[ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.282943] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 27.294445] mkiss: ax0: crc mode is auto. executing program [ 27.372142] [ 27.373794] ====================================================== [ 27.380090] WARNING: possible circular locking dependency detected [ 27.386381] 4.14.276-syzkaller #0 Not tainted [ 27.390861] ------------------------------------------------------ [ 27.397153] syz-executor303/8001 is trying to acquire lock: [ 27.402830] (rtnl_mutex){+.+.}, at: [] unregister_netdevice_notifier+0x5e/0x2b0 [ 27.411926] [ 27.411926] but task is already holding lock: [ 27.417896] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 27.426194] [ 27.426194] which lock already depends on the new lock. [ 27.426194] [ 27.434497] [ 27.434497] the existing dependency chain (in reverse order) is: [ 27.442089] [ 27.442089] -> #2 (&xt[i].mutex){+.+.}: [ 27.447529] __mutex_lock+0xc4/0x1310 [ 27.451831] match_revfn+0x43/0x210 [ 27.455954] xt_find_revision+0x8d/0x1d0 [ 27.460510] nfnl_compat_get+0x1f7/0x870 [ 27.465072] nfnetlink_rcv_msg+0x9bb/0xc00 [ 27.469810] netlink_rcv_skb+0x125/0x390 [ 27.474367] nfnetlink_rcv+0x1ab/0x1da0 [ 27.478921] netlink_unicast+0x437/0x610 [ 27.483481] netlink_sendmsg+0x648/0xbc0 [ 27.488053] sock_sendmsg+0xb5/0x100 [ 27.492257] ___sys_sendmsg+0x6c8/0x800 [ 27.496721] __sys_sendmsg+0xa3/0x120 [ 27.501013] SyS_sendmsg+0x27/0x40 [ 27.505048] do_syscall_64+0x1d5/0x640 [ 27.509431] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.515110] [ 27.515110] -> #1 (&table[i].mutex){+.+.}: [ 27.520800] __mutex_lock+0xc4/0x1310 [ 27.525097] nf_tables_netdev_event+0x10d/0x4d0 [ 27.530260] notifier_call_chain+0x108/0x1a0 [ 27.535158] rollback_registered_many+0x765/0xbb0 [ 27.540492] rollback_registered+0xca/0x170 [ 27.545308] unregister_netdevice_queue+0x1b4/0x360 [ 27.550822] unregister_netdev+0x18/0x20 [ 27.555378] mkiss_close+0xd7/0x1d0 [ 27.559498] tty_ldisc_close+0x8c/0xc0 [ 27.563876] tty_ldisc_release+0xe8/0x400 [ 27.568514] tty_release_struct+0x20/0xe0 [ 27.573152] tty_release+0xb3f/0x10d0 [ 27.577452] __fput+0x25f/0x7a0 [ 27.581222] task_work_run+0x11f/0x190 [ 27.585604] do_exit+0xa44/0x2850 [ 27.589555] do_group_exit+0x100/0x2e0 [ 27.593933] SyS_exit_group+0x19/0x20 [ 27.598227] do_syscall_64+0x1d5/0x640 [ 27.602611] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.608289] [ 27.608289] -> #0 (rtnl_mutex){+.+.}: [ 27.613556] lock_acquire+0x170/0x3f0 [ 27.617851] __mutex_lock+0xc4/0x1310 [ 27.622142] unregister_netdevice_notifier+0x5e/0x2b0 [ 27.627823] tee_tg_destroy+0x5c/0xb0 [ 27.632116] cleanup_entry+0x232/0x310 [ 27.636495] __do_replace+0x38d/0x580 [ 27.640789] do_ip6t_set_ctl+0x256/0x3b0 [ 27.645351] nf_setsockopt+0x5f/0xb0 [ 27.649559] ipv6_setsockopt+0xc0/0x120 [ 27.654024] udpv6_setsockopt+0x45/0x80 [ 27.658493] SyS_setsockopt+0x110/0x1e0 [ 27.662957] do_syscall_64+0x1d5/0x640 [ 27.667335] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.673014] [ 27.673014] other info that might help us debug this: [ 27.673014] [ 27.681126] Chain exists of: [ 27.681126] rtnl_mutex --> &table[i].mutex --> &xt[i].mutex [ 27.681126] [ 27.691327] Possible unsafe locking scenario: [ 27.691327] [ 27.697354] CPU0 CPU1 [ 27.701990] ---- ---- [ 27.706626] lock(&xt[i].mutex); [ 27.710054] lock(&table[i].mutex); [ 27.716254] lock(&xt[i].mutex); [ 27.722197] lock(rtnl_mutex); [ 27.725448] [ 27.725448] *** DEADLOCK *** [ 27.725448] [ 27.731476] 1 lock held by syz-executor303/8001: [ 27.736198] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 27.744946] [ 27.744946] stack backtrace: [ 27.749415] CPU: 0 PID: 8001 Comm: syz-executor303 Not tainted 4.14.276-syzkaller #0 [ 27.757266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.766591] Call Trace: [ 27.769152] dump_stack+0x1b2/0x281 [ 27.772763] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.778626] __lock_acquire+0x2e0e/0x3f20 [ 27.782753] ? trace_hardirqs_on+0x10/0x10 [ 27.786962] ? kernel_text_address+0xbd/0xf0 [ 27.791352] ? __lock_acquire+0x5fc/0x3f20 [ 27.795558] ? __save_stack_trace+0xa0/0x160 [ 27.799938] lock_acquire+0x170/0x3f0 [ 27.803712] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 27.809049] ? recent_mt+0xf90/0xf90 [ 27.812736] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 27.818071] __mutex_lock+0xc4/0x1310 [ 27.821853] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 27.827188] ? lock_acquire+0x170/0x3f0 [ 27.831133] ? recent_mt_destroy+0x163/0x5d0 [ 27.835528] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 27.840875] ? recent_mt+0xf90/0xf90 [ 27.844566] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 27.849990] ? __mutex_lock+0x360/0x1310 [ 27.854024] ? cleanup_entry+0x141/0x310 [ 27.858059] ? lock_downgrade+0x740/0x740 [ 27.862181] ? recent_mt+0xf90/0xf90 [ 27.865865] unregister_netdevice_notifier+0x5e/0x2b0 [ 27.871031] ? __mutex_unlock_slowpath+0x75/0x770 [ 27.875910] ? register_netdevice_notifier+0x4d0/0x4d0 [ 27.881173] ? wait_for_completion_io+0x10/0x10 [ 27.885955] ? recent_mt+0xf90/0xf90 [ 27.889643] tee_tg_destroy+0x5c/0xb0 [ 27.893450] ? tee_tg6+0x160/0x160 [ 27.896963] cleanup_entry+0x232/0x310 [ 27.900862] ? compat_do_ip6t_get_ctl+0x820/0x820 [ 27.905687] __do_replace+0x38d/0x580 [ 27.909464] ? ip6t_unregister_table+0x60/0x60 [ 27.914019] do_ip6t_set_ctl+0x256/0x3b0 [ 27.918059] ? compat_do_ip6t_set_ctl+0x140/0x140 [ 27.922880] ? nf_sockopt_find.constprop.0+0x1ad/0x220 [ 27.928136] nf_setsockopt+0x5f/0xb0 [ 27.931835] ipv6_setsockopt+0xc0/0x120 [ 27.935787] udpv6_setsockopt+0x45/0x80 [ 27.939734] SyS_setsockopt+0x110/0x1e0 [ 27.943679] ? SyS_recv+0x40/0x40 [ 27.947108] ? up_read+0x17/0x30 [ 27.950462] ? __do_page_fault+0x159/0xad0 [ 27.954683] ? do_syscall_64+0x4c/0x640 [ 27.958628] ? SyS_recv+0x40/0x40 [ 27.962056] do_syscall_64+0x1d5/0x640 [ 27.965918] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.971079] RIP: 0033:0x7fce37fde409 [ 27.974760] RSP: 002b:00007ffd211dc3d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 27.982442] RAX: ffffffffffffffda RBX: 000000306e616c76 RCX: 00007fce37fde409 [ 27.989682] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 27.996924] RBP: 0000000000000000 R08: 0000000000000520 R09: 00007ffd211dc578 [ 28.004172] R10: 0000000020000b40 R11: 0000000000000246 R12: 00007ffd211dc3ec [ 28.011430] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 executing program [ 28.019082] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.029666] mkiss: ax0: crc mode is auto. [ 28.069667] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.081194] mkiss: ax0: crc mode is auto. executing program [ 28.141894] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.153381] mkiss: ax0: crc mode is auto. executing program [ 28.219814] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.229801] mkiss: ax0: crc mode is auto. executing program [ 28.299589] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.310216] mkiss: ax0: crc mode is auto. executing program [ 28.369393] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.379550] mkiss: ax0: crc mode is auto. executing program executing program [ 28.439305] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.449441] mkiss: ax0: crc mode