[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.090353] audit: type=1400 audit(1592236635.617:8): avc: denied { execmem } for pid=6343 comm="syz-executor638" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 44.111417] ip_tables: iptables: counters copy to user failed while replacing table [ 44.406396] IPVS: ftp: loaded support on port[0] = 21 executing program [ 45.342135] ip_tables: iptables: counters copy to user failed while replacing table [ 45.636139] IPVS: ftp: loaded support on port[0] = 21 executing program [ 46.492112] ip_tables: iptables: counters copy to user failed while replacing table [ 46.666353] [ 46.668003] ====================================================== [ 46.674305] WARNING: possible circular locking dependency detected [ 46.680602] 4.14.184-syzkaller #0 Not tainted [ 46.685212] ------------------------------------------------------ [ 46.691508] kworker/u4:4/2330 is trying to acquire lock: [ 46.696928] (&table[i].mutex){+.+.}, at: [] nf_tables_netdev_event+0x10d/0x4d0 [ 46.705934] [ 46.705934] but task is already holding lock: [ 46.711975] (rtnl_mutex){+.+.}, at: [] ip6gre_exit_net+0x70/0x580 [ 46.719861] [ 46.719861] which lock already depends on the new lock. [ 46.719861] [ 46.728165] [ 46.728165] the existing dependency chain (in reverse order) is: [ 46.735755] [ 46.735755] -> #2 (rtnl_mutex){+.+.}: [ 46.741013] __mutex_lock+0xe8/0x1430 [ 46.745396] unregister_netdevice_notifier+0x5e/0x2b0 [ 46.751104] tee_tg_destroy+0x5c/0xb0 [ 46.755425] cleanup_entry+0x169/0x220 [ 46.759825] __do_replace+0x38d/0x570 [ 46.764121] do_ipt_set_ctl+0x255/0x39d [ 46.768600] nf_setsockopt+0x5f/0xb0 [ 46.772819] ip_setsockopt+0x94/0xb0 [ 46.777026] udp_setsockopt+0x45/0x80 [ 46.781324] SyS_setsockopt+0x110/0x1e0 [ 46.785792] do_syscall_64+0x1d5/0x640 [ 46.790173] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.795852] [ 46.795852] -> #1 (&xt[i].mutex){+.+.}: [ 46.801292] __mutex_lock+0xe8/0x1430 [ 46.805594] xt_find_revision+0x89/0x200 [ 46.810189] nfnl_compat_get+0x1f7/0x870 [ 46.814846] nfnetlink_rcv_msg+0x9e1/0xc00 [ 46.819580] netlink_rcv_skb+0x127/0x370 [ 46.824137] nfnetlink_rcv+0x1ab/0x1650 [ 46.828606] netlink_unicast+0x437/0x610 [ 46.833160] netlink_sendmsg+0x64a/0xbb0 [ 46.837715] sock_sendmsg+0xb5/0x100 [ 46.841922] ___sys_sendmsg+0x70a/0x840 [ 46.846390] __sys_sendmsg+0xa3/0x120 [ 46.850683] SyS_sendmsg+0x27/0x40 [ 46.854722] do_syscall_64+0x1d5/0x640 [ 46.859120] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.864826] [ 46.864826] -> #0 (&table[i].mutex){+.+.}: [ 46.870554] lock_acquire+0x170/0x3f0 [ 46.874864] __mutex_lock+0xe8/0x1430 [ 46.879166] nf_tables_netdev_event+0x10d/0x4d0 [ 46.884328] notifier_call_chain+0x107/0x1a0 [ 46.889239] rollback_registered_many+0x694/0xa70 [ 46.894601] unregister_netdevice_many.part.0+0x16/0x1d0 [ 46.901252] unregister_netdevice_many+0x36/0x50 [ 46.906511] ip6gre_exit_net+0x3e3/0x580 [ 46.911090] ops_exit_list.isra.0+0x9d/0x140 [ 46.916006] cleanup_net+0x3bb/0x820 [ 46.920245] process_one_work+0x7c0/0x14c0 [ 46.925165] worker_thread+0x5d7/0x1080 [ 46.929903] kthread+0x30d/0x420 [ 46.933769] ret_from_fork+0x24/0x30 [ 46.937978] [ 46.937978] other info that might help us debug this: [ 46.937978] [ 46.946117] Chain exists of: [ 46.946117] &table[i].mutex --> &xt[i].mutex --> rtnl_mutex [ 46.946117] [ 46.956761] Possible unsafe locking scenario: [ 46.956761] [ 46.962790] CPU0 CPU1 [ 46.967469] ---- ---- [ 46.972119] lock(rtnl_mutex); [ 46.975374] lock(&xt[i].mutex); [ 46.981328] lock(rtnl_mutex); [ 46.987102] lock(&table[i].mutex); [ 46.990789] [ 46.990789] *** DEADLOCK *** [ 46.990789] [ 46.996837] 4 locks held by kworker/u4:4/2330: [ 47.002162] #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x6d8/0x14c0 [ 47.010828] #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x70e/0x14c0 [ 47.019924] #2: (net_mutex){+.