[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.355508] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 28.427543] [ 28.429192] ====================================================== [ 28.435499] WARNING: possible circular locking dependency detected [ 28.441843] 4.14.260-syzkaller #0 Not tainted [ 28.446330] ------------------------------------------------------ [ 28.452681] syz-executor285/8001 is trying to acquire lock: [ 28.458377] (rtnl_mutex){+.+.}, at: [] unregister_netdevice_notifier+0x5e/0x2b0 [ 28.467576] [ 28.467576] but task is already holding lock: [ 28.473537] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 28.481859] [ 28.481859] which lock already depends on the new lock. [ 28.481859] [ 28.490252] [ 28.490252] the existing dependency chain (in reverse order) is: [ 28.497904] [ 28.497904] -> #2 (&xt[i].mutex){+.+.}: [ 28.503342] __mutex_lock+0xc4/0x1310 [ 28.507640] match_revfn+0x43/0x210 [ 28.511762] xt_find_revision+0x8d/0x1d0 [ 28.516320] nfnl_compat_get+0x1f7/0x870 [ 28.520900] nfnetlink_rcv_msg+0x9bb/0xc00 [ 28.525636] netlink_rcv_skb+0x125/0x390 [ 28.530281] nfnetlink_rcv+0x1ab/0x1da0 [ 28.534755] netlink_unicast+0x437/0x610 [ 28.539313] netlink_sendmsg+0x648/0xbc0 [ 28.543881] sock_sendmsg+0xb5/0x100 [ 28.548097] ___sys_sendmsg+0x6c8/0x800 [ 28.552568] __sys_sendmsg+0xa3/0x120 [ 28.556865] SyS_sendmsg+0x27/0x40 [ 28.560909] do_syscall_64+0x1d5/0x640 [ 28.565290] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.570974] [ 28.570974] -> #1 (&table[i].mutex){+.+.}: [ 28.576668] __mutex_lock+0xc4/0x1310 [ 28.580979] nf_tables_netdev_event+0x10d/0x4d0 [ 28.586159] notifier_call_chain+0x108/0x1a0 [ 28.591068] rollback_registered_many+0x765/0xba0 [ 28.596423] rollback_registered+0xca/0x170 [ 28.601263] register_netdevice+0xbb5/0xe40 [ 28.606080] ip_tunnel_newlink+0x368/0x820 [ 28.610809] ipgre_newlink+0xe7/0x130 [ 28.615105] rtnl_newlink+0xfab/0x1860 [ 28.619505] rtnetlink_rcv_msg+0x3be/0xb10 [ 28.624247] netlink_rcv_skb+0x125/0x390 [ 28.628812] netlink_unicast+0x437/0x610 [ 28.633453] netlink_sendmsg+0x648/0xbc0 [ 28.638010] sock_sendmsg+0xb5/0x100 [ 28.642217] ___sys_sendmsg+0x6c8/0x800 [ 28.646770] __sys_sendmsg+0xa3/0x120 [ 28.651149] SyS_sendmsg+0x27/0x40 [ 28.655195] do_syscall_64+0x1d5/0x640 [ 28.659579] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.665258] [ 28.665258] -> #0 (rtnl_mutex){+.+.}: [ 28.670520] lock_acquire+0x170/0x3f0 [ 28.674835] __mutex_lock+0xc4/0x1310 [ 28.679130] unregister_netdevice_notifier+0x5e/0x2b0 [ 28.684815] tee_tg_destroy+0x5c/0xb0 [ 28.689111] cleanup_entry+0x1fd/0x2d0 [ 28.693499] __do_replace+0x38d/0x570 [ 28.697795] do_ipt_set_ctl+0x256/0x3a0 [ 28.702265] nf_setsockopt+0x5f/0xb0 [ 28.706472] ip_setsockopt+0x94/0xb0 [ 28.710698] udp_setsockopt+0x45/0x80 [ 28.715014] SyS_setsockopt+0x110/0x1e0 [ 28.719482] do_syscall_64+0x1d5/0x640 [ 28.723865] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.729544] [ 28.729544] other info that might help us debug this: [ 28.729544] [ 28.737662] Chain exists of: [ 28.737662] rtnl_mutex --> &table[i].mutex --> &xt[i].mutex [ 28.737662] [ 28.747881] Possible unsafe locking scenario: [ 28.747881] [ 28.753912] CPU0 CPU1 [ 28.758549] ---- ---- [ 28.763201] lock(&xt[i].mutex); [ 28.766628] lock(&table[i].mutex); [ 28.772832] lock(&xt[i].mutex); [ 28.778788] lock(rtnl_mutex); [ 28.782040] [ 28.782040] *** DEADLOCK *** [ 28.782040] [ 28.788073] 1 lock held by syz-executor285/8001: [ 28.792798] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 28.801532] [ 28.801532] stack backtrace: [ 28.806003] CPU: 1 PID: 8001 Comm: syz-executor285 Not tainted 4.14.260-syzkaller #0 [ 28.813855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.823182] Call Trace: [ 28.825754] dump_stack+0x1b2/0x281 [ 28.829361] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.835135] __lock_acquire+0x2e0e/0x3f20 [ 28.839259] ? trace_hardirqs_on+0x10/0x10 [ 28.843471] ? kernel_text_address+0xbd/0xf0 [ 28.847852] ? __lock_acquire+0x5fc/0x3f20 [ 28.852061] lock_acquire+0x170/0x3f0 [ 28.855858] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 28.861213] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 28.866563] __mutex_lock+0xc4/0x1310 [ 28.870372] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 28.875715] ? lock_acquire+0x170/0x3f0 [ 28.879670] ? recent_mt_destroy+0x163/0x5d0 [ 28.884074] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 28.889416] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.894931] ? __mutex_lock+0x360/0x1310 [ 28.898969] ? cleanup_entry+0x117/0x2d0 [ 28.903011] ? lock_downgrade+0x740/0x740 [ 28.907133] unregister_netdevice_notifier+0x5e/0x2b0 [ 28.912298] ? __mutex_unlock_slowpath+0x75/0x770 [ 28.917121] ? register_netdevice_notifier+0x4d0/0x4d0 [ 28.922806] ? wait_for_completion_io+0x10/0x10 [ 28.927464] tee_tg_destroy+0x5c/0xb0 [ 28.931256] ? tee_tg6+0x160/0x160 [ 28.934778] cleanup_entry+0x1fd/0x2d0 [ 28.938649] ? compat_do_ipt_get_ctl+0x7b0/0x7b0 [ 28.943472] __do_replace+0x38d/0x570 [ 28.947250] ? ipt_unregister_table+0x60/0x60 [ 28.951721] do_ipt_set_ctl+0x256/0x3a0 [ 28.955671] ? compat_do_ipt_set_ctl+0x140/0x140 [ 28.960419] ? nf_sockopt_find.constprop.0+0x1ad/0x220 [ 28.965684] nf_setsockopt+0x5f/0xb0 [ 28.969382] ip_setsockopt+0x94/0xb0 [ 28.973076] udp_setsockopt+0x45/0x80 [ 28.976858] SyS_setsockopt+0x110/0x1e0 [ 28.980828] ? SyS_recv+0x40/0x40 [ 28.984255] ? up_read+0x17/0x30 [ 28.987595] ? __do_page_fault+0x159/0xad0 [ 28.991806] ? do_syscall_64+0x4c/0x640 [ 28.995754] ? SyS_recv+0x40/0x40 [ 28.999181] do_syscall_64+0x1d5/0x640 [ 29.003045] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.008208] RIP: 0033:0x7fb4f6e8b739 [ 29.011894] RSP: 002b:00007fff31b3fdf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 29.019578] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb4f6e8b739 executing program [ 29.026822] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 29.034071] RBP: 00007fff31b3fe20 R08: 0000000000000538 R09: 0000000000000000 [ 29.041315] R10: 0000000020000f00 R11: 0000000000000246 R12: 00007fff31b3fe0c [ 29.048562] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 29.057091] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 29.103089] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 29.152795] ip_tables: iptables: counters copy to user failed while replacing table [ 29.206973] ip_tables: iptables: counters copy to user failed while replacing table [ 29.262912] ip_tables: iptables: counters copy to user failed while replacing table [ 29.314259] ip_tables: iptables: counters copy to user failed while replacing table [ 29.377507] ip_tables: iptables: counters copy to user failed while replacing table [ 29.463292] ip_tables: iptables: counters copy to user failed while replacing table [ 29.523199] ip_tables: iptables: counters copy to user failed while replacing table [ 33.371272] net_ratelimit: 66 callbacks suppressed [ 33.371276] ip_tables: iptables: counters copy to user failed while replacing table [ 33.441745] ip_tables: iptables: counters copy to user failed while replacing table [ 33.521755] ip_tables: iptables: counters copy to user failed while replacing table [ 33.601737] ip_tables: iptables: counters copy to user failed while replacing table [ 33.664135] ip_tables: iptables: counters copy to user failed while replacing table [ 33.731003] ip_tables: iptables: counters copy to user failed while replacing table [ 33.800778] ip_tables: iptables: counters copy to user failed while replacing table [ 33.860957] ip_tables: iptables: counters copy to user failed while replacing table [ 33.912112] ip_tables: iptables: counters copy to user failed while replacing table [ 33.954755] ip_tables: iptables: counters copy to user failed while replacing table [ 38.373188] net_ratelimit: 84 callbacks suppressed [ 38.373191] ip_tables: iptables: counters copy to user failed while replacing table