[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.992117] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 33.006390] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.037271] traps: syz-executor067[8004] trap stack segment ip:403b58 sp:7ffe969f2860 error:0 [ 33.037278] syz-executor067[7983]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 33.047025] in syz-executor067971823[401000+82000] [ 33.069271] ip6_tables: ip6tables: counters copy to user failed while replacing table executing program [ 33.926083] IPVS: ftp: loaded support on port[0] = 21 [ 33.955865] syz-executor067[8005]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 33.982603] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 34.924921] IPVS: ftp: loaded support on port[0] = 21 [ 34.974056] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 35.930329] IPVS: ftp: loaded support on port[0] = 21 [ 35.966951] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 36.880872] IPVS: ftp: loaded support on port[0] = 21 [ 36.910990] syz-executor067[8073]: segfault at 1 ip 0000000000000001 sp 00007ffe969f2838 error 14 in syz-executor067971823[400000+1000] executing program [ 36.911020] syz-executor067[8094]: segfault at d ip 000000000000000d sp 00007ffe969f2880 error 14 in syz-executor067971823[400000+1000] [ 36.952135] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 37.867820] IPVS: ftp: loaded support on port[0] = 21 [ 37.898363] syz-executor067[8095]: segfault at 1 ip 0000000000000001 sp 00007ffe969f2838 error 14 in syz-executor067971823[400000+1000] executing program [ 37.898403] syz-executor067[8116]: segfault at d ip 000000000000000d sp 00007ffe969f2880 error 14 in syz-executor067971823[400000+1000] [ 37.933176] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 38.823075] IPVS: ftp: loaded support on port[0] = 21 [ 38.853297] [ 38.855151] ====================================================== [ 38.861805] WARNING: possible circular locking dependency detected [ 38.868733] 4.14.232-syzkaller #0 Not tainted [ 38.873213] ------------------------------------------------------ [ 38.879701] syz-executor067/8117 is trying to acquire lock: [ 38.885736] (&xt[i].mutex){+.+.}, at: [] target_revfn+0x43/0x210 [ 38.894347] [ 38.894347] but task is already holding lock: [ 38.901212] (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_msg+0x726/0xc00 [ 38.911455] [ 38.911455] which lock already depends on the new lock. [ 38.911455] [ 38.920909] [ 38.920909] the existing dependency chain (in reverse order) is: [ 38.930093] [ 38.930093] -> #2 (&table[i].mutex){+.+.}: [ 38.936130] __mutex_lock+0xc4/0x1310 [ 38.940881] nf_tables_netdev_event+0x10d/0x4d0 [ 38.947237] notifier_call_chain+0x108/0x1a0 [ 38.953475] rollback_registered_many+0x765/0xba0 [ 38.959530] unregister_netdevice_many.part.0+0x18/0x2e0 [ 38.966533] unregister_netdevice_many+0x36/0x50 [ 38.972251] ip6gre_exit_net+0x41e/0x570 [ 38.976993] ops_exit_list+0xa5/0x150 [ 38.981597] cleanup_net+0x3b3/0x840 [ 38.986159] process_one_work+0x793/0x14a0 [ 38.992041] worker_thread+0x5cc/0xff0 [ 38.997227] kthread+0x30d/0x420 [ 39.001279] ret_from_fork+0x24/0x30 [ 39.005685] [ 39.005685] -> #1 (rtnl_mutex){+.+.}: [ 39.011084] __mutex_lock+0xc4/0x1310 [ 39.015700] unregister_netdevice_notifier+0x5e/0x2b0 [ 39.021665] tee_tg_destroy+0x5c/0xb0 [ 39.026159] cleanup_entry+0x232/0x310 [ 39.031003] __do_replace+0x38d/0x580 [ 39.036195] do_ip6t_set_ctl+0x256/0x3b0 [ 39.041195] nf_setsockopt+0x5f/0xb0 [ 39.045696] ipv6_setsockopt+0xc0/0x120 [ 39.050703] tcp_setsockopt+0x7b/0xc0 [ 39.055267] SyS_setsockopt+0x110/0x1e0 [ 39.060410] do_syscall_64+0x1d5/0x640 [ 39.067140] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.073095] [ 39.073095] -> #0 (&xt[i].mutex){+.+.