kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. ip_tables: iptables: counters copy to user failed while replacing table ============================= WARNING: suspicious RCU usage 4.14.281-syzkaller #0 Not tainted ----------------------------- net/netfilter/nf_queue.c:244 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 6 locks held by syz-executor.0/8005: #0: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&type->i_mutex_dir_key#3/1){+.+.}, at: [] inode_lock_nested include/linux/fs.h:754 [inline] #1: (&type->i_mutex_dir_key#3/1){+.+.}, at: [] do_rmdir+0x1de/0x3c0 fs/namei.c:3956 #2: (sb_internal){.+.+}, at: [] sb_start_intwrite include/linux/fs.h:1598 [inline] #2: (sb_internal){.+.+}, at: [] ext4_evict_inode+0x1079/0x1530 fs/ext4/inode.c:258 #3: (&ei->i_data_sem){++++}, at: [] ext4_truncate+0x62c/0x1190 fs/ext4/inode.c:4493 #4: (rcu_callback){....}, at: [] __rcu_reclaim kernel/rcu/rcu.h:185 [inline] #4: (rcu_callback){....}, at: [] rcu_do_batch kernel/rcu/tree.c:2699 [inline] #4: (rcu_callback){....}, at: [] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] #4: (rcu_callback){....}, at: [] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] #4: (rcu_callback){....}, at: [] rcu_process_callbacks+0x84e/0x1180 kernel/rcu/tree.c:2946 #5: (&(&inst->lock)->rlock){+.-.}, at: [] spin_lock_bh include/linux/spinlock.h:322 [inline] #5: (&(&inst->lock)->rlock){+.-.}, at: [] nfqnl_flush+0x2f/0x2a0 net/netfilter/nfnetlink_queue.c:232 stack backtrace: CPU: 1 PID: 8005 Comm: syz-executor.0 Not tainted 4.14.281-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nf_reinject+0x56e/0x700 net/netfilter/nf_queue.c:244 nfqnl_flush+0x1ab/0x2a0 net/netfilter/nfnetlink_queue.c:237 instance_destroy_rcu+0x19/0x30 net/netfilter/nfnetlink_queue.c:171 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_release+0x41e/0x870 kernel/locking/lockdep.c:4020 RSP: 0018:ffff888092647640 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e1311 RBX: 1ffff110124c8ecb RCX: 1ffff110127c5d9d RDX: dffffc0000000000 RSI: 0000000000000005 RDI: 0000000000000282 RBP: ffff888093e2e3c0 R08: 0000000000000000 R09: 0000000000000004 R10: 0000000000000000 R11: ffff888093e2e3c0 R12: 8b2e8d88ba099321 R13: 0000000000000003 R14: ffff888093e2e3c0 R15: 0000000000000005 rcu_lock_release include/linux/rcupdate.h:247 [inline] rcu_read_unlock include/linux/rcupdate.h:685 [inline] ext4_get_group_desc+0x1b0/0x430 fs/ext4/balloc.c:294 ext4_read_block_bitmap_nowait+0x53/0x1ea0 fs/ext4/balloc.c:438 ext4_read_block_bitmap+0x19/0xa0 fs/ext4/balloc.c:546 ext4_free_blocks+0x5c8/0x2340 fs/ext4/mballoc.c:4865 ext4_remove_blocks fs/ext4/extents.c:2596 [inline] ext4_ext_rm_leaf fs/ext4/extents.c:2752 [inline] ext4_ext_remove_space+0x22d7/0x3830 fs/ext4/extents.c:2985 ext4_ext_truncate+0x19b/0x1e0 fs/ext4/extents.c:4682 ext4_truncate+0xbab/0x1190 fs/ext4/inode.c:4498 ext4_evict_inode+0x854/0x1530 fs/ext4/inode.c:304 evict+0x2c8/0x700 fs/inode.c:555 iput_final fs/inode.c:1524 [inline] iput+0x458/0x7e0 fs/inode.c:1551 dentry_unlink_inode+0x25c/0x310 fs/dcache.c:387 d_delete+0x1c5/0x280 fs/dcache.c:2417 vfs_rmdir.part.0+0x260/0x390 fs/namei.c:3920 vfs_rmdir fs/namei.c:3893 [inline] do_rmdir+0x334/0x3c0 fs/namei.c:3968 SYSC_unlinkat fs/namei.c:4132 [inline] SyS_unlinkat+0x52/0x70 fs/namei.c:4126 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f7aa9eeca77 RSP: 002b:00007