nla_parse: 1 callbacks suppressed
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
======================================================
WARNING: possible circular locking dependency detected
4.14.302-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/12172 is trying to acquire lock:
 (&xt[i].mutex){+.+.}, at: [<ffffffff85f1f86e>] xt_find_target+0x3e/0x1e0 net/netfilter/x_tables.c:232

but task is already holding lock:
 (rtnl_mutex){+.+.}, at: [<ffffffff85c8babd>] rtnl_lock net/core/rtnetlink.c:72 [inline]
 (rtnl_mutex){+.+.}, at: [<ffffffff85c8babd>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (rtnl_mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       unregister_netdevice_notifier+0x5e/0x2b0 net/core/dev.c:1630
       tee_tg_destroy+0x5c/0xb0 net/netfilter/xt_TEE.c:123
       cleanup_entry+0x232/0x310 net/ipv6/netfilter/ip6_tables.c:685
       __do_replace+0x38d/0x580 net/ipv4/netfilter/arp_tables.c:930
       do_replace net/ipv6/netfilter/ip6_tables.c:1162 [inline]
       do_ip6t_set_ctl+0x256/0x3b0 net/ipv6/netfilter/ip6_tables.c:1688
       nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
       nf_setsockopt+0x5f/0xb0 net/netfilter/nf_sockopt.c:115
       ipv6_setsockopt+0xc0/0x120 net/ipv6/ipv6_sockglue.c:944
       tcp_setsockopt+0x7b/0xc0 net/ipv4/tcp.c:2831
       SYSC_setsockopt net/socket.c:1865 [inline]
       SyS_setsockopt+0x110/0x1e0 net/socket.c:1844
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&xt[i].mutex){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       xt_find_target+0x3e/0x1e0 net/netfilter/x_tables.c:232
       xt_request_find_target net/netfilter/x_tables.c:261 [inline]
       xt_request_find_target+0x72/0xe0 net/netfilter/x_tables.c:254
       ipt_init_target+0xb9/0x250 net/sched/act_ipt.c:45
       __tcf_ipt_init+0x48d/0xc00 net/sched/act_ipt.c:168
       tcf_ipt_init+0x43/0x50 net/sched/act_ipt.c:202
       tcf_action_init_1+0x51a/0x9e0 net/sched/act_api.c:691
       tcf_action_init+0x26d/0x400 net/sched/act_api.c:760
       tcf_action_add net/sched/act_api.c:1088 [inline]
       tc_ctl_action+0x2e3/0x510 net/sched/act_api.c:1140
       rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322
       netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2454
       netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
       netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
       netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
       sock_sendmsg_nosec net/socket.c:646 [inline]
       sock_sendmsg+0xb5/0x100 net/socket.c:656
       ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
       __sys_sendmsg+0xa3/0x120 net/socket.c:2096
       SYSC_sendmsg net/socket.c:2107 [inline]
       SyS_sendmsg+0x27/0x40 net/socket.c:2103
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(rtnl_mutex);
                               lock(&xt[i].mutex);
                               lock(rtnl_mutex);
  lock(&xt[i].mutex);

 *** DEADLOCK ***

1 lock held by syz-executor.1/12172:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c8babd>] rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c8babd>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317

stack backtrace:
CPU: 0 PID: 12172 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
 xt_find_target+0x3e/0x1e0 net/netfilter/x_tables.c:232
 xt_request_find_target net/netfilter/x_tables.c:261 [inline]
 xt_request_find_target+0x72/0xe0 net/netfilter/x_tables.c:254
 ipt_init_target+0xb9/0x250 net/sched/act_ipt.c:45
 __tcf_ipt_init+0x48d/0xc00 net/sched/act_ipt.c:168
 tcf_ipt_init+0x43/0x50 net/sched/act_ipt.c:202
 tcf_action_init_1+0x51a/0x9e0 net/sched/act_api.c:691
 tcf_action_init+0x26d/0x400 net/sched/act_api.c:760
 tcf_action_add net/sched/act_api.c:1088 [inline]
 tc_ctl_action+0x2e3/0x510 net/sched/act_api.c:1140
 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2454
 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f7ab54db0c9
RSP: 002b:00007f7ab3a4d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f7ab55faf80 RCX: 00007f7ab54db0c9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00007f7ab5536ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc899db49f R14: 00007f7ab3a4d300 R15: 0000000000022000
x_tables: ip_tables: .0 target: invalid size 8 (kernel) != (user) 6
FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff" or missing value
print_req_error: 9 callbacks suppressed
print_req_error: I/O error, dev loop3, sector 0
snd_aloop snd_aloop.0: control 0:0:0:syz1:0 is already present
snd_aloop snd_aloop.0: control 0:0:0:syz1:0 is already present
snd_aloop snd_aloop.0: control 0:0:0:syz1:0 is already present
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff" or missing value
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿÿ184467440737095516150xffffffffffffffff" or missing value
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
XFS (loop3): Mounting V4 Filesystem
XFS (loop3): Ending clean mount
XFS (loop3): Unmounting Filesystem
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
IPVS: ftp: loaded support on port[0] = 21
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
FAT-fs (loop2): mounting with "discard" option, but the device does not support discard
kauditd_printk_skb: 16 callbacks suppressed
audit: type=1804 audit(1673308493.405:39): pid=12823 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir4014479327/syzkaller.i9LH5a/110/file0/bus" dev="loop2" ino=4 res=1
EXT4-fs warning (device sda1): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed
FAT-fs (loop2): mounting with "discard" option, but the device does not support discard
audit: type=1804 audit(1673308493.875:40): pid=12878 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir4014479327/syzkaller.i9LH5a/111/file0/bus" dev="loop2" ino=6 res=1
EXT4-fs warning (device sda1): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed
FAT-fs (loop2): mounting with "discard" option, but the device does not support discard
FAT-fs (loop1): mounting with "discard" option, but the device does not support discard
audit: type=1804 audit(1673308494.575:41): pid=12925 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir4014479327/syzkaller.i9LH5a/112/file0/bus" dev="loop2" ino=9 res=1
EXT4-fs warning (device sda1): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed
audit: type=1804 audit(1673308494.615:42): pid=12927 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir487576323/syzkaller.dPkswD/113/file0/bus" dev="loop1" ino=10 res=1
JFS: discard option not supported on device
EXT4-fs warning (device sda1): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed
JFS: discard option not supported on device