Warning: Permanently added '10.128.1.90' (ECDSA) to the list of known hosts. executing program [ 29.699088] ip_tables: iptables: counters copy to user failed while replacing table [ 29.784781] [ 29.786590] ====================================================== [ 29.792892] WARNING: possible circular locking dependency detected [ 29.799195] 4.14.266-syzkaller #0 Not tainted [ 29.803673] ------------------------------------------------------ [ 29.809978] syz-executor225/7977 is trying to acquire lock: [ 29.815669] (rtnl_mutex){+.+.}, at: [] unregister_netdevice_notifier+0x5e/0x2b0 [ 29.824771] [ 29.824771] but task is already holding lock: [ 29.830724] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 29.839038] [ 29.839038] which lock already depends on the new lock. [ 29.839038] [ 29.847342] [ 29.847342] the existing dependency chain (in reverse order) is: [ 29.855029] [ 29.855029] -> #2 (&xt[i].mutex){+.+.}: [ 29.860464] __mutex_lock+0xc4/0x1310 [ 29.864760] match_revfn+0x43/0x210 [ 29.868881] xt_find_revision+0x8d/0x1d0 [ 29.873433] nfnl_compat_get+0x1f7/0x870 [ 29.877984] nfnetlink_rcv_msg+0x9bb/0xc00 [ 29.882708] netlink_rcv_skb+0x125/0x390 [ 29.887264] nfnetlink_rcv+0x1ab/0x1da0 [ 29.891742] netlink_unicast+0x437/0x610 [ 29.896447] netlink_sendmsg+0x648/0xbc0 [ 29.901010] sock_sendmsg+0xb5/0x100 [ 29.905215] ___sys_sendmsg+0x6c8/0x800 [ 29.909680] __sys_sendmsg+0xa3/0x120 [ 29.913969] SyS_sendmsg+0x27/0x40 [ 29.918002] do_syscall_64+0x1d5/0x640 [ 29.922381] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.928059] [ 29.928059] -> #1 (&table[i].mutex){+.+.}: [ 29.933771] __mutex_lock+0xc4/0x1310 [ 29.938066] nf_tables_netdev_event+0x10d/0x4d0 [ 29.943224] notifier_call_chain+0x108/0x1a0 [ 29.948122] rollback_registered_many+0x765/0xba0 [ 29.953466] unregister_netdevice_many.part.0+0x18/0x2e0 [ 29.959404] unregister_netdevice_many+0x36/0x50 [ 29.964651] rtnl_newlink+0x13fd/0x1830 [ 29.969116] rtnetlink_rcv_msg+0x3be/0xb10 [ 29.973840] netlink_rcv_skb+0x125/0x390 [ 29.978389] netlink_unicast+0x437/0x610 [ 29.982940] netlink_sendmsg+0x648/0xbc0 [ 29.987492] sock_sendmsg+0xb5/0x100 [ 29.991700] ___sys_sendmsg+0x6c8/0x800 [ 29.996181] __sys_sendmsg+0xa3/0x120 [ 30.000490] SyS_sendmsg+0x27/0x40 [ 30.004528] do_syscall_64+0x1d5/0x640 [ 30.008911] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.014590] [ 30.014590] -> #0 (rtnl_mutex){+.+.}: [ 30.019850] lock_acquire+0x170/0x3f0 [ 30.024149] __mutex_lock+0xc4/0x1310 [ 30.028443] unregister_netdevice_notifier+0x5e/0x2b0 [ 30.034134] tee_tg_destroy+0x5c/0xb0 [ 30.038449] cleanup_entry+0x1fd/0x2d0 [ 30.042829] __do_replace+0x38d/0x570 [ 30.047138] do_ipt_set_ctl+0x256/0x3a0 [ 30.051608] nf_setsockopt+0x5f/0xb0 [ 30.055856] ip_setsockopt+0x94/0xb0 [ 30.060161] udp_setsockopt+0x45/0x80 [ 30.064458] SyS_setsockopt+0x110/0x1e0 [ 30.068944] do_syscall_64+0x1d5/0x640 [ 30.073336] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.079023] [ 30.079023] other info that might help us debug this: [ 30.079023] [ 30.087146] Chain exists of: [ 30.087146] rtnl_mutex --> &table[i].mutex --> &xt[i].mutex [ 30.087146] [ 30.097361] Possible unsafe locking scenario: [ 30.097361] [ 30.103387] CPU0 CPU1 [ 30.108025] ---- ---- [ 30.112678] lock(&xt[i].mutex); [ 30.116106] lock(&table[i].mutex); [ 30.122311] lock(&xt[i].mutex); [ 30.128253] lock(rtnl_mutex); [ 30.131504] [ 30.131504] *** DEADLOCK *** [ 30.131504] [ 30.137537] 1 lock held by syz-executor225/7977: [ 30.142262] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 30.150994] [ 30.150994] stack backtrace: [ 30.155475] CPU: 1 PID: 7977 Comm: syz-executor225 Not tainted 4.14.266-syzkaller #0 [ 30.163329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.172676] Call Trace: [ 30.175245] dump_stack+0x1b2/0x281 [ 30.178844] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.184625] __lock_acquire+0x2e0e/0x3f20 [ 30.188744] ? lock_downgrade+0x740/0x740 [ 30.192870] ? trace_hardirqs_on+0x10/0x10 [ 30.197082] ? kernel_text_address+0xbd/0xf0 [ 30.201464] ? __lock_acquire+0x5fc/0x3f20 [ 30.205673] ? __kernel_text_address+0x9/0x30 [ 30.210143] lock_acquire+0x170/0x3f0 [ 30.214106] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 30.219441] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 30.224813] __mutex_lock+0xc4/0x1310 [ 30.228585] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 30.233923] ? __lock_acquire+0x5fc/0x3f20 [ 30.238136] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 30.243558] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 30.248978] ? lock_acquire+0x170/0x3f0 [ 30.252921] ? trace_hardirqs_on+0x10/0x10 [ 30.257140] ? xt_find_table_lock+0x38/0x3d0 [ 30.261526] ? __mutex_lock+0x360/0x1310 [ 30.265566] unregister_netdevice_notifier+0x5e/0x2b0 [ 30.270740] ? register_netdevice_notifier+0x4d0/0x4d0 [ 30.275990] tee_tg_destroy+0x5c/0xb0 [ 30.279761] ? tee_tg6+0x160/0x160 [ 30.283273] cleanup_entry+0x1fd/0x2d0 [ 30.287132] ? cpumask_next+0x30/0x40 [ 30.290910] ? compat_do_ipt_get_ctl+0x7b0/0x7b0 [ 30.295823] __do_replace+0x38d/0x570 [ 30.299594] ? ipt_unregister_table+0x60/0x60 [ 30.304064] do_ipt_set_ctl+0x256/0x3a0 [ 30.308014] ? compat_do_ipt_set_ctl+0x140/0x140 [ 30.312748] ? nf_sockopt_find.constprop.0+0x1ad/0x220 [ 30.317994] nf_setsockopt+0x5f/0xb0 [ 30.321685] ip_setsockopt+0x94/0xb0 [ 30.325371] udp_setsockopt+0x45/0x80 [ 30.329147] SyS_setsockopt+0x110/0x1e0 [ 30.333094] ? SyS_recv+0x40/0x40 [ 30.336517] ? up_read+0x17/0x30 [ 30.339854] ? __do_page_fault+0x159/0xad0 [ 30.344076] ? do_syscall_64+0x4c/0x640 [ 30.348022] ? SyS_recv+0x40/0x40 [ 30.351445] do_syscall_64+0x1d5/0x640 [ 30.355314] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.360475] RIP: 0033:0x7f1845676629 [ 30.364158] RSP: 002b:00007ffdc0490f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 30.371835] RAX: ffffffffffffffda RBX: 0000003065736f72 RCX: 00007f1845676629 [ 30.379087] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 30.386327] RBP: 0000000000000000 R08: 0000000000000328 R09: 00007ffdc04910b8 [ 30.393570] R10: 0000000020000400 R11: 0000000000000246 R12: 00007ffdc0490f2c [ 30.400810] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 30.408727] ip_tables: iptables: counters copy to user failed while replacing table [ 30.478264] ip_tables: iptables: counters copy to user failed while replacing table [ 30.526727] ip_tables: iptables: counters copy to user failed while replacing table [ 30.568294] ip_tables: iptables: counters copy to user failed while replacing table [ 30.618245] ip_tables: iptables: counters copy to user failed while replacing table [ 30.686105] ip_tables: iptables: counters copy to user failed while replacing table [ 30.746406] ip_tables: iptables: counters copy to user failed while replacing table [ 30.788482] ip_tables: iptables: counters copy to user failed while replacing table [ 30.846616] ip_tables: iptables: counters copy to user failed while replacing table [ 34.713213] net_ratelimit: 74 callbacks suppressed [ 34.713217] ip_tables: iptables: counters copy to user failed while replacing table [ 34.776371] ip_tables: iptables: counters copy to user failed while replacing table [ 34.815686] ip_tables: iptables: counters copy to user failed while replacing table [ 34.874230] ip_tables: iptables: counters copy to user failed while replacing table [ 34.934065] ip_tables: iptables: counters copy to user failed while replacing table [ 34.974144] ip_tables: iptables: counters copy to user failed while replacing table [ 35.017681] ip_tables: iptables: counters copy to user failed while replacing table [ 35.084569] ip_tables: iptables: counters copy to user failed while replacing table [ 35.124144] ip_tables: iptables: counters copy to user failed while replacing table [ 35.211993] ip_tables: iptables: counters copy to user failed while replacing table [ 39.741327] net_ratelimit: 89 callbacks suppressed [ 39.741331] ip_tables: iptables: counters copy to user failed while replacing table