[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 32.992117] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 33.006390] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 33.037271] traps: syz-executor067[8004] trap stack segment ip:403b58 sp:7ffe969f2860 error:0
[ 33.037278] syz-executor067[7983]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 33.047025] in syz-executor067971823[401000+82000]
[ 33.069271] ip6_tables: ip6tables: counters copy to user failed while replacing table
executing program
[ 33.926083] IPVS: ftp: loaded support on port[0] = 21
[ 33.955865] syz-executor067[8005]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 33.982603] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 34.924921] IPVS: ftp: loaded support on port[0] = 21
[ 34.974056] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 35.930329] IPVS: ftp: loaded support on port[0] = 21
[ 35.966951] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 36.880872] IPVS: ftp: loaded support on port[0] = 21
[ 36.910990] syz-executor067[8073]: segfault at 1 ip 0000000000000001 sp 00007ffe969f2838 error 14 in syz-executor067971823[400000+1000]
executing program
[ 36.911020] syz-executor067[8094]: segfault at d ip 000000000000000d sp 00007ffe969f2880 error 14 in syz-executor067971823[400000+1000]
[ 36.952135] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 37.867820] IPVS: ftp: loaded support on port[0] = 21
[ 37.898363] syz-executor067[8095]: segfault at 1 ip 0000000000000001 sp 00007ffe969f2838 error 14 in syz-executor067971823[400000+1000]
executing program
[ 37.898403] syz-executor067[8116]: segfault at d ip 000000000000000d sp 00007ffe969f2880 error 14 in syz-executor067971823[400000+1000]
[ 37.933176] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 38.823075] IPVS: ftp: loaded support on port[0] = 21
[ 38.853297]
[ 38.855151] ======================================================
[ 38.861805] WARNING: possible circular locking dependency detected
[ 38.868733] 4.14.232-syzkaller #0 Not tainted
[ 38.873213] ------------------------------------------------------
[ 38.879701] syz-executor067/8117 is trying to acquire lock:
[ 38.885736] (&xt[i].mutex){+.+.}, at: [<ffffffff85f095b3>] target_revfn+0x43/0x210
[ 38.894347]
[ 38.894347] but task is already holding lock:
[ 38.901212] (&table[i].mutex){+.+.}, at: [<ffffffff85e359a6>] nfnetlink_rcv_msg+0x726/0xc00
[ 38.911455]
[ 38.911455] which lock already depends on the new lock.
[ 38.911455]
[ 38.920909]
[ 38.920909] the existing dependency chain (in reverse order) is:
[ 38.930093]
[ 38.930093] -> #2 (&table[i].mutex){+.+.}:
[ 38.936130] __mutex_lock+0xc4/0x1310
[ 38.940881] nf_tables_netdev_event+0x10d/0x4d0
[ 38.947237] notifier_call_chain+0x108/0x1a0
[ 38.953475] rollback_registered_many+0x765/0xba0
[ 38.959530] unregister_netdevice_many.part.0+0x18/0x2e0
[ 38.966533] unregister_netdevice_many+0x36/0x50
[ 38.972251] ip6gre_exit_net+0x41e/0x570
[ 38.976993] ops_exit_list+0xa5/0x150
[ 38.981597] cleanup_net+0x3b3/0x840
[ 38.986159] process_one_work+0x793/0x14a0
[ 38.992041] worker_thread+0x5cc/0xff0
[ 38.997227] kthread+0x30d/0x420
[ 39.001279] ret_from_fork+0x24/0x30
[ 39.005685]
[ 39.005685] -> #1 (rtnl_mutex){+.+.}:
[ 39.011084] __mutex_lock+0xc4/0x1310
[ 39.015700] unregister_netdevice_notifier+0x5e/0x2b0
[ 39.021665] tee_tg_destroy+0x5c/0xb0
[ 39.026159] cleanup_entry+0x232/0x310
[ 39.031003] __do_replace+0x38d/0x580
[ 39.036195] do_ip6t_set_ctl+0x256/0x3b0
[ 39.041195] nf_setsockopt+0x5f/0xb0
[ 39.045696] ipv6_setsockopt+0xc0/0x120
[ 39.050703] tcp_setsockopt+0x7b/0xc0
[ 39.055267] SyS_setsockopt+0x110/0x1e0
[ 39.060410] do_syscall_64+0x1d5/0x640
[ 39.067140] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 39.073095]
[ 39.073095] -> #0 (&xt[i].mutex){+.+.}:
[ 39.079447] lock_acquire+0x170/0x3f0
[ 39.084014] __mutex_lock+0xc4/0x1310