}: [ 39.079447] lock_acquire+0x170/0x3f0 [ 39.084014] __mutex_lock+0xc4/0x1310 [ 39.088752] target_revfn+0x43/0x210 [ 39.093485] xt_find_revision+0x15e/0x1d0 [ 39.098456] nfnl_compat_get+0x1f7/0x870 [ 39.103281] nfnetlink_rcv_msg+0x9bb/0xc00 [ 39.108766] netlink_rcv_skb+0x125/0x390 [ 39.113924] nfnetlink_rcv+0x1ab/0x1da0 [ 39.118749] netlink_unicast+0x437/0x610 [ 39.123774] netlink_sendmsg+0x62e/0xb80 [ 39.128768] sock_sendmsg+0xb5/0x100 [ 39.133068] ___sys_sendmsg+0x6c8/0x800 [ 39.137753] __sys_sendmsg+0xa3/0x120 [ 39.142155] SyS_sendmsg+0x27/0x40 [ 39.146302] do_syscall_64+0x1d5/0x640 [ 39.150833] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.156781] [ 39.156781] other info that might help us debug this: [ 39.156781] [ 39.165461] Chain exists of: [ 39.165461] &xt[i].mutex --> rtnl_mutex --> &table[i].mutex [ 39.165461] [ 39.178816] Possible unsafe locking scenario: [ 39.178816] [ 39.185942] CPU0 CPU1 [ 39.190693] ---- ---- [ 39.195342] lock(&table[i].mutex); [ 39.199629] lock(rtnl_mutex); [ 39.205805] lock(&table[i].mutex); [ 39.212482] lock(&xt[i].mutex); [ 39.216366] [ 39.216366] *** DEADLOCK *** [ 39.216366] [ 39.222974] 1 lock held by syz-executor067/8117: [ 39.227812] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_msg+0x726/0xc00 [ 39.236999] [ 39.236999] stack backtrace: [ 39.241671] CPU: 1 PID: 8117 Comm: syz-executor067 Not tainted 4.14.232-syzkaller #0 [ 39.250336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.260018] Call Trace: [ 39.262689] dump_stack+0x1b2/0x281 [ 39.266931] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 39.273000] __lock_acquire+0x2e0e/0x3f20 [ 39.277224] ? trace_hardirqs_on+0x10/0x10 [ 39.281801] ? __lock_acquire+0x5fc/0x3f20 [ 39.286104] lock_acquire+0x170/0x3f0 [ 39.289886] ? target_revfn+0x43/0x210 [ 39.293843] ? target_revfn+0x43/0x210 [ 39.297806] __mutex_lock+0xc4/0x1310 [ 39.301805] ? target_revfn+0x43/0x210 [ 39.305693] ? trace_hardirqs_on+0x10/0x10 [ 39.310291] ? target_revfn+0x43/0x210 [ 39.314272] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 39.320049] ? __lock_acquire+0x5fc/0x3f20 [ 39.324447] ? __lock_acquire+0x5fc/0x3f20 [ 39.328764] target_revfn+0x43/0x210 [ 39.332691] xt_find_revision+0x15e/0x1d0 [ 39.336904] ? match_revfn+0x210/0x210 [ 39.340858] ? deref_stack_reg+0x124/0x1a0 [ 39.345088] ? nfnetlink_rcv_msg+0x726/0xc00 [ 39.349885] nfnl_compat_get+0x1f7/0x870 [ 39.354808] ? nft_target_validate+0x240/0x240 [ 39.360225] ? nft_target_validate+0x240/0x240 [ 39.365266] nfnetlink_rcv_msg+0x9bb/0xc00 [ 39.369782] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 39.375604] netlink_rcv_skb+0x125/0x390 [ 39.380448] ? nfnetlink_net_exit_batch+0x150/0x150 [ 39.385897] ? netlink_ack+0x9a0/0x9a0 [ 39.389784] ? ns_capable_common+0x127/0x150 [ 39.394270] nfnetlink_rcv+0x1ab/0x1da0 [ 39.398418] ? do_syscall_64+0x1d5/0x640 [ 39.402620] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.409745] ? trace_hardirqs_on+0x10/0x10 [ 39.414247] ? __netlink_lookup+0x345/0x5d0 [ 39.418985] ? lock_downgrade+0x740/0x740 [ 39.424183] ? nfnetlink_bind+0x240/0x240 [ 39.428800] ? netlink_table_grab.part.0+0x1f0/0x1f0 [ 39.434069] ? netlink_deliver_tap+0x90/0x7d0 [ 39.438915] ? lock_downgrade+0x740/0x740 [ 39.443171] netlink_unicast+0x437/0x610 [ 39.447219] ? netlink_sendskb+0xd0/0xd0 [ 39.451869] ? __check_object_size+0x179/0x230 [ 39.456874] netlink_sendmsg+0x62e/0xb80 [ 39.461085] ? nlmsg_notify+0x170/0x170 [ 39.465161] ? kernel_recvmsg+0x210/0x210 [ 39.469744] ? security_socket_sendmsg+0x83/0xb0 [ 39.474704] ? nlmsg_notify+0x170/0x170 [ 39.478862] sock_sendmsg+0xb5/0x100 [ 39.483665] ___sys_sendmsg+0x6c8/0x800 [ 39.488324] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 39.493667] ? trace_hardirqs_on+0x10/0x10 [ 39.497887] ? trace_hardirqs_on+0x10/0x10 [ 39.502122] ? __fget+0x1fe/0x360 [ 39.505557] ? lock_acquire+0x170/0x3f0 [ 39.509521] ? lock_downgrade+0x740/0x740 [ 39.513664] ? __fget+0x225/0x360 [ 39.517524] ? __fdget+0x196/0x1f0 [ 39.521201] ? sockfd_lookup_light+0xb2/0x160 [ 39.525784] __sys_sendmsg+0xa3/0x120 [ 39.529715] ? SyS_shutdown+0x160/0x160 [ 39.533968] ? move_addr_to_kernel+0x60/0x60 [ 39.538872] ? __do_page_fault+0x159/0xad0 [ 39.543301] SyS_sendmsg+0x27/0x40 [ 39.546822] ? __sys_sendmsg+0x120/0x120 [ 39.551438] do_syscall_64+0x1d5/0x640 [ 39.555671] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.560940] RIP: 0033:0x4402a9 [ 39.564203] RSP: 002b:00007ffe969f28c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.572196] RAX: ffffffffffffffda RBX: 00306e616c767069 RCX: 00000000004402a9 [ 39.579538] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 39.587405] RBP: 0000000000000000 R08: 00007ffe969f2a68 R09: 00007ffe969f2a68 [ 39.595634] R10: 00007ffe969f2a68 R11: 0000000000000246 R12: 00007ffe969f28dc [ 39.603234] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488 executing program [ 39.659012] syz-executor067[8117]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 39.673447] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program executing program [ 40.232654] IPVS: ftp: loaded support on port[0] = 21 [ 40.262655] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 40.275239] IPVS: ftp: loaded support on port[0] = 21 [ 40.307809] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 40.316910] syz-executor067[8183]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 *** stack smashing detected ***: terminated executing program [ 40.940174] IPVS: ftp: loaded support on port[0] = 21 [ 40.971609] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 42.059346] IPVS: ftp: loaded support on port[0] = 21 [ 42.089270] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 42.694983] IPVS: ftp: loaded support on port[0] = 21 [ 42.724635] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 42.737453] IPVS: ftp: loaded support on port[0] = 21 executing program [ 42.767310] syz-executor067[8272]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 42.782111] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 43.362114] IPVS: ftp: loaded support on port[0] = 21 [ 43.392815] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 43.404543] IPVS: ftp: loaded support on port[0] = 21 executing program [ 43.451194] syz-executor067[8296]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 43.468280] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 44.519483] IPVS: ftp: loaded support on port[0] = 21 [ 44.550046] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 45.586187] IPVS: ftp: loaded support on port[0] = 21 [ 45.614360] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 46.300181] IPVS: ftp: loaded support on port[0] = 21 [ 46.329430] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 46.341853] IPVS: ftp: loaded support on port[0] = 21 executing program [ 46.375938] syz-executor067[8406]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 46.387140] ip6_tables: ip6tables: counters copy to user failed while replacing table *** stack smashing detected ***: terminated executing program [ 47.019863] IPVS: ftp: loaded support on port[0] = 21 [ 47.050205] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 47.062340] IPVS: ftp: loaded support on port[0] = 21 executing program [ 47.099341] syz-executor067[8430]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 47.114299] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 48.119587] IPVS: ftp: loaded support on port[0] = 21 executing program [ 48.167052] syz-executor067[8453]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15 [ 48.185883] ip6_tables: ip6tables: counters copy to user failed while replacing table executing program [ 48.780078] IPVS: ftp: loaded support on port[0] = 21 [ 48.807029] syz-executor067[8476]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15