[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.966279] random: sshd: uninitialized urandom read (32 bytes read)
[   37.302530] kauditd_printk_skb: 11 callbacks suppressed
[   37.302539] audit: type=1400 audit(1582436509.194:35): avc:  denied  { map } for  pid=7290 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   37.359839] random: sshd: uninitialized urandom read (32 bytes read)
[   38.149551] random: sshd: uninitialized urandom read (32 bytes read)
[   45.913657] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.42' (ECDSA) to the list of known hosts.
[   51.444791] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   51.564665] audit: type=1400 audit(1582436523.454:36): avc:  denied  { map } for  pid=7302 comm="syz-executor180" path="/root/syz-executor180127143" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   51.592996] ip_tables: iptables: counters copy to user failed while replacing table
[   51.648208] netlink: 4 bytes leftover after parsing attributes in process `syz-executor180'.
[   51.663402] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.675613] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.687993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.700224] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.712586] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.724858] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
executing program
[   51.738047] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.750369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.762600] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.774858] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7305 comm=syz-executor180
[   51.825957] 
[   51.827597] ======================================================
[   51.833892] WARNING: possible circular locking dependency detected
[   51.840192] 4.14.171-syzkaller #0 Not tainted
[   51.844659] ------------------------------------------------------
[   51.850956] syz-executor180/7308 is trying to acquire lock:
[   51.856642]  (rtnl_mutex){+.+.}, at: [<ffffffff85214c07>] rtnl_lock+0x17/0x20
[   51.863915] 
[   51.863915] but task is already holding lock:
[   51.869860]  (&xt[i].mutex){+.+.}, at: [<ffffffff854c922c>] xt_find_table_lock+0x3c/0x3d0
[   51.878167] 
[   51.878167] which lock already depends on the new lock.
[   51.878167] 
[   51.886463] 
[   51.886463] the existing dependency chain (in reverse order) is:
[   51.894095] 
[   51.894095] -> #1 (&xt[i].mutex){+.+.}:
[   51.899538]        lock_acquire+0x16f/0x430
[   51.903844]        __mutex_lock+0xe8/0x1470
[   51.908171]        mutex_lock_nested+0x16/0x20
[   51.912743]        xt_find_target+0x3e/0x1e0
[   51.917135]        xt_request_find_target+0x74/0xe0
[   51.917544] netlink: 4 bytes leftover after parsing attributes in process `syz-executor180'.
[   51.922155]        ipt_init_target+0xce/0x290
[   51.922161]        __tcf_ipt_init+0x48c/0xb50
[   51.922166]        tcf_xt_init+0x4e/0x60
[   51.922171]        tcf_action_init_1+0x53c/0xaa0
[   51.922176]        tcf_action_init+0x2ab/0x480
[   51.922180]        tc_ctl_action+0x30a/0x548
[   51.922187]        rtnetlink_rcv_msg+0x3da/0xb70
[   51.922192]        netlink_rcv_skb+0x14f/0x3c0
[   51.922197]        rtnetlink_rcv+0x1d/0x30
[   51.922206]        netlink_unicast+0x44d/0x650
[   51.975592]        netlink_sendmsg+0x7c4/0xc60
[   51.980153]        sock_sendmsg+0xce/0x110
[   51.984372]        kernel_sendmsg+0x44/0x50
[   51.988669]        sock_no_sendpage+0x107/0x130
[   51.993315]        kernel_sendpage+0x92/0xf0
[   51.997700]        sock_sendpage+0x8b/0xc0
[   52.001917]        pipe_to_sendpage+0x242/0x340
[   52.006571]        __splice_from_pipe+0x348/0x780
[   52.011399]        splice_from_pipe+0xf0/0x150
[   52.015969]        generic_splice_sendpage+0x3c/0x50
[   52.021063]        SyS_splice+0xd92/0x1430
[   52.025289]        do_syscall_64+0x1e8/0x640
[   52.029680]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.035363] 
[   52.035363] -> #0 (rtnl_mutex){+.+.}:
[   52.040630]        __lock_acquire+0x2cb3/0x4620
[   52.045285]        lock_acquire+0x16f/0x430
[   52.049632]        __mutex_lock+0xe8/0x1470
[   52.053973]        mutex_lock_nested+0x16/0x20
