G[ ok [39;[   31.787983] audit: type=1800 audit(1579456254.660:34): pid=7099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.548148] random: sshd: uninitialized urandom read (32 bytes read)
[   36.813785] audit: type=1400 audit(1579456259.720:35): avc:  denied  { map } for  pid=7272 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   36.864784] random: sshd: uninitialized urandom read (32 bytes read)
[   37.587195] random: sshd: uninitialized urandom read (32 bytes read)
[   37.769721] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts.
[   43.323683] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   43.443237] audit: type=1400 audit(1579456266.350:36): avc:  denied  { map } for  pid=7284 comm="syz-executor265" path="/root/syz-executor265439234" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   43.470680] ip_tables: iptables: counters copy to user failed while replacing table
[   43.486272] audit: type=1400 audit(1579456266.390:37): avc:  denied  { create } for  pid=7285 comm="syz-executor265" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   43.511707] audit: type=1400 audit(1579456266.390:38): avc:  denied  { write } for  pid=7285 comm="syz-executor265" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   43.542972] ip_tables: iptables: counters copy to user failed while replacing table
[   43.557124] 
[   43.558782] ======================================================
[   43.565114] WARNING: possible circular locking dependency detected
[   43.571528] 4.14.166-syzkaller #0 Not tainted
[   43.576023] ------------------------------------------------------
[   43.582359] syz-executor265/7292 is trying to acquire lock:
[   43.588063]  (&table[i].mutex){+.+.}, at: [<ffffffff8540bc24>] nfnl_lock+0x24/0x30
[   43.595793] 
[   43.595793] but task is already holding lock:
[   43.601763]  (rtnl_mutex){+.+.}, at: [<ffffffff8522fbf7>] rtnl_lock+0x17/0x20
[   43.609046] 
[   43.609046] which lock already depends on the new lock.
[   43.609046] 
[   43.617359] 
[   43.617359] the existing dependency chain (in reverse order) is:
[   43.624975] 
[   43.624975] -> #2 (rtnl_mutex){+.+.}:
[   43.630256]        lock_acquire+0x16f/0x430
[   43.634611]        __mutex_lock+0xe8/0x1470
[   43.638955]        mutex_lock_nested+0x16/0x20
[   43.643623]        rtnl_lock+0x17/0x20
[   43.647503]        unregister_netdevice_notifier+0x5f/0x2c0
[   43.653199]        tee_tg_destroy+0x61/0xc0
[   43.657552]        cleanup_entry+0x17d/0x230
[   43.661941]        __do_replace+0x3c5/0x5b0
[   43.666255]        do_ipt_set_ctl+0x296/0x3ee
[   43.670733]        nf_setsockopt+0x67/0xc0
[   43.674958]        ip_setsockopt+0x9b/0xb0
[   43.679189]        udp_setsockopt+0x4e/0x90
[   43.683618]        sock_common_setsockopt+0x94/0xd0
[   43.688623]        SyS_setsockopt+0x13c/0x210
[   43.693209]        do_syscall_64+0x1e8/0x640
[   43.697599]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   43.703345] 
[   43.703345] -> #1 (&xt[i].mutex){+.+.}:
[   43.708796]        lock_acquire+0x16f/0x430
[   43.713110]        __mutex_lock+0xe8/0x1470
[   43.717412]        mutex_lock_nested+0x16/0x20
[   43.722024]        xt_find_revision+0x82/0x200
[   43.726599]        nfnl_compat_get+0x229/0x950
[   43.732091]        nfnetlink_rcv_msg+0xa08/0xc00
[   43.736845]        netlink_rcv_skb+0x14f/0x3c0
[   43.741420]        nfnetlink_rcv+0x1ab/0x1650
[   43.745911]        netlink_unicast+0x44d/0x650
[   43.750482]        netlink_sendmsg+0x7c4/0xc60
[   43.755052]        sock_sendmsg+0xce/0x110
[   43.759394]        ___sys_sendmsg+0x70a/0x840
[   43.763878]        __sys_sendmsg+0xb9/0x140
