da0 [ 56.640990] ? do_syscall_64+0x1d5/0x640 [ 56.645035] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 56.650377] ? trace_hardirqs_on+0x10/0x10 [ 56.654592] ? __netlink_lookup+0x345/0x5d0 [ 56.658901] ? lock_downgrade+0x740/0x740 [ 56.663040] ? nfnetlink_bind+0x240/0x240 [ 56.667166] ? netlink_table_grab.part.0+0x1f0/0x1f0 [ 56.672422] ? netlink_deliver_tap+0x90/0x7d0 [ 56.676913] ? lock_downgrade+0x740/0x740 [ 56.681043] netlink_unicast+0x437/0x610 [ 56.685086] ? netlink_sendskb+0xd0/0xd0 [ 56.689131] netlink_sendmsg+0x62e/0xb80 [ 56.693186] ? nlmsg_notify+0x170/0x170 [ 56.697140] ? kernel_recvmsg+0x210/0x210 [ 56.701376] ? security_socket_sendmsg+0x83/0xb0 [ 56.706108] ? nlmsg_notify+0x170/0x170 [ 56.710059] sock_sendmsg+0xb5/0x100 [ 56.713752] ___sys_sendmsg+0x6c8/0x800 [ 56.717705] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 56.722444] ? trace_hardirqs_on+0x10/0x10 [ 56.726657] ? trace_hardirqs_on+0x10/0x10 [ 56.730868] ? trace_hardirqs_on+0x10/0x10 [ 56.735084] ? fs_reclaim_release+0xd0/0x110 [ 56.739469] ? __fget+0x1fe/0x360 [ 56.742903] ? lock_acquire+0x170/0x3f0 [ 56.746853] ? lock_downgrade+0x740/0x740 [ 56.750983] ? __fget+0x225/0x360 [ 56.754418] ? __fdget+0x196/0x1f0 [ 56.757939] ? sockfd_lookup_light+0xb2/0x160 [ 56.762422] __sys_sendmsg+0xa3/0x120 [ 56.766208] ? SyS_shutdown+0x160/0x160 [ 56.770179] ? move_addr_to_kernel+0x60/0x60 [ 56.774568] ? __do_page_fault+0x19a/0xb50 [ 56.778784] SyS_sendmsg+0x27/0x40 [ 56.782321] ? __sys_sendmsg+0x120/0x120 [ 56.786364] do_syscall_64+0x1d5/0x640 [ 56.790237] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 56.795408] RIP: 0033:0x441dd9 [ 56.798584] RSP: 002b:00007ffc84d94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.806272] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441dd9 [ 56.813521] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 56.820770] RBP: 000000000000d785 R08: 0000000b004002c8 R09: 0000000b004002c8 [ 56.828018] R10: 0000000b004002c8 R11: 0000000000000246 R12: 0000000000402b80 [ 56.835268] R13: 0000000000402c10 R14: 0000000000000000 R15: 0000000000000000 executing program [ 56.883769] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 57.549370] IPVS: ftp: loaded support on port[0] = 21 executing program [ 57.579554] ip_tables: iptables: counters copy to user failed while replacing table [ 57.590040] IPVS: ftp: loaded support on port[0] = 21 [ 57.625849] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 58.776012] IPVS: ftp: loaded support on port[0] = 21 [ 58.814391] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 59.458750] IPVS: ftp: loaded support on port[0] = 21 executing program [ 59.488384] ip_tables: iptables: counters copy to user failed while replacing table [ 59.498763] IPVS: ftp: loaded support on port[0] = 21 [ 59.535363] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 60.594047] IPVS: ftp: loaded support on port[0] = 21 [ 60.629396] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 61.248240] IPVS: ftp: loaded support on port[0] = 21 executing program [ 61.277518] ip_tables: iptables: counters copy to user failed while replacing table [ 61.287848] IPVS: ftp: loaded support on port[0] = 21 [ 61.322121] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 62.485649] IPVS: ftp: loaded support on port[0] = 21 [ 62.515434] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 63.605536] IPVS: ftp: loaded support on port[0] = 21 executing program [ 63.634091] ip_tables: iptables: counters copy to user failed while replacing table [ 63.644459] IPVS: ftp: loaded support on port[0] = 21 [ 63.678119] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 64.328154] IPVS: ftp: loaded support on port[0] = 21 executing program [ 64.357122] ip_tables: iptables: counters copy to user failed while replacing table [ 64.367611] IPVS: ftp: loaded support on port[0] = 21 [ 64.402980] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 65.575389] IPVS: ftp: loaded support on port[0] = 21 [ 65.604655] ip_tables: iptables: counters copy to user failed while replacing table