is auto. [ 28.499706] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.510233] mkiss: ax0: crc mode is auto. executing program [ 28.569814] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 28.580818] mkiss: ax0: crc mode is auto. executing program [ 28.641837] mkiss: ax0: crc mode is auto. executing program executing program [ 28.701273] mkiss: ax0: crc mode is auto. [ 28.743090] mkiss: ax0: crc mode is auto. executing program [ 28.811225] mkiss: ax0: crc mode is auto. executing program [ 28.861619] mkiss: ax0: crc mode is auto. executing program [ 28.910244] mkiss: ax0: crc mode is auto. executing program executing program [ 28.960842] mkiss: ax0: crc mode is auto. executing program [ 29.001916] mkiss: ax0: crc mode is auto. [ 29.044868] mkiss: ax0: crc mode is auto. executing program [ 29.111472] mkiss: ax0: crc mode is auto. executing program [ 29.170566] mkiss: ax0: crc mode is auto. executing program [ 29.220163] mkiss: ax0: crc mode is auto. executing program [ 29.270533] mkiss: ax0: crc mode is auto. executing program executing program [ 29.320723] mkiss: ax0: crc mode is auto. [ 29.364281] mkiss: ax0: crc mode is auto. executing program [ 29.413970] mkiss: ax0: crc mode is auto. executing program [ 29.460439] mkiss: ax0: crc mode is auto. executing program [ 29.532188] mkiss: ax0: crc mode is auto. executing program [ 29.590489] mkiss: ax0: crc mode is auto. executing program [ 29.659794] mkiss: ax0: crc mode is auto. executing program [ 29.710061] mkiss: ax0: crc mode is auto. executing program executing program [ 29.770947] mkiss: ax0: crc mode is auto. [ 29.814180] mkiss: ax0: crc mode is auto. executing program executing program [ 29.861932] mkiss: ax0: crc mode is auto. executing program [ 29.901507] mkiss: ax0: crc mode is auto. [ 29.944984] mkiss: ax0: crc mode is auto. executing program [ 29.995571] mkiss: ax0: crc mode is auto. executing program [ 30.041980] mkiss: ax0: crc mode is auto. executing program [ 30.089927] mkiss: ax0: crc mode is auto. executing program executing program [ 30.149801] mkiss: ax0: crc mode is auto. [ 30.192588] mkiss: ax0: crc mode is auto. executing program [ 30.242823] mkiss: ax0: crc mode is auto. executing program [ 30.302211] mkiss: ax0: crc mode is auto. executing program [ 30.360046] mkiss: ax0: crc mode is auto. executing program [ 30.420193] mkiss: ax0: crc mode is auto. executing program [ 30.470031] mkiss: ax0: crc mode is auto. executing program [ 30.529971] mkiss: ax0: crc mode is auto. executing program [ 30.609143] mkiss: ax0: crc mode is auto. executing program [ 30.659684] mkiss: ax0: crc mode is auto. executing program [ 30.709922] mkiss: ax0: crc mode is auto. executing program [ 30.769614] mkiss: ax0: crc mode is auto. executing program [ 30.819546] mkiss: ax0: crc mode is auto. executing program [ 30.868787] mkiss: ax0: crc mode is auto. executing program [ 30.918750] mkiss: ax0: crc mode is auto. executing program [ 30.978879] mkiss: ax0: crc mode is auto. executing program executing program [ 31.039177] mkiss: ax0: crc mode is auto. executing program [ 31.080810] mkiss: ax0: crc mode is auto. [ 31.122318] mkiss: ax0: crc mode is auto. executing program [ 31.189681] mkiss: ax0: crc mode is auto. executing program [ 31.269594] mkiss: ax0: crc mode is auto. executing program [ 31.328631] mkiss: ax0: crc mode is auto. executing program [ 31.389207] mkiss: ax0: crc mode is auto. executing program executing program [ 31.438299] mkiss: ax0: crc mode is auto. [ 31.481098] mkiss: ax0: crc mode is auto. executing program executing program [ 31.539337] mkiss: ax0: crc mode is auto. [ 