[   52.058535]        rtnl_lock+0x17/0x20
[   52.062402]        unregister_netdevice_notifier+0x5f/0x2c0
[   52.068091]        tee_tg_destroy+0x61/0xc0
[   52.072399]        cleanup_entry+0x17d/0x230
[   52.082275]        __do_replace+0x3c5/0x5b0
[   52.086576]        do_ipt_set_ctl+0x296/0x3ee
[   52.091052]        nf_setsockopt+0x67/0xc0
[   52.095277]        ip_setsockopt+0x9b/0xb0
[   52.099492]        udp_setsockopt+0x4e/0x90
[   52.103803]        sock_common_setsockopt+0x94/0xd0
[   52.108794]        SyS_setsockopt+0x13c/0x210
[   52.113266]        do_syscall_64+0x1e8/0x640
[   52.117663]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.123358] 
[   52.123358] other info that might help us debug this:
[   52.123358] 
[   52.131480]  Possible unsafe locking scenario:
[   52.131480] 
[   52.137514]        CPU0                    CPU1
[   52.142163]        ----                    ----
[   52.146806]   lock(&xt[i].mutex);
[   52.150240]                                lock(rtnl_mutex);
[   52.156013]                                lock(&xt[i].mutex);
[   52.161963]   lock(rtnl_mutex);
[   52.165244] 
[   52.165244]  *** DEADLOCK ***
[   52.165244] 
[   52.171284] 1 lock held by syz-executor180/7308:
[   52.176010]  #0:  (&xt[i].mutex){+.+.}, at: [<ffffffff854c922c>] xt_find_table_lock+0x3c/0x3d0
[   52.184762] 
[   52.184762] stack backtrace:
[   52.189251] CPU: 0 PID: 7308 Comm: syz-executor180 Not tainted 4.14.171-syzkaller #0
[   52.197121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.206478] Call Trace:
[   52.209054]  dump_stack+0x142/0x197
[   52.212664]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   52.218021]  __lock_acquire+0x2cb3/0x4620
[   52.222155]  ? trace_hardirqs_on+0x10/0x10
[   52.226369]  ? __kernel_text_address+0xd/0x40
[   52.230845]  lock_acquire+0x16f/0x430
[   52.234971]  ? rtnl_lock+0x17/0x20
[   52.238500]  ? rtnl_lock+0x17/0x20
[   52.242027]  __mutex_lock+0xe8/0x1470
[   52.245810]  ? rtnl_lock+0x17/0x20
[   52.249337]  ? __bitmap_weight+0xbd/0xf0
[   52.253389]  ? rtnl_lock+0x17/0x20
[   52.257866]  ? pcpu_next_md_free_region+0x14c/0x2f0
[   52.262863]  ? mutex_trylock+0x1c0/0x1c0
[   52.266904]  ? pcpu_chunk_refresh_hint+0x29b/0x350
[   52.271824]  ? free_percpu+0x232/0x710
[   52.275690]  ? find_held_lock+0x35/0x130
[   52.279728]  ? free_percpu+0x232/0x710
[   52.283597]  mutex_lock_nested+0x16/0x20
[   52.287640]  ? mutex_lock_nested+0x16/0x20
[   52.291865]  rtnl_lock+0x17/0x20
[   52.295219]  unregister_netdevice_notifier+0x5f/0x2c0
[   52.300393]  ? trace_hardirqs_on_caller+0x400/0x590
[   52.305428]  ? register_netdevice_notifier+0x520/0x520
[   52.310696]  ? free_percpu+0x24f/0x710
[   52.314563]  tee_tg_destroy+0x61/0xc0
[   52.318349]  ? tee_tg6+0x160/0x160
[   52.321867]  cleanup_entry+0x17d/0x230
[   52.325732]  ? cleanup_match+0x140/0x140
[   52.329770]  __do_replace+0x3c5/0x5b0
[   52.333551]  ? compat_do_ipt_get_ctl+0x7f0/0x7f0
[   52.338300]  ? _copy_from_user+0x99/0x110
[   52.342428]  do_ipt_set_ctl+0x296/0x3ee
[   52.346387]  ? compat_do_ipt_set_ctl+0x150/0x150
[   52.351129]  ? mutex_unlock+0xd/0x10
[   52.354844]  ? nf_sockopt_find.constprop.0+0x1b7/0x230
[   52.360101]  nf_setsockopt+0x67/0xc0
[   52.363810]  ip_setsockopt+0x9b/0xb0
[   52.367503]  udp_setsockopt+0x4e/0x90
[   52.371296]  sock_common_setsockopt+0x94/0xd0
[   52.375770]  SyS_setsockopt+0x13c/0x210
[   52.379733]  ? SyS_recv+0x40/0x40
[   52.383174]  ? do_syscall_64+0x53/0x640
[   52.387135]  ? SyS_recv+0x40/0x40
[   52.390571]  do_syscall_64+0x1e8/0x640
[   52.394466]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.399297]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.404470] RIP: 0033:0x4468c9
[   52.407635] RSP: 002b:00007f5bbc3bad98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   52.415336] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 00000000004468c9
[   52.422582] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[   52.429853] RBP: 00000000006dbc40 R08: 0000000000000001 R09: 0000000000000000
[   52.437106] R10: 0000000020000240 R11: 0000000000000246 R12: 00000000006dbc4c
[   52.444354] R13: 0001004c008dcaf0 R14: a100000000000000 R15: fa3d003000000060