+.}, at: [] cleanup_net+0x123/0x820 [ 47.027881] #3: (rtnl_mutex){+.+.}, at: [] ip6gre_exit_net+0x70/0x580 [ 47.036191] [ 47.036191] stack backtrace: [ 47.040662] CPU: 1 PID: 2330 Comm: kworker/u4:4 Not tainted 4.14.184-syzkaller #0 [ 47.048255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.057600] Workqueue: netns cleanup_net [ 47.061647] Call Trace: [ 47.064219] dump_stack+0x1b2/0x283 [ 47.067843] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 47.073287] __lock_acquire+0x3057/0x42a0 [ 47.077437] ? unwind_next_frame+0xe38/0x1700 [ 47.081938] ? trace_hardirqs_on+0x10/0x10 [ 47.086159] ? deref_stack_reg+0xc0/0xc0 [ 47.090224] lock_acquire+0x170/0x3f0 [ 47.094100] ? nf_tables_netdev_event+0x10d/0x4d0 [ 47.098937] ? nf_tables_netdev_event+0x10d/0x4d0 [ 47.103856] __mutex_lock+0xe8/0x1430 [ 47.107732] ? nf_tables_netdev_event+0x10d/0x4d0 [ 47.112992] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 47.118179] ? nf_tables_netdev_event+0x10d/0x4d0 [ 47.123010] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 47.128444] ? trace_hardirqs_on+0x10/0x10 [ 47.132670] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 47.137938] ? nf_tables_netdev_event+0x10d/0x4d0 [ 47.142956] nf_tables_netdev_event+0x10d/0x4d0 [ 47.147611] ? nf_tables_netdev_init_net+0x210/0x210 [ 47.152709] ? mirred_device_event+0x143/0x180 [ 47.157274] ? __local_bh_enable_ip+0xc1/0x160 [ 47.161830] ? mirred_device_event+0x50/0x180 [ 47.166300] notifier_call_chain+0x107/0x1a0 [ 47.170825] rollback_registered_many+0x694/0xa70 [ 47.175665] ? free_netdev+0x360/0x360 [ 47.179560] ? lock_acquire+0x170/0x3f0 [ 47.183513] unregister_netdevice_many.part.0+0x16/0x1d0 [ 47.189038] unregister_netdevice_many+0x36/0x50 [ 47.193920] ip6gre_exit_net+0x3e3/0x580 [ 47.198026] ? ip6gre_dellink+0x260/0x260 [ 47.202156] ? ip6gre_dellink+0x260/0x260 [ 47.206281] ops_exit_list.isra.0+0x9d/0x140 [ 47.210667] cleanup_net+0x3bb/0x820 [ 47.214371] ? net_drop_ns+0x70/0x70 [ 47.218095] ? lock_acquire+0x170/0x3f0 [ 47.222048] process_one_work+0x7c0/0x14c0 [ 47.226266] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 47.230912] ? worker_thread+0x163/0x1080 [ 47.235123] ? _raw_spin_unlock_irq+0x24/0x90 [ 47.239600] worker_thread+0x5d7/0x1080 [ 47.243558] ? process_one_work+0x14c0/0x14c0 [ 47.248031] kthread+0x30d/0x420 [ 47.251399] ? kthread_create_on_node+0xd0/0xd0 [ 47.256051] ret_from_fork+0x24/0x30 [ 48.514799] IPVS: ftp: loaded support on port[0] = 21 executing program [ 49.326329] ip_tables: iptables: counters copy to user failed while replacing table [ 50.814128] IPVS: ftp: loaded support on port[0] = 21 executing program [ 51.604691] ip_tables: iptables: counters copy to user failed while replacing table [ 52.993580] IPVS: ftp: loaded support on port[0] = 21 executing program [ 53.775387] ip_tables: iptables: counters copy to user failed while replacing table [ 55.253114] IPVS: ftp: loaded support on port[0] = 21 executing program [ 56.124864] ip_tables: iptables: counters copy to user failed while replacing table