[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 40.968819] audit: type=1400 audit(1596507993.466:8): avc: denied { execmem } for pid=6357 comm="syz-executor890" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 40.989762] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 41.257430] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 42.339004] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 42.686846] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 43.598766] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 43.668160]
[ 43.669800] ======================================================
[ 43.676093] WARNING: possible circular locking dependency detected
[ 43.682392] 4.14.191-syzkaller #0 Not tainted
[ 43.686856] ------------------------------------------------------
[ 43.693146] kworker/u4:3/110 is trying to acquire lock:
[ 43.698480] (&table[i].mutex){+.+.}, at: [<ffffffff853ee3ad>] nf_tables_netdev_event+0x10d/0x4d0
[ 43.707475]
[ 43.707475] but task is already holding lock:
[ 43.713415] (rtnl_mutex){+.+.}, at: [<ffffffff85996db0>] ip6gre_exit_net+0x70/0x570
[ 43.721277]
[ 43.721277] which lock already depends on the new lock.
[ 43.721277]
[ 43.729566]
[ 43.729566] the existing dependency chain (in reverse order) is:
[ 43.737184]
[ 43.737184] -> #2 (rtnl_mutex){+.+.}:
[ 43.742469] __mutex_lock+0xc4/0x1310
[ 43.746780] unregister_netdevice_notifier+0x5e/0x2b0
[ 43.752725] tee_tg_destroy+0x5c/0xb0
[ 43.757029] cleanup_entry+0x232/0x310
[ 43.761499] __do_replace+0x38d/0x580
[ 43.765795] do_ip6t_set_ctl+0x256/0x3a4
[ 43.770350] nf_setsockopt+0x5f/0xb0
[ 43.774577] ipv6_setsockopt+0xc0/0x120
[ 43.779044] tcp_setsockopt+0x7b/0xc0
[ 43.783361] SyS_setsockopt+0x110/0x1e0
[ 43.787845] do_syscall_64+0x1d5/0x640
[ 43.792228] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 43.797908]
[ 43.797908] -> #1 (&xt[i].mutex){+.+.}:
[ 43.803354] __mutex_lock+0xc4/0x1310
[ 43.807650] xt_find_revision+0x88/0x200
[ 43.812219] nfnl_compat_get+0x1f7/0x870
[ 43.816788] nfnetlink_rcv_msg+0x9bb/0xc00
[ 43.821519] netlink_rcv_skb+0x125/0x390
[ 43.826088] nfnetlink_rcv+0x1ab/0x1da0
[ 43.830557] netlink_unicast+0x437/0x610
[ 43.835122] netlink_sendmsg+0x62e/0xb80
[ 43.839679] sock_sendmsg+0xb5/0x100
[ 43.843887] ___sys_sendmsg+0x6c8/0x800
[ 43.848353] __sys_sendmsg+0xa3/0x120
[ 43.852646] SyS_sendmsg+0x27/0x40
[ 43.856682] do_syscall_64+0x1d5/0x640
[ 43.861064] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 43.866748]
[ 43.866748] -> #0 (&table[i].mutex){+.+.}:
[ 43.872441] lock_acquire+0x170/0x3f0
[ 43.876742] __mutex_lock+0xc4/0x1310
[ 43.881054] nf_tables_netdev_event+0x10d/0x4d0
[ 43.886220] notifier_call_chain+0x108/0x1a0
[ 43.891123] rollback_registered_many+0x70b/0xb30
[ 43.896472] unregister_netdevice_many.part.0+0x18/0x2e0
[ 43.902420] unregister_netdevice_many+0x36/0x50
[ 43.907683] ip6gre_exit_net+0x41e/0x570
[ 43.912242] ops_exit_list+0xa5/0x150
[ 43.916545] cleanup_net+0x3b3/0x840
[ 43.920769] process_one_work+0x793/0x14a0
[ 43.925510] worker_thread+0x5cc/0xff0
[ 43.929892] kthread+0x30d/0x420
[ 43.934126] ret_from_fork+0x24/0x30
[ 43.938330]
[ 43.938330] other info that might help us debug this:
[ 43.938330]
[ 43.946440] Chain exists of:
[ 43.946440] &table[i].mutex --> &xt[i].mutex --> rtnl_mutex
[ 43.946440]
[ 43.956661] Possible unsafe locking scenario:
[ 43.956661]
[ 43.962691] CPU0 CPU1
[ 43.967774] ---- ----
[ 43.972438] lock(rtnl_mutex);
[ 43.975694] lock(&xt[i].mutex);
