[ 31.541014] audit: type=1800 audit(1582391356.297:33): pid=7096 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.567823] audit: type=1800 audit(1582391356.297:34): pid=7096 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.200325] random: sshd: uninitialized urandom read (32 bytes read) [ 36.429736] audit: type=1400 audit(1582391361.177:35): avc: denied { map } for pid=7269 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.479257] random: sshd: uninitialized urandom read (32 bytes read) [ 37.202418] random: sshd: uninitialized urandom read (32 bytes read) [ 37.388957] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. [ 42.936029] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.051104] audit: type=1400 audit(1582391367.807:36): avc: denied { map } for pid=7281 comm="syz-executor810" path="/root/syz-executor810648198" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.106984] ip_tables: iptables: counters copy to user failed while replacing table [ 43.115385] audit: type=1400 audit(1582391367.877:37): avc: denied { create } for pid=7282 comm="syz-executor810" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 43.139925] audit: type=1400 audit(1582391367.887:38): avc: denied { write } for pid=7282 comm="syz-executor810" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 43.330925] IPVS: ftp: loaded support on port[0] = 21 [ 44.192586] ip_tables: iptables: counters copy to user failed while replacing table [ 44.365240] ip_tables: iptables: counters copy to user failed while replacing table [ 44.375428] [ 44.377088] ====================================================== [ 44.383423] WARNING: possible circular locking dependency detected [ 44.389718] 4.14.171-syzkaller #0 Not tainted [ 44.394189] ------------------------------------------------------ [ 44.400488] kworker/u4:1/22 is trying to acquire lock: [ 44.405744] (&table[i].mutex){+.+.}, at: [] nfnl_lock+0x24/0x30 [ 44.413443] [ 44.413443] but task is already holding lock: [ 44.419385] (rtnl_mutex){+.+.}, at: [] rtnl_lock+0x17/0x20 [ 44.426654] [ 44.426654] which lock already depends on the new lock. [ 44.426654] [ 44.434946] [ 44.434946] the existing dependency chain (in reverse order) is: [ 44.442539] [ 44.442539] -> #2 (rtnl_mutex){+.+.}: [ 44.447802] lock_acquire+0x16f/0x430 [ 44.452117] __mutex_lock+0xe8/0x1470 [ 44.456413] mutex_lock_nested+0x16/0x20 [ 44.460972] rtnl_lock+0x17/0x20 [ 44.464837] unregister_netdevice_notifier+0x5f/0x2c0 [ 44.470525] tee_tg_destroy+0x61/0xc0 [ 44.474831] cleanup_entry+0x17d/0x230 [ 44.479226] __do_replace+0x3c5/0x5b0 [ 44.483528] do_ipt_set_ctl+0x296/0x3ee [ 44.488002] nf_setsockopt+0x67/0xc0 [ 44.492217] ip_setsockopt+0x9b/0xb0 [ 44.496556] udp_setsockopt+0x4e/0x90 [ 44.500878] sock_common_setsockopt+0x94/0xd0 [ 44.505887] SyS_setsockopt+0x13c/0x210 [ 44.510388] do_syscall_64+0x1e8/0x640 [ 44.514779] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.520465] [ 44.520465] -> #1 (&xt[i].mutex){+.+.