[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.


Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   48.614918] audit: type=1400 audit(1599098807.496:8): avc:  denied  { execmem } for  pid=6370 comm="syz-executor412" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   48.637577] ip_tables: iptables: counters copy to user failed while replacing table
[   48.649004] IPVS: ftp: loaded support on port[0] = 21
[   48.684784] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   49.564167] IPVS: ftp: loaded support on port[0] = 21
[   49.597292] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   50.485114] IPVS: ftp: loaded support on port[0] = 21
[   50.519807] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   51.371647] IPVS: ftp: loaded support on port[0] = 21
[   51.404507] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   52.320674] IPVS: ftp: loaded support on port[0] = 21
[   52.354566] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   53.258510] IPVS: ftp: loaded support on port[0] = 21
[   53.291372] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   54.220040] IPVS: ftp: loaded support on port[0] = 21
[   54.254518] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   55.122584] IPVS: ftp: loaded support on port[0] = 21
[   55.156229] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   56.068007] IPVS: ftp: loaded support on port[0] = 21
[   56.102169] ip_tables: iptables: counters copy to user failed while replacing table
[   56.114233] IPVS: ftp: loaded support on port[0] = 21
[   56.146759] 
[   56.148418] ======================================================
[   56.154713] WARNING: possible circular locking dependency detected
[   56.161005] 4.14.195-syzkaller #0 Not tainted
[   56.165475] ------------------------------------------------------
[   56.171770] syz-executor412/6569 is trying to acquire lock:
[   56.177452]  (&xt[i].mutex){+.+.}, at: [<ffffffff85407908>] xt_find_revision+0x88/0x200
[   56.185586] 
[   56.185586] but task is already holding lock:
[   56.191533]  (&table[i].mutex){+.+.}, at: [<ffffffff85337306>] nfnetlink_rcv_msg+0x726/0xc00
[   56.200103] 
[   56.200103] which lock already depends on the new lock.
[   56.200103] 
[   56.208396] 
[   56.208396] the existing dependency chain (in reverse order) is:
[   56.215992] 
[   56.215992] -> #2 (&table[i].mutex){+.+.}:
[   56.221694]        __mutex_lock+0xc4/0x1310
[   56.225992]        nf_tables_netdev_event+0x10d/0x4d0
[   56.231163]        notifier_call_chain+0x108/0x1a0
[   56.236072]        rollback_registered_many+0x70b/0xb30
[   56.241430]        unregister_netdevice_many.part.0+0x18/0x2e0
[   56.247391]        unregister_netdevice_many+0x36/0x50
[   56.252647]        ip6gre_exit_net+0x41e/0x570
[   56.257255]        ops_exit_list+0xa5/0x150
[   56.261556]        cleanup_net+0x3b3/0x840
[   56.265784]        process_one_work+0x793/0x14a0
[   56.270516]        worker_thread+0x5cc/0xff0
[   56.274906]        kthread+0x30d/0x420
[   56.278772]        ret_from_fork+0x24/0x30
[   56.282980] 
[   56.282980] -> #1 (rtnl_mutex){+.+.}:
[   56.288246]        __mutex_lock+0xc4/0x1310
[   56.292552]        unregister_netdevice_notifier+0x5e/0x2b0
[   56.298239]        tee_tg_destroy+0x5c/0xb0
[   56.302542]        cleanup_entry+0x1fd/0x2d0
[   56.306926]        __do_replace+0x38d/0x570
[   56.311224]        do_ipt_set_ctl+0x256/0x39e
[   56.315697]        nf_setsockopt+0x5f/0xb0
[   56.319907]        ip_setsockopt+0x94/0xb0
[   56.324121]        udp_setsockopt+0x45/0x80
[   56.328435]        SyS_setsockopt+0x110/0x1e0
[   56.332907]        do_syscall_64+0x1d5/0x640
[   56.337298]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   56.342983] 