[ 43.981670] lock(rtnl_mutex);
[ 43.987491] lock(&table[i].mutex);
[ 43.991182]
[ 43.991182] *** DEADLOCK ***
[ 43.991182]
[ 43.997227] 4 locks held by kworker/u4:3/110:
[ 44.001707] #0: ("%s""netns"){+.+.}, at: [<ffffffff813ba600>] process_one_work+0x6b0/0x14a0
[ 44.010363] #1: (net_cleanup_work){+.+.}, at: [<ffffffff813ba636>] process_one_work+0x6e6/0x14a0
[ 44.019456] #2: (net_mutex){+.+.}, at: [<ffffffff851091e0>] cleanup_net+0x110/0x840
[ 44.027407] #3: (rtnl_mutex){+.+.}, at: [<ffffffff85996db0>] ip6gre_exit_net+0x70/0x570
[ 44.035706]
[ 44.035706] stack backtrace:
[ 44.040189] CPU: 0 PID: 110 Comm: kworker/u4:3 Not tainted 4.14.191-syzkaller #0
[ 44.047698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 44.057048] Workqueue: netns cleanup_net
[ 44.061080] Call Trace:
[ 44.063906] dump_stack+0x1b2/0x283
[ 44.067523] print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 44.073307] __lock_acquire+0x2e0e/0x3f20
[ 44.077475] ? unwind_next_frame+0x404/0x17d0
[ 44.081943] ? trace_hardirqs_on+0x10/0x10
[ 44.086152] ? check_usage_forwards+0x2d0/0x2d0
[ 44.090795] ? ret_from_fork+0x24/0x30
[ 44.094671] lock_acquire+0x170/0x3f0
[ 44.098445] ? nf_tables_netdev_event+0x10d/0x4d0
[ 44.103276] ? nf_tables_netdev_event+0x10d/0x4d0
[ 44.108092] __mutex_lock+0xc4/0x1310
[ 44.111867] ? nf_tables_netdev_event+0x10d/0x4d0
[ 44.116685] ? nf_tables_netdev_event+0x10d/0x4d0
[ 44.121503] ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 44.126929] ? trace_hardirqs_on+0x10/0x10
[ 44.131150] ? trace_hardirqs_on_caller+0x3a8/0x580
[ 44.136141] ? lock_downgrade+0x740/0x740
[ 44.140263] nf_tables_netdev_event+0x10d/0x4d0
[ 44.144907] ? mirred_device_event+0x12f/0x170
[ 44.149462] ? nf_tables_netdev_init_net+0x140/0x140
[ 44.154561] ? mirred_device_event+0x12f/0x170
[ 44.159123] ? __local_bh_enable_ip+0xc1/0x170
[ 44.163712] notifier_call_chain+0x108/0x1a0
[ 44.168099] rollback_registered_many+0x70b/0xb30
[ 44.172952] ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 44.178377] ? dev_set_mac_address+0x2d0/0x2d0
[ 44.182967] ? lock_acquire+0x170/0x3f0
[ 44.186915] unregister_netdevice_many.part.0+0x18/0x2e0
[ 44.192454] unregister_netdevice_many+0x36/0x50
[ 44.197218] ip6gre_exit_net+0x41e/0x570
[ 44.201253] ? lock_downgrade+0x740/0x740
[ 44.205375] ? ip6gre_dellink+0x260/0x260
[ 44.216369] ? ip6gre_dellink+0x260/0x260
[ 44.220489] ops_exit_list+0xa5/0x150
[ 44.224262] cleanup_net+0x3b3/0x840
[ 44.227950] ? net_drop_ns+0x70/0x70
[ 44.231637] ? lock_acquire+0x170/0x3f0
[ 44.235597] ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 44.241022] process_one_work+0x793/0x14a0
[ 44.245243] ? work_busy+0x320/0x320
[ 44.248929] ? worker_thread+0x158/0xff0
[ 44.252979] ? _raw_spin_unlock_irq+0x24/0x80
[ 44.257552] worker_thread+0x5cc/0xff0
[ 44.261439] ? rescuer_thread+0xc80/0xc80
[ 44.265559] kthread+0x30d/0x420
[ 44.268898] ? kthread_create_on_node+0xd0/0xd0
[ 44.273539] ret_from_fork+0x24/0x30
[ 45.545675] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 46.447084] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 47.835002] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 48.756411] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 50.104425] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 50.985972] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 52.293985] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 53.114982] ip6_tables: ip6tables: counters copy to user failed while replacing table