[ 39.088752] target_revfn+0x43/0x210
[ 39.093485] xt_find_revision+0x15e/0x1d0
[ 39.098456] nfnl_compat_get+0x1f7/0x870
[ 39.103281] nfnetlink_rcv_msg+0x9bb/0xc00
[ 39.108766] netlink_rcv_skb+0x125/0x390
[ 39.113924] nfnetlink_rcv+0x1ab/0x1da0
[ 39.118749] netlink_unicast+0x437/0x610
[ 39.123774] netlink_sendmsg+0x62e/0xb80
[ 39.128768] sock_sendmsg+0xb5/0x100
[ 39.133068] ___sys_sendmsg+0x6c8/0x800
[ 39.137753] __sys_sendmsg+0xa3/0x120
[ 39.142155] SyS_sendmsg+0x27/0x40
[ 39.146302] do_syscall_64+0x1d5/0x640
[ 39.150833] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 39.156781]
[ 39.156781] other info that might help us debug this:
[ 39.156781]
[ 39.165461] Chain exists of:
[ 39.165461] &xt[i].mutex --> rtnl_mutex --> &table[i].mutex
[ 39.165461]
[ 39.178816] Possible unsafe locking scenario:
[ 39.178816]
[ 39.185942] CPU0 CPU1
[ 39.190693] ---- ----
[ 39.195342] lock(&table[i].mutex);
[ 39.199629] lock(rtnl_mutex);
[ 39.205805] lock(&table[i].mutex);
[ 39.212482] lock(&xt[i].mutex);
[ 39.216366]
[ 39.216366] *** DEADLOCK ***
[ 39.216366]
[ 39.222974] 1 lock held by syz-executor067/8117:
[ 39.227812] #0: (&table[i].mutex){+.+.}, at: [<ffffffff85e359a6>] nfnetlink_rcv_msg+0x726/0xc00
[ 39.236999]
[ 39.236999] stack backtrace:
[ 39.241671] CPU: 1 PID: 8117 Comm: syz-executor067 Not tainted 4.14.232-syzkaller #0
[ 39.250336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.260018] Call Trace:
[ 39.262689] dump_stack+0x1b2/0x281
[ 39.266931] print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 39.273000] __lock_acquire+0x2e0e/0x3f20
[ 39.277224] ? trace_hardirqs_on+0x10/0x10
[ 39.281801] ? __lock_acquire+0x5fc/0x3f20
[ 39.286104] lock_acquire+0x170/0x3f0
[ 39.289886] ? target_revfn+0x43/0x210
[ 39.293843] ? target_revfn+0x43/0x210
[ 39.297806] __mutex_lock+0xc4/0x1310
[ 39.301805] ? target_revfn+0x43/0x210
[ 39.305693] ? trace_hardirqs_on+0x10/0x10
[ 39.310291] ? target_revfn+0x43/0x210
[ 39.314272] ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 39.320049] ? __lock_acquire+0x5fc/0x3f20
[ 39.324447] ? __lock_acquire+0x5fc/0x3f20
[ 39.328764] target_revfn+0x43/0x210
[ 39.332691] xt_find_revision+0x15e/0x1d0
[ 39.336904] ? match_revfn+0x210/0x210
[ 39.340858] ? deref_stack_reg+0x124/0x1a0
[ 39.345088] ? nfnetlink_rcv_msg+0x726/0xc00
[ 39.349885] nfnl_compat_get+0x1f7/0x870
[ 39.354808] ? nft_target_validate+0x240/0x240
[ 39.360225] ? nft_target_validate+0x240/0x240
[ 39.365266] nfnetlink_rcv_msg+0x9bb/0xc00
[ 39.369782] ? trace_hardirqs_on_caller+0x3a8/0x580
[ 39.375604] netlink_rcv_skb+0x125/0x390
[ 39.380448] ? nfnetlink_net_exit_batch+0x150/0x150
[ 39.385897] ? netlink_ack+0x9a0/0x9a0
[ 39.389784] ? ns_capable_common+0x127/0x150
[ 39.394270] nfnetlink_rcv+0x1ab/0x1da0
[ 39.398418] ? do_syscall_64+0x1d5/0x640
[ 39.402620] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 39.409745] ? trace_hardirqs_on+0x10/0x10
[ 39.414247] ? __netlink_lookup+0x345/0x5d0
[ 39.418985] ? lock_downgrade+0x740/0x740
[ 39.424183] ? nfnetlink_bind+0x240/0x240
[ 39.428800] ? netlink_table_grab.part.0+0x1f0/0x1f0
[ 39.434069] ? netlink_deliver_tap+0x90/0x7d0
[ 39.438915] ? lock_downgrade+0x740/0x740
[ 39.443171] netlink_unicast+0x437/0x610
[ 39.447219] ? netlink_sendskb+0xd0/0xd0
[ 39.451869] ? __check_object_size+0x179/0x230
[ 39.456874] netlink_sendmsg+0x62e/0xb80
[ 39.461085] ? nlmsg_notify+0x170/0x170
[ 39.465161] ? kernel_recvmsg+0x210/0x210
[ 39.469744] ? security_socket_sendmsg+0x83/0xb0
[ 39.474704] ? nlmsg_notify+0x170/0x170
[ 39.478862] sock_sendmsg+0xb5/0x100
[ 39.483665] ___sys_sendmsg+0x6c8/0x800
[ 39.488324] ? copy_msghdr_from_user+0x3b0/0x3b0
[ 39.493667] ? trace_hardirqs_on+0x10/0x10
[ 39.497887] ? trace_hardirqs_on+0x10/0x10
[ 39.502122] ? __fget+0x1fe/0x360
[ 39.505557] ? lock_acquire+0x170/0x3f0
[ 39.509521] ? lock_downgrade+0x740/0x740
