ip6_tables: ip6tables: counters copy to user failed while replacing table ====================================================== WARNING: possible circular locking dependency detected 4.14.229-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/20189 is trying to acquire lock: (&table[i].mutex){+.+.}, at: [] ip_set_nfnl_put+0x11a/0x310 net/netfilter/ipset/ip_set_core.c:732 but task is already holding lock: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 net/netfilter/x_tables.c:1094 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&xt[i].mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 match_revfn+0x43/0x210 net/netfilter/x_tables.c:332 xt_find_revision+0x8d/0x1d0 net/netfilter/x_tables.c:380 nfnl_compat_get+0x1f7/0x870 net/netfilter/nft_compat.c:678 nfnetlink_rcv_msg+0x9bb/0xc00 net/netfilter/nfnetlink.c:214 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433 nfnetlink_rcv+0x1ab/0x1da0 net/netfilter/nfnetlink.c:515 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&table[i].mutex){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 ip_set_nfnl_put+0x11a/0x310 net/netfilter/ipset/ip_set_core.c:732 cleanup_match net/ipv6/netfilter/ip6_tables.c:491 [inline] cleanup_entry+0x141/0x310 net/ipv6/netfilter/ip6_tables.c:676 __do_replace+0x38d/0x580 net/ipv6/netfilter/ip6_tables.c:1105 do_replace net/ipv6/netfilter/ip6_tables.c:1161 [inline] do_ip6t_set_ctl+0x256/0x3b0 net/ipv6/netfilter/ip6_tables.c:1685 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x5f/0xb0 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt+0xc0/0x120 net/ipv6/ipv6_sockglue.c:937 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1459 SYSC_setsockopt net/socket.c:1865 [inline] SyS_setsockopt+0x110/0x1e0 net/socket.c:1844 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&xt[i].mutex); lock(&table[i].mutex); lock(&xt[i].mutex); lock(&table[i].mutex); *** DEADLOCK *** 1 lock held by syz-executor.0/20189: #0: (&xt[i].mutex){+.+.}, at: [] xt_find_table_lock+0x38/0x3d0 net/netfilter/x_tables.c:1094 stack backtrace: CPU: 0 PID: 20189 Comm: syz-executor.0 Not tainted 4.14.229-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 ip_set_nfnl_put+0x11a/0x310 net/netfilter/ipset/ip_set_core.c:732 cleanup_match net/ipv6/netfilter/ip6_tables.c:491 [inline] cleanup_entry+0x141/0x310 net/ipv6/netfilter/ip6_tables.c:676 __do_replace+0x38d/0x580 net/ipv6/netfilter/ip6_tables.c:1105 do_replace net/ipv6/netfilter/ip6_tables.c:1161 [inline] do_ip6t_set_ctl+0x256/0x3b0 net/ipv6/netfilter/ip6_tables.c:1685 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x5f/0xb0 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt+0xc0/0x120 net/ipv6/ipv6_sockglue.c:937 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1459 SYSC_setsockopt net/socket.c:1865 [inline] SyS_setsockopt+0x110/0x1e0 net/socket.c:1844 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x466459 RSP: 002b:00007f3b315b8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000007 RBP: 00000000004bf9fb R08: 0000000000000480 R09: 0000000000000000 R10: 00000000200005c0 R11: 0000000000000246 R12: 000000000056c008 R13: 00007fff259c8a8f R14: 00007f3b315b8300 R15: 0000000000022000 kauditd_printk_skb: 7 callbacks suppressed audit: type=1804 audit(1617795512.639:369): pid=20193 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir905137392/syzkaller.X9RtKC/505/bus" dev="sda1" ino=15488 res=1 ip6_tables: ip6tables: counters copy to user failed while replacing table ip6_tables: ip6tables: counters copy to user failed while replacing table Cannot find set identified by id 0 to match ip6_tables: ip6tables: counters copy to user failed while replacing table Cannot find set identified by id 0 to match Cannot find set identified by id 0 to match ip6_tables: ip6tables: counters copy to user failed while replacing table audit: type=1804 audit(1617795513.889:370): pid=20255 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir905137392/syzkaller.X9RtKC/506/bus" dev="sda1" ino=15484 res=1 audit: type=1804 audit(1617795513.899:371): pid=20254 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir620558522/syzkaller.Vd9kpo/553/bus" dev="sda1" ino=15486 res=1 audit: type=1804 audit(1617795513.959:372): pid=20260 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir677994383/syzkaller.u82deP/468/bus" dev="sda1" ino=15493 res=1 audit: type=1804 audit(1617795514.359:373): pid=20277 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir077785742/syzkaller.mQar23/575/bus" dev="sda1" ino=15501 res=1 audit: type=1804 audit(1617795514.359:374): pid=20279 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir606317951/syzkaller.7KQ3sg/1366/bus" dev="sda1" ino=15500 res=1 audit: type=1804 audit(1617795514.409:375): pid=20281 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir996785415/syzkaller.xFMXPu/779/bus" dev="sda1" ino=14042 res=1 audit: type=1804 audit(1617795514.939:376): pid=20288 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir620558522/syzkaller.Vd9kpo/554/bus" dev="sda1" ino=15493 res=1 audit: type=1804 audit(1617795515.159:377): pid=20301 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir677994383/syzkaller.u82deP/469/bus" dev="sda1" ino=14045 res=1 audit: type=1804 audit(1617795515.229:378): pid=20300 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir905137392/syzkaller.X9RtKC/507/bus" dev="sda1" ino=14040 res=1 kauditd_printk_skb: 12 callbacks suppressed audit: type=1804 audit(1617795518.459:391): pid=20412 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir677994383/syzkaller.u82deP/472/bus" dev="sda1" ino=14299 res=1 IPVS: ftp: loaded support on port[0] = 21 audit: type=1804 audit(1617795518.509:392): pid=20427 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir620558522/syzkaller.Vd9kpo/557/bus" dev="sda1" ino=14301 res=1 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 audit: type=1804 audit(1617795519.409:393): pid=20518 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir677994383/syzkaller.u82deP/473/bus" dev="sda1" ino=15505 res=1 audit: type=1804 audit(1617795519.719:394): pid=20535 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir620558522/syzkaller.Vd9kpo/558/bus" dev="sda1" ino=15510 res=1 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPVS: ftp: loaded support on port[0] = 21 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error ceph: No mds server is up or the cluster is laggy ceph: No mds server is up or the cluster is laggy libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error ceph: No mds server is up or the cluster is laggy libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error ceph: No mds server is up or the cluster is laggy