}: [ 44.525901] lock_acquire+0x16f/0x430 [ 44.530200] __mutex_lock+0xe8/0x1470 [ 44.534504] mutex_lock_nested+0x16/0x20 [ 44.539083] xt_find_revision+0x82/0x200 [ 44.543651] nfnl_compat_get+0x229/0x950 [ 44.548211] nfnetlink_rcv_msg+0xa08/0xc00 [ 44.552947] netlink_rcv_skb+0x14f/0x3c0 [ 44.557505] nfnetlink_rcv+0x1ab/0x1650 [ 44.561977] netlink_unicast+0x44d/0x650 [ 44.566535] netlink_sendmsg+0x7c4/0xc60 [ 44.571093] sock_sendmsg+0xce/0x110 [ 44.575345] ___sys_sendmsg+0x70a/0x840 [ 44.579824] __sys_sendmsg+0xb9/0x140 [ 44.584119] SyS_sendmsg+0x2d/0x50 [ 44.588157] do_syscall_64+0x1e8/0x640 [ 44.592554] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.598238] [ 44.598238] -> #0 (&table[i].mutex){+.+.}: [ 44.603934] __lock_acquire+0x2cb3/0x4620 [ 44.608595] lock_acquire+0x16f/0x430 [ 44.612901] __mutex_lock+0xe8/0x1470 [ 44.617215] mutex_lock_nested+0x16/0x20 [ 44.621788] nfnl_lock+0x24/0x30 [ 44.625658] nf_tables_netdev_event+0x13f/0x580 [ 44.630829] notifier_call_chain+0x111/0x1b0 [ 44.635738] raw_notifier_call_chain+0x2e/0x40 [ 44.640821] call_netdevice_notifiers_info+0x56/0x70 [ 44.646423] rollback_registered_many+0x70d/0xb60 [ 44.651762] unregister_netdevice_many.part.0+0x1b/0x1e0 [ 44.657707] unregister_netdevice_many+0x3b/0x50 [ 44.662960] ip6gre_exit_net+0x3fe/0x5a0 [ 44.667520] ops_exit_list.isra.0+0xaa/0x150 [ 44.672458] cleanup_net+0x3ba/0x870 [ 44.676679] process_one_work+0x863/0x1600 [ 44.681420] worker_thread+0x5d9/0x1050 [ 44.685910] kthread+0x319/0x430 [ 44.689782] ret_from_fork+0x24/0x30 [ 44.693998] [ 44.693998] other info that might help us debug this: [ 44.693998] [ 44.702145] Chain exists of: [ 44.702145] &table[i].mutex --> &xt[i].mutex --> rtnl_mutex [ 44.702145] [ 44.712361] Possible unsafe locking scenario: [ 44.712361] [ 44.718395] CPU0 CPU1 [ 44.723037] ---- ---- [ 44.727681] lock(rtnl_mutex); [ 44.730934] lock(&xt[i].mutex); [ 44.736892] lock(rtnl_mutex); [ 44.742676] lock(&table[i].mutex); [ 44.746364] [ 44.746364] *** DEADLOCK *** [ 44.746364] [ 44.752402] 4 locks held by kworker/u4:1/22: [ 44.756782] #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x76e/0x1600 [ 44.765434] #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x7ab/0x1600 [ 44.774521] #2: (net_mutex){+.+.}, at: [] cleanup_net+0x11c/0x870 [ 44.782507] #3: (rtnl_mutex){+.+.}, at: [] rtnl_lock+0x17/0x20 [ 44.790222] [ 44.790222] stack backtrace: [ 44.794701] CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.171-syzkaller #0 [ 44.802123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.811476] Workqueue: netns cleanup_net [ 44.815514] Call Trace: [ 44.818095] dump_stack+0x142/0x197 [ 44.821715] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 44.827068] __lock_acquire+0x2cb3/0x4620 [ 44.831203] ? trace_hardirqs_on+0x10/0x10 [ 44.835444] ? unwind_dump+0xe0/0xe0 [ 44.839148] lock_acquire+0x16f/0x430 [ 44.842937] ? nfnl_lock+0x24/0x30 [ 44.846471] ? nfnl_lock+0x24/0x30 [ 44.849993] __mutex_lock+0xe8/0x1470 [ 44.853784] ? nfnl_lock+0x24/0x30 [ 44.857312] ? __lock_acquire+0x2298/0x4620 [ 44.861611] ? debug_object_active_state+0x23c/0x370 [ 44.866692] ? nfnl_lock+0x24/0x30 [ 44.870215] ? mutex_trylock+0x1c0/0x1c0 [ 44.874262] ? trace_hardirqs_on+0x10/0x10 [ 44.878484] ? find_held_lock+0x35/0x130 [ 44.882524] ? dropmon_net_event+0x210/0x440 [ 44.886910] ? save_trace+0x290/0x290 [ 44.890702] mutex_lock_nested+0x16/0x20 [ 44.894754] ? mutex_lock_nested+0x16/0x20 [ 44.898983] nfnl_lock+0x24/0x30 [ 44.902364] nf_tables_netdev_event+0x13f/0x580 [ 44.907019] ? mark_held_locks+0xb1/0x100 [ 44.911159] ? __local_bh_enable_ip+0x99/0x1a0 [ 44.915743] ? nf_tables_netdev_init_net+0x220/0x220 [ 44.920835] ? mirred_device_event+0x152/0x190 [ 44.925399] ? _raw_spin_unlock_bh+0x31/0x40 [ 44.929799] ? mirred_device_event+0x57/0x190 [ 44.934284] ? nfqnl_rcv_dev_event+0x23/0x440 [ 44.938768] notifier_call_chain+0x111/0x1b0 [ 44.943159] raw_notifier_call_chain+0x2e/0x40 [ 44.947733] call_netdevice_notifiers_info+0x56/0x70 [ 44.952827] rollback_registered_many+0x70d/0xb60 [ 44.957652] ? netdev_info+0xf0/0xf0 [ 44.961346] unregister_netdevice_many.part.0+0x1b/0x1e0 [ 44.966797] unregister_netdevice_many+0x3b/0x50 [ 44.971558] ip6gre_exit_net+0x3fe/0x5a0 [ 44.975600] ? ip6gre_tunnel_link+0xd0/0xd0 [ 44.979920] ? ip6gre_tunnel_link+0xd0/0xd0 [ 44.984227] ops_exit_list.isra.0+0xaa/0x150 [ 44.988617] cleanup_net+0x3ba/0x870 [ 44.992311] ? net_drop_ns+0x80/0x80 [ 44.996007] ? __lock_is_held+0xb6/0x140 [ 45.000058] ? check_preemption_disabled+0x3c/0x250 [ 45.005050] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 45.010478] process_one_work+0x863/0x1600 [ 45.014695] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 45.019343] worker_thread+0x5d9/0x1050 [ 45.023299] kthread+0x319/0x430 [ 45.026648] ? process_one_work+0x1600/0x1600 [ 45.031120] ? kthread_create_on_node+0xd0/0xd0 [ 45.035766] ret_from_fork+0x24/0x30 [ 45.088029] ip_tables: iptables: counters copy to user failed while replacing table [ 45.256017] ip_tables: iptables: counters copy to user failed while replacing table [ 45.423998] ip_tables: iptables: counters copy to user failed while replacing table [ 45.600882] ip_tables: iptables: counters copy to user failed while replacing table [ 45.782188] ip_tables: iptables: counters copy to user failed while replacing table [ 45.951041] ip_tables: iptables: counters copy to user failed while replacing table [ 46.320776] IPVS: ftp: loaded support on port[0] = 21 [ 47.139164] ip_tables: iptables: counters copy to user failed while replacing table [ 48.117044] net_ratelimit: 5 callbacks suppressed [ 48.117047] ip_tables: iptables: counters copy to user failed while replacing table [ 48.291024] ip_tables: iptables: counters copy to user failed while replacing table [ 48.610661] IPVS: ftp: loaded support on port[0] = 21 [ 49.461031] ip_tables: iptables: counters copy to user failed while replacing table [ 49.641952] ip_tables: iptables: counters copy to user failed while replacing table [ 49.811101] ip_tables: iptables: counters copy to user failed while replacing table [ 49.980249] ip_tables: iptables: counters copy to user failed while replacing table [ 50.149058] ip_tables: iptables: counters copy to user failed while replacing table [ 50.319223] ip_tables: iptables: counters copy to user failed while replacing table [ 50.502094] ip_tables: iptables: counters copy to user failed while replacing table [ 50.671105] ip_tables: iptables: counters copy to user failed while replacing table [ 51.020681] IPVS: ftp: loaded support on port[0] = 21 [ 53.350731] IPVS: ftp: loaded support on port[0] = 21 [ 54.221121] net_ratelimit: 8 callbacks suppressed [ 54.221124] ip_tables: iptables: counters copy to user failed while replacing table