[ 39.513664] ? __fget+0x225/0x360
[ 39.517524] ? __fdget+0x196/0x1f0
[ 39.521201] ? sockfd_lookup_light+0xb2/0x160
[ 39.525784] __sys_sendmsg+0xa3/0x120
[ 39.529715] ? SyS_shutdown+0x160/0x160
[ 39.533968] ? move_addr_to_kernel+0x60/0x60
[ 39.538872] ? __do_page_fault+0x159/0xad0
[ 39.543301] SyS_sendmsg+0x27/0x40
[ 39.546822] ? __sys_sendmsg+0x120/0x120
[ 39.551438] do_syscall_64+0x1d5/0x640
[ 39.555671] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 39.560940] RIP: 0033:0x4402a9
[ 39.564203] RSP: 002b:00007ffe969f28c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 39.572196] RAX: ffffffffffffffda RBX: 00306e616c767069 RCX: 00000000004402a9
[ 39.579538] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[ 39.587405] RBP: 0000000000000000 R08: 00007ffe969f2a68 R09: 00007ffe969f2a68
[ 39.595634] R10: 00007ffe969f2a68 R11: 0000000000000246 R12: 00007ffe969f28dc
[ 39.603234] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488
executing program
[ 39.659012] syz-executor067[8117]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 39.673447] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
executing program
[ 40.232654] IPVS: ftp: loaded support on port[0] = 21
[ 40.262655] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 40.275239] IPVS: ftp: loaded support on port[0] = 21
[ 40.307809] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 40.316910] syz-executor067[8183]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
*** stack smashing detected ***: terminated
executing program
[ 40.940174] IPVS: ftp: loaded support on port[0] = 21
[ 40.971609] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 42.059346] IPVS: ftp: loaded support on port[0] = 21
[ 42.089270] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 42.694983] IPVS: ftp: loaded support on port[0] = 21
[ 42.724635] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 42.737453] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 42.767310] syz-executor067[8272]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 42.782111] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 43.362114] IPVS: ftp: loaded support on port[0] = 21
[ 43.392815] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 43.404543] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 43.451194] syz-executor067[8296]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 43.468280] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 44.519483] IPVS: ftp: loaded support on port[0] = 21
[ 44.550046] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 45.586187] IPVS: ftp: loaded support on port[0] = 21
[ 45.614360] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 46.300181] IPVS: ftp: loaded support on port[0] = 21
[ 46.329430] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 46.341853] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 46.375938] syz-executor067[8406]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 46.387140] ip6_tables: ip6tables: counters copy to user failed while replacing table
*** stack smashing detected ***: terminated
executing program
[ 47.019863] IPVS: ftp: loaded support on port[0] = 21
[ 47.050205] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 47.062340] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 47.099341] syz-executor067[8430]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 47.114299] ip6_tables: ip6tables: counters copy to user failed while replacing table
[ 48.119587] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 48.167052] syz-executor067[8453]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15
[ 48.185883] ip6_tables: ip6tables: counters copy to user failed while replacing table
executing program
[ 48.780078] IPVS: ftp: loaded support on port[0] = 21
[ 48.807029] syz-executor067[8476]: segfault at 7ffe969f2a68 ip 00007ffe969f2a68 sp 00007ffe969f28d8 error 15