31.582871] mkiss: ax0: crc mode is auto. executing program executing program [ 31.638513] mkiss: ax0: crc mode is auto. [ 31.681439] mkiss: ax0: crc mode is auto. executing program [ 31.748668] mkiss: ax0: crc mode is auto. executing program [ 31.798822] mkiss: ax0: crc mode is auto. executing program executing program [ 31.849994] mkiss: ax0: crc mode is auto. [ 31.892845] mkiss: ax0: crc mode is auto. executing program [ 31.958504] mkiss: ax0: crc mode is auto. executing program executing program [ 32.017730] mkiss: ax0: crc mode is auto. executing program [ 32.061100] mkiss: ax0: crc mode is auto. [ 32.098524] mkiss: ax0: crc mode is auto. executing program [ 32.160974] mkiss: ax0: crc mode is auto. executing program [ 32.217505] mkiss: ax0: crc mode is auto. executing program executing program [ 32.295902] net_ratelimit: 68 callbacks suppressed [ 32.295905] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.311280] mkiss: ax0: crc mode is auto. [ 32.356959] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.367627] mkiss: ax0: crc mode is auto. executing program executing program [ 32.425354] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.436487] mkiss: ax0: crc mode is auto. [ 32.486508] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.497177] mkiss: ax0: crc mode is auto. executing program executing program [ 32.556422] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.566883] mkiss: ax0: crc mode is auto. [ 32.615617] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.625808] mkiss: ax0: crc mode is auto. executing program [ 32.705427] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.715756] mkiss: ax0: crc mode is auto. executing program executing program [ 32.775181] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.785710] mkiss: ax0: crc mode is auto. [ 32.815912] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.827293] mkiss: ax0: crc mode is auto. executing program [ 32.884963] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 32.895623] mkiss: ax0: crc mode is auto. executing program [ 32.957289] mkiss: ax0: crc mode is auto. executing program executing program [ 33.006862] mkiss: ax0: crc mode is auto. [ 33.050894] mkiss: ax0: crc mode is auto. executing program executing program [ 33.117505] mkiss: ax0: crc mode is auto. [ 33.159221] mkiss: ax0: crc mode is auto. executing program [ 33.228061] mkiss: ax0: crc mode is auto. executing program [ 33.287293] mkiss: ax0: crc mode is auto. executing program executing program [ 33.347445] mkiss: ax0: crc mode is auto. executing program [ 33.390719] mkiss: ax0: crc mode is auto. [ 33.429286] mkiss: ax0: crc mode is auto. executing program [ 33.480427] mkiss: ax0: crc mode is auto. executing program executing program [ 33.528496] mkiss: ax0: crc mode is auto. [ 33.557895] mkiss: ax0: crc mode is auto. executing program [ 33.624341] mkiss: ax0: crc mode is auto. executing program [ 33.678239] mkiss: ax0: crc mode is auto. executing program [ 33.748249] mkiss: ax0: crc mode is auto. executing program [ 33.796866] mkiss: ax0: crc mode is auto. executing program [ 33.857040] mkiss: ax0: crc mode is auto. executing program executing program [ 33.907084] mkiss: ax0: crc mode is auto. [ 33.948149] mkiss: ax0: crc mode is auto. executing program [ 34.016595] mkiss: ax0: crc mode is auto. executing program [ 34.066279] mkiss: ax0: crc mode is auto. executing program [ 34.116218] mkiss: ax0: crc mode is auto. executing program [ 34.166302] mkiss: ax0: crc mode is auto. executing program executing program [ 34.226511] mkiss: ax0: crc mode is auto. executing program [ 34.268793] mkiss: ax0: crc mode is auto. executing program [ 34.310287] mkiss: ax0: crc mode is auto. [ 34.348063] mkiss: ax0: crc mode is auto. executing program executing program [ 34.416413] mkiss: ax0: crc mode is auto. [ 34.463775] mkiss: ax0: crc mode is auto. executing program [ 34.527136] mkiss: ax0: crc mode is auto. executing program [ 34.576514] mkiss: ax0: crc mode is auto. executing program [ 34.626861] mkiss: ax0: crc mode is auto. executing program [ 34.676707] mkiss: ax0: crc mode is auto. executing program [ 34.736373] mkiss: ax0: crc mode is auto. executing program [ 34.796227] mkiss: ax0: crc mode is auto. executing program executing program [ 34.845621] mkiss: ax0: crc mode is auto. [ 34.887317] mkiss: ax0: crc mode is auto. executing program [ 34.935705] mkiss: ax0: crc mode is auto. executing program executing program [ 34.986154] mkiss: ax0: crc mode is auto. executing program [ 35.030578] mkiss: ax0: crc mode is auto. [ 35.067409] mkiss: ax0: crc mode is auto. executing program [ 35.118400] mkiss: ax0: crc mode is auto. executing program [ 35.177588] mkiss: ax0: crc mode is auto. executing program [ 35.225274] mkiss: ax0: crc mode is auto. executing program [ 35.276245] mkiss: ax0: crc mode is auto. executing program [ 35.327773] mkiss: ax0: crc mode is auto. executing program [ 35.395997] mkiss: ax0: crc mode is auto. executing program [ 35.445963] mkiss: ax0: crc mode is auto. executing program [ 35.505516] mkiss: ax0: crc mode is auto. executing program [ 35.565318] mkiss: ax0: crc mode is auto. executing program [ 35.626203] mkiss: ax0: crc mode is auto. executing program executing program [ 35.676596] mkiss: ax0: crc mode is auto. [ 35.716191] mkiss: ax0: crc mode is auto. executing program [ 35.775822] mkiss: ax0: crc mode is auto. executing program [ 35.835515] mkiss: ax0: crc mode is auto. executing program [ 35.896010] mkiss: ax0: crc mode is auto. executing program [ 35.945317] mkiss: ax0: crc mode is auto. executing program executing program [ 36.005745] mkiss: ax0: crc mode is auto. [ 36.048742] mkiss: ax0: crc mode is auto. executing program [ 36.125484] mkiss: ax0: crc mode is auto. executing program executing program [ 36.185090] mkiss: ax0: crc mode is auto. [ 36.226614] mkiss: ax0: crc mode is auto. executing program executing program [ 36.275437] mkiss: ax0: crc mode is auto. [ 36.316386] mkiss: ax0: crc mode is auto. executing program [ 36.374787] mkiss: ax0: crc mode is auto. executing program [ 36.455192] mkiss: ax0: crc mode is auto. executing program executing program [ 36.515218] mkiss: ax0: crc mode is auto. [ 36.556146] mkiss: ax0: crc mode is auto. executing program executing program [ 36.605724] mkiss: ax0: crc mode is auto. [ 36.646173] mkiss: ax0: crc mode is auto. executing program [ 36.704534] mkiss: ax0: crc mode is auto. executing program [ 36.766308] mkiss: ax0: crc mode is auto. executing program [ 36.835153] mkiss: ax0: crc mode is auto. executing program [ 36.894492] mkiss: ax0: crc mode is auto. executing program executing program [ 36.944745] mkiss: ax0: crc mode is auto. [ 36.987174] mkiss: ax0: crc mode is auto. executing program [ 37.036461] mkiss: ax0: crc mode is auto. executing program [ 37.105084] mkiss: ax0: crc mode is auto. executing program [ 37.154011] mkiss: ax0: crc mode is auto. executing program [ 37.214329] mkiss: ax0: crc mode is auto. executing program executing program [ 37.274237] mkiss: ax0: crc mode is auto. [ 37.313257] net_ratelimit: 82 callbacks suppressed [ 37.313261] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 37.329365] mkiss: ax0: crc mode is auto. executing program