[   43.768189]        SyS_sendmsg+0x2d/0x50
[   43.772248]        do_syscall_64+0x1e8/0x640
[   43.776660]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   43.782352] 
[   43.782352] -> #0 (&table[i].mutex){+.+.}:
[   43.788070]        __lock_acquire+0x2cb3/0x4620
[   43.792839]        lock_acquire+0x16f/0x430
[   43.797153]        __mutex_lock+0xe8/0x1470
[   43.801469]        mutex_lock_nested+0x16/0x20
[   43.806039]        nfnl_lock+0x24/0x30
[   43.809914]        nf_tables_netdev_event+0x13f/0x580
[   43.815095]        notifier_call_chain+0x111/0x1b0
[   43.820005]        raw_notifier_call_chain+0x2e/0x40
[   43.825174]        call_netdevice_notifiers_info+0x56/0x70
[   43.830832]        rollback_registered_many+0x70d/0xb60
[   43.836188]        rollback_registered+0xdd/0x180
[   43.841041]        unregister_netdevice_queue+0x1ae/0x230
[   43.846648]        br_dev_delete+0x13a/0x190
[   43.851045]        br_del_bridge+0xb4/0xf0
[   43.855270]        br_ioctl_deviceless_stub+0x23b/0x6a0
[   43.860741]        sock_ioctl+0x26a/0x470
[   43.864875]        do_vfs_ioctl+0x7ae/0x1060
[   43.869274]        SyS_ioctl+0x8f/0xc0
[   43.873187]        do_syscall_64+0x1e8/0x640
[   43.879437]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   43.885224] 
[   43.885224] other info that might help us debug this:
[   43.885224] 
[   43.893469] Chain exists of:
[   43.893469]   &table[i].mutex --> &xt[i].mutex --> rtnl_mutex
[   43.893469] 
[   43.903728]  Possible unsafe locking scenario:
[   43.903728] 
[   43.910492]        CPU0                    CPU1
[   43.915597]        ----                    ----
[   43.920246]   lock(rtnl_mutex);
[   43.923520]                                lock(&xt[i].mutex);
[   43.929484]                                lock(rtnl_mutex);
[   43.935281]   lock(&table[i].mutex);
[   43.939025] 
[   43.939025]  *** DEADLOCK ***
[   43.939025] 
[   43.945082] 2 locks held by syz-executor265/7292:
[   43.949904]  #0:  (br_ioctl_mutex){+.+.}, at: [<ffffffff8517db5e>] sock_ioctl+0x24e/0x470
[   43.958221]  #1:  (rtnl_mutex){+.+.}, at: [<ffffffff8522fbf7>] rtnl_lock+0x17/0x20
[   43.965986] 
[   43.965986] stack backtrace:
[   43.970506] CPU: 1 PID: 7292 Comm: syz-executor265 Not tainted 4.14.166-syzkaller #0
[   43.978369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.987758] Call Trace:
[   43.990385]  dump_stack+0x142/0x197
[   43.994004]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   43.999365]  __lock_acquire+0x2cb3/0x4620
[   44.003651]  ? trace_hardirqs_on+0x10/0x10
[   44.007878]  ? is_bpf_text_address+0xa6/0x120
[   44.012507]  lock_acquire+0x16f/0x430
[   44.016289]  ? nfnl_lock+0x24/0x30
[   44.019917]  ? nfnl_lock+0x24/0x30
[   44.023441]  __mutex_lock+0xe8/0x1470
[   44.027226]  ? nfnl_lock+0x24/0x30
[   44.030759]  ? __lock_acquire+0x2298/0x4620
[   44.035072]  ? debug_object_active_state+0x23c/0x370
[   44.040207]  ? nfnl_lock+0x24/0x30
[   44.043740]  ? mutex_trylock+0x1c0/0x1c0
[   44.047792]  ? trace_hardirqs_on+0x10/0x10
[   44.052007]  ? find_held_lock+0x35/0x130
[   44.056076]  ? dropmon_net_event+0x210/0x440
[   44.060481]  ? save_trace+0x290/0x290
[   44.064450]  mutex_lock_nested+0x16/0x20
[   44.068517]  ? mutex_lock_nested+0x16/0x20
[   44.072787]  nfnl_lock+0x24/0x30
[   44.076148]  nf_tables_netdev_event+0x13f/0x580
[   44.080807]  ? mark_held_locks+0xb1/0x100
[   44.084940]  ? __local_bh_enable_ip+0x99/0x1a0
[   44.089559]  ? nf_tables_netdev_init_net+0x220/0x220
[   44.094650]  ? mirred_device_event+0x152/0x190
[   44.099309]  ? _raw_spin_unlock_bh+0x31/0x40