[   56.342983] -> #0 (&xt[i].mutex){+.+.}:
[   56.348423]        lock_acquire+0x170/0x3f0
[   56.352739]        __mutex_lock+0xc4/0x1310
[   56.357040]        xt_find_revision+0x88/0x200
[   56.361600]        nfnl_compat_get+0x1f7/0x870
[   56.366157]        nfnetlink_rcv_msg+0x9bb/0xc00
[   56.370890]        netlink_rcv_skb+0x125/0x390
[   56.375449]        nfnetlink_rcv+0x1ab/0x1da0
[   56.379918]        netlink_unicast+0x437/0x610
[   56.384478]        netlink_sendmsg+0x62e/0xb80
[   56.389037]        sock_sendmsg+0xb5/0x100
[   56.393249]        ___sys_sendmsg+0x6c8/0x800
[   56.397723]        __sys_sendmsg+0xa3/0x120
[   56.402020]        SyS_sendmsg+0x27/0x40
[   56.406073]        do_syscall_64+0x1d5/0x640
[   56.410461]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   56.416147] 
[   56.416147] other info that might help us debug this:
[   56.416147] 
[   56.424279] Chain exists of:
[   56.424279]   &xt[i].mutex --> rtnl_mutex --> &table[i].mutex
[   56.424279] 
[   56.434495]  Possible unsafe locking scenario:
[   56.434495] 
[   56.440527]        CPU0                    CPU1
[   56.445187]        ----                    ----
[   56.449829]   lock(&table[i].mutex);
[   56.453521]                                lock(rtnl_mutex);
[   56.459312]                                lock(&table[i].mutex);
[   56.465520]   lock(&xt[i].mutex);
[   56.468954] 
[   56.468954]  *** DEADLOCK ***
[   56.468954] 
[   56.474992] 1 lock held by syz-executor412/6569:
[   56.479719]  #0:  (&table[i].mutex){+.+.}, at: [<ffffffff85337306>] nfnetlink_rcv_msg+0x726/0xc00
[   56.488718] 
[   56.488718] stack backtrace:
[   56.493194] CPU: 0 PID: 6569 Comm: syz-executor412 Not tainted 4.14.195-syzkaller #0
[   56.501049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.510409] Call Trace:
[   56.512979]  dump_stack+0x1b2/0x283
[   56.516601]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   56.522383]  __lock_acquire+0x2e0e/0x3f20
[   56.526515]  ? __lock_acquire+0x5fc/0x3f20
[   56.530733]  ? trace_hardirqs_on+0x10/0x10
[   56.534954]  lock_acquire+0x170/0x3f0
[   56.538750]  ? xt_find_revision+0x88/0x200
[   56.542965]  ? xt_find_revision+0x88/0x200
[   56.547179]  __mutex_lock+0xc4/0x1310
[   56.550959]  ? xt_find_revision+0x88/0x200
[   56.555176]  ? __lock_acquire+0x5fc/0x3f20
[   56.559405]  ? xt_find_revision+0x88/0x200
[   56.563622]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   56.569066]  ? __lock_acquire+0x5fc/0x3f20
[   56.573295]  ? lock_acquire+0x170/0x3f0
[   56.577248]  ? nfnetlink_rcv_msg+0x726/0xc00
[   56.581637]  xt_find_revision+0x88/0x200
[   56.585677]  ? match_revfn+0x1e0/0x1e0
[   56.589548]  ? deref_stack_reg+0x124/0x1a0
[   56.593763]  ? nfnetlink_rcv_msg+0x726/0xc00
[   56.598167]  nfnl_compat_get+0x1f7/0x870
[   56.602225]  ? nft_target_validate+0x240/0x240
[   56.606789]  ? nft_target_validate+0x240/0x240
[   56.611353]  nfnetlink_rcv_msg+0x9bb/0xc00
[   56.615570]  ? lock_downgrade+0x740/0x740
[   56.619716]  netlink_rcv_skb+0x125/0x390
[   56.623756]  ? nfnetlink_net_exit_batch+0x150/0x150
[   56.628751]  ? netlink_ack+0x9a0/0x9a0
[   56.632636]  ? ns_capable_common+0x127/0x150
[   56.637024]  nfnetlink_rcv+0x1ab/0x1da0
[   56.640990]  ? do_syscall_64+0x1d5/0x640
[   56.645035]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   56.650377]  ? trace_hardirqs_on+0x10/0x10
[   56.654592]  ? __netlink_lookup+0x345/0x5d0
[   56.658901]  ? lock_downgrade+0x740/0x740
[   56.663040]  ? nfnetlink_bind+0x240/0x240
[   56.667166]  ? netlink_table_grab.part.0+0x1f0/0x1f0
[   56.672422]  ? netlink_deliver_tap+0x90/0x7d0
[   56.676913]  ? lock_downgrade+0x740/0x740
[   56.681043]  netlink_unicast+0x437/0x610
[   56.685086]  ? netlink_sendskb+0xd0/0xd0
