Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 30.448087] IPVS: ftp: loaded support on port[0] = 21 [ 30.480882] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 30.550957] IPVS: ftp: loaded support on port[0] = 21 [ 30.582072] ip_tables: iptables: counters copy to user failed while replacing table [ 30.652854] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 30.835308] [ 30.837355] ====================================================== [ 30.844375] WARNING: possible circular locking dependency detected [ 30.851072] 4.14.232-syzkaller #0 Not tainted [ 30.856110] ------------------------------------------------------ [ 30.864267] syz-executor125/8027 is trying to acquire lock: [ 30.871200] (rtnl_mutex){+.+.}, at: [] unregister_netdevice_notifier+0x5e/0x2b0 [ 30.881729] [ 30.881729] but task is already holding lock: [ 30.891766] (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 30.901875] [ 30.901875] which lock already depends on the new lock. [ 30.901875] [ 30.911242] [ 30.911242] the existing dependency chain (in reverse order) is: [ 30.921533] [ 30.921533] -> #2 (&xt[i].mutex){+.+.}: [ 30.927189] __mutex_lock+0xc4/0x1310 [ 30.932207] match_revfn+0x43/0x210 [ 30.936696] xt_find_revision+0x8d/0x1d0 [ 30.941358] nfnl_compat_get+0x1f7/0x870 [ 30.946192] nfnetlink_rcv_msg+0x9bb/0xc00 [ 30.951206] netlink_rcv_skb+0x125/0x390 [ 30.956468] nfnetlink_rcv+0x1ab/0x1da0 [ 30.961963] netlink_unicast+0x437/0x610 [ 30.967659] netlink_sendmsg+0x62e/0xb80 [ 30.972645] sock_sendmsg+0xb5/0x100 [ 30.977512] ___sys_sendmsg+0x6c8/0x800 [ 30.983321] __sys_sendmsg+0xa3/0x120 [ 30.988508] SyS_sendmsg+0x27/0x40 [ 30.993367] do_syscall_64+0x1d5/0x640 [ 30.998381] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.004975] [ 31.004975] -> #1 (&table[i].mutex){+.+.}: [ 31.010807] __mutex_lock+0xc4/0x1310 [ 31.016262] nf_tables_netdev_event+0x10d/0x4d0 [ 31.023403] notifier_call_chain+0x108/0x1a0 [ 31.028715] rollback_registered_many+0x765/0xba0 [ 31.034742] unregister_netdevice_many.part.0+0x18/0x2e0 [ 31.041238] unregister_netdevice_many+0x36/0x50 [ 31.047759] ip6gre_exit_net+0x41e/0x570 [ 31.052854] ops_exit_list+0xa5/0x150 [ 31.057529] cleanup_net+0x3b3/0x840 [ 31.061889] process_one_work+0x793/0x14a0 [ 31.066843] worker_thread+0x5cc/0xff0 [ 31.071971] kthread+0x30d/0x420 [ 31.076045] ret_from_fork+0x24/0x30 [ 31.080777] [ 31.080777] -> #0 (rtnl_mutex){+.+.}: [ 31.086501] lock_acquire+0x170/0x3f0 [ 31.090980] __mutex_lock+0xc4/0x1310 [ 31.095811] unregister_netdevice_notifier+0x5e/0x2b0 [ 31.102552] tee_tg_destroy+0x5c/0xb0 [ 31.107480] cleanup_entry+0x1fd/0x2d0 [ 31.112142] __do_replace+0x38d/0x570 [ 31.117841] do_ipt_set_ctl+0x256/0x3a0 [ 31.122679] nf_setsockopt+0x5f/0xb0 [ 31.127656] ip_setsockopt+0x94/0xb0 [ 31.132137] udp_setsockopt+0x45/0x80 [ 31.136707] SyS_setsockopt+0x110/0x1e0 [ 31.141185] do_syscall_64+0x1d5/0x640 [ 31.145838] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.151853] [ 31.151853] other info that might help us debug this: [ 31.151853] [ 31.161017] Chain exists of: [ 31.161017] rtnl_mutex --> &table[i].mutex --> &xt[i].mutex [ 31.161017] [ 31.171595] Possible unsafe locking scenario: [ 31.171595] [ 31.177912] CPU0 CPU1 [ 31.182821] ---- ---- [ 31.187654] lock(&xt[i].mutex); [ 31.191276] lock(&table[i].mutex); [ 31.197785] lock(&xt[i].mutex); [ 31.204231] lock(rtnl_mutex); [ 31.207489] [ 31.207489] *** DEADLOCK *** [ 31.207489] [ 31.213633] 1 lock held by syz-executor125/8027: [ 31.218703] #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 [ 31.227619] [ 31.227619] stack backtrace: [ 31.232276] CPU: 1 PID: 8027 Comm: syz-executor125 Not tainted 4.14.232-syzkaller #0 [ 31.240543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.250434] Call Trace: [ 31.253253] dump_stack+0x1b2/0x281 [ 31.257328] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 31.263370] __lock_acquire+0x2e0e/0x3f20 [ 31.267867] ? trace_hardirqs_on+0x10/0x10 [ 31.272216] ? kernel_text_address+0xbd/0xf0 [ 31.277492] ? __lock_acquire+0x5fc/0x3f20 [ 31.282424] lock_acquire+0x170/0x3f0 [ 31.286580] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 31.292663] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 31.299408] __mutex_lock+0xc4/0x1310 [ 31.303394] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 31.311101] ? lock_acquire+0x170/0x3f0 [ 31.315989] ? trace_hardirqs_on+0x10/0x10 [ 31.320469] ? unregister_netdevice_notifier+0x5e/0x2b0 [ 31.326415] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 31.331857] ? pcpu_next_fit_region.constprop.0+0x3a0/0x3a0 [ 31.338066] ? cleanup_entry+0x117/0x2d0 [ 31.342208] ? free_percpu+0x23e/0x730 [ 31.346257] unregister_netdevice_notifier+0x5e/0x2b0 [ 31.352067] ? register_netdevice_notifier+0x4d0/0x4d0 [ 31.357781] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 31.363049] ? free_percpu+0x23e/0x730 [ 31.367096] tee_tg_destroy+0x5c/0xb0 [ 31.371235] ? tee_tg6+0x160/0x160 [ 31.374934] cleanup_entry+0x1fd/0x2d0 [ 31.379422] ? compat_do_ipt_get_ctl+0x7b0/0x7b0 [ 31.384735] __do_replace+0x38d/0x570 [ 31.388951] ? ipt_unregister_table+0x60/0x60 [ 31.394856] do_ipt_set_ctl+0x256/0x3a0 [ 31.399308] ? compat_do_ipt_set_ctl+0x140/0x140 [ 31.404501] ? nf_sockopt_find.constprop.0+0x1ad/0x220 [ 31.410117] nf_setsockopt+0x5f/0xb0 [ 31.413852] ip_setsockopt+0x94/0xb0 [ 31.417918] udp_setsockopt+0x45/0x80 [ 31.421721] SyS_setsockopt+0x110/0x1e0 [ 31.425681] ? SyS_recv+0x40/0x40 [ 31.429136] ? up_read+0x17/0x30 [ 31.432955] ? __do_page_fault+0x159/0xad0 executing program [ 31.437435] ? do_syscall_64+0x4c/0x640 [ 31.441392] ? SyS_recv+0x40/0x40 [ 31.445001] do_syscall_64+0x1d5/0x640 [ 31.449051] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.454488] RIP: 0033:0x445fe9 [ 31.458009] RSP: 002b:00007fbd2b3be318 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 31.465969] RAX: ffffffffffffffda RBX: 00000000004cb438 RCX: 0000000000445fe9 [ 31.474124] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 31.483350] RBP: 00000000004cb430 R08: 0000000000000460 R09: 0000000000000000 [ 31.491251] R10: 00000000200005c0 R11: 0000000000000246 R12: 000000000049b074 [ 31.499333] R13: 00007ffc21794cef R14: 00007fbd2b3be400 R15: 0000000000022000 [ 31.508724] ip_tables: iptables: counters copy to user failed while replacing table [ 31.572139] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 31.753130] ip_tables: iptables: counters copy to user failed while replacing table executing program executing program [ 31.931018] ip_tables: iptables: counters copy to user failed while replacing table [ 31.968057] IPVS: ftp: loaded support on port[0] = 21 [ 32.050348] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 32.228765] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 32.407987] ip_tables: iptables: counters copy to user failed while replacing table executing program executing program executing program [ 32.606783] IPVS: ftp: loaded support on port[0] = 21 [ 32.638047] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program [ 33.770550] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program [ 34.453311] IPVS: ftp: loaded support on port[0] = 21 executing program [ 34.484663] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program [ 35.588587] IPVS: ftp: loaded support on port[0] = 21 [ 35.595715] net_ratelimit: 20 callbacks suppressed [ 35.595718] ip_tables: iptables: counters copy to user failed while replacing table [ 35.691098] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 35.869882] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.047638] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.224675] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.295400] IPVS: ftp: loaded support on port[0] = 21 [ 36.378689] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.557494] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.736372] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.915506] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 36.986825] IPVS: ftp: loaded support on port[0] = 21 [ 37.069228] ip_tables: iptables: counters copy to user failed while replacing table executing program executing program executing program executing program executing program [ 37.662982] IPVS: ftp: loaded support on port[0] = 21 [ 37.696709] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program [ 38.778781] IPVS: ftp: loaded support on port[0] = 21 [ 38.813665] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program executing program [ 39.981478] IPVS: ftp: loaded support on port[0] = 21 [ 40.013174] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 40.614862] net_ratelimit: 23 callbacks suppressed [ 40.614864] ip_tables: iptables: counters copy to user failed while replacing table executing program [ 40.798791] ip_tables: iptables: counters copy to user failed while replacing table