[   44.103705]  ? mirred_device_event+0x57/0x190
[   44.108187]  ? nfqnl_rcv_dev_event+0x23/0x440
[   44.112672]  notifier_call_chain+0x111/0x1b0
[   44.117058]  raw_notifier_call_chain+0x2e/0x40
[   44.121629]  call_netdevice_notifiers_info+0x56/0x70
[   44.126723]  rollback_registered_many+0x70d/0xb60
[   44.131614]  ? netdev_info+0xf0/0xf0
[   44.135325]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[   44.140790]  ? kernfs_put+0x30b/0x490
[   44.144567]  ? kmem_cache_free+0x244/0x2b0
[   44.148795]  rollback_registered+0xdd/0x180
[   44.153106]  ? rollback_registered_many+0xb60/0xb60
[   44.158099]  unregister_netdevice_queue+0x1ae/0x230
[   44.163098]  br_dev_delete+0x13a/0x190
[   44.167030]  br_del_bridge+0xb4/0xf0
[   44.170733]  br_ioctl_deviceless_stub+0x23b/0x6a0
[   44.175690]  ? old_dev_ioctl.isra.0+0x1460/0x1460
[   44.180523]  ? old_dev_ioctl.isra.0+0x1460/0x1460
[   44.185355]  sock_ioctl+0x26a/0x470
[   44.188969]  ? dlci_ioctl_set+0x40/0x40
[   44.192931]  do_vfs_ioctl+0x7ae/0x1060
[   44.196809]  ? selinux_file_mprotect+0x5d0/0x5d0
[   44.201554]  ? ioctl_preallocate+0x1c0/0x1c0
[   44.205951]  ? fd_install+0x4d/0x60
[   44.209573]  ? security_file_ioctl+0x7d/0xb0
[   44.213982]  ? security_file_ioctl+0x89/0xb0
[   44.218398]  SyS_ioctl+0x8f/0xc0
[   44.221761]  ? do_vfs_ioctl+0x1060/0x1060
[   44.226032]  do_syscall_64+0x1e8/0x640
[   44.229954]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.234785]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.239960] RIP: 0033:0x441599
[   44.243135] RSP: 002b:00007ffdb381b0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   44.250886] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441599
[   44.258194] RDX: 00000000200000c0 RSI: 00000000000089a1 RDI: 0000000000000004
[   44.265932] RBP: 000000000000a9b5 R08: 00000000004002c8 R09: 00000000004002c8
[   44.273451] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023c0
[   44.280706] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   44.368579] ip_tables: iptables: counters copy to user failed while replacing table
[   44.499964] ip_tables: iptables: counters copy to user failed while replacing table
[   44.626164] ip_tables: iptables: counters copy to user failed while replacing table
[   44.731892] ip_tables: iptables: counters copy to user failed while replacing table
[   44.860157] ip_tables: iptables: counters copy to user failed while replacing table
[   44.978321] ip_tables: iptables: counters copy to user failed while replacing table
[   45.068330] ip_tables: iptables: counters copy to user failed while replacing table
[   45.181393] ip_tables: iptables: counters copy to user failed while replacing table
[   48.516787] net_ratelimit: 32 callbacks suppressed
[   48.516791] ip_tables: iptables: counters copy to user failed while replacing table
[   48.640757] ip_tables: iptables: counters copy to user failed while replacing table
[   48.738681] ip_tables: iptables: counters copy to user failed while replacing table
[   48.821473] ip_tables: iptables: counters copy to user failed while replacing table
[   48.951261] ip_tables: iptables: counters copy to user failed while replacing table
[   49.059932] ip_tables: iptables: counters copy to user failed while replacing table
[   49.171844] ip_tables: iptables: counters copy to user failed while replacing table
[   49.291544] ip_tables: iptables: counters copy to user failed while replacing table
[   49.393235] ip_tables: iptables: counters copy to user failed while replacing table
[   49.511923] ip_tables: iptables: counters copy to user failed while replacing table