[   56.689131]  netlink_sendmsg+0x62e/0xb80
[   56.693186]  ? nlmsg_notify+0x170/0x170
[   56.697140]  ? kernel_recvmsg+0x210/0x210
[   56.701376]  ? security_socket_sendmsg+0x83/0xb0
[   56.706108]  ? nlmsg_notify+0x170/0x170
[   56.710059]  sock_sendmsg+0xb5/0x100
[   56.713752]  ___sys_sendmsg+0x6c8/0x800
[   56.717705]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   56.722444]  ? trace_hardirqs_on+0x10/0x10
[   56.726657]  ? trace_hardirqs_on+0x10/0x10
[   56.730868]  ? trace_hardirqs_on+0x10/0x10
[   56.735084]  ? fs_reclaim_release+0xd0/0x110
[   56.739469]  ? __fget+0x1fe/0x360
[   56.742903]  ? lock_acquire+0x170/0x3f0
[   56.746853]  ? lock_downgrade+0x740/0x740
[   56.750983]  ? __fget+0x225/0x360
[   56.754418]  ? __fdget+0x196/0x1f0
[   56.757939]  ? sockfd_lookup_light+0xb2/0x160
[   56.762422]  __sys_sendmsg+0xa3/0x120
[   56.766208]  ? SyS_shutdown+0x160/0x160
[   56.770179]  ? move_addr_to_kernel+0x60/0x60
[   56.774568]  ? __do_page_fault+0x19a/0xb50
[   56.778784]  SyS_sendmsg+0x27/0x40
[   56.782321]  ? __sys_sendmsg+0x120/0x120
[   56.786364]  do_syscall_64+0x1d5/0x640
[   56.790237]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   56.795408] RIP: 0033:0x441dd9
[   56.798584] RSP: 002b:00007ffc84d94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.806272] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441dd9
[   56.813521] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[   56.820770] RBP: 000000000000d785 R08: 0000000b004002c8 R09: 0000000b004002c8
[   56.828018] R10: 0000000b004002c8 R11: 0000000000000246 R12: 0000000000402b80
[   56.835268] R13: 0000000000402c10 R14: 0000000000000000 R15: 0000000000000000
executing program
[   56.883769] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   57.549370] IPVS: ftp: loaded support on port[0] = 21
executing program
[   57.579554] ip_tables: iptables: counters copy to user failed while replacing table
[   57.590040] IPVS: ftp: loaded support on port[0] = 21
[   57.625849] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   58.776012] IPVS: ftp: loaded support on port[0] = 21
[   58.814391] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   59.458750] IPVS: ftp: loaded support on port[0] = 21
executing program
[   59.488384] ip_tables: iptables: counters copy to user failed while replacing table
[   59.498763] IPVS: ftp: loaded support on port[0] = 21
[   59.535363] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   60.594047] IPVS: ftp: loaded support on port[0] = 21
[   60.629396] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   61.248240] IPVS: ftp: loaded support on port[0] = 21
executing program
[   61.277518] ip_tables: iptables: counters copy to user failed while replacing table
[   61.287848] IPVS: ftp: loaded support on port[0] = 21
[   61.322121] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   62.485649] IPVS: ftp: loaded support on port[0] = 21
[   62.515434] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   63.605536] IPVS: ftp: loaded support on port[0] = 21
executing program
[   63.634091] ip_tables: iptables: counters copy to user failed while replacing table
[   63.644459] IPVS: ftp: loaded support on port[0] = 21
[   63.678119] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   64.328154] IPVS: ftp: loaded support on port[0] = 21
executing program
[   64.357122] ip_tables: iptables: counters copy to user failed while replacing table
[   64.367611] IPVS: ftp: loaded support on port[0] = 21
[   64.402980] ip_tables: iptables: counters copy to user failed while replacing table
executing program
[   65.575389] IPVS: ftp: loaded support on port[0] = 21
[   65.604655] ip_tables: iptables: counters copy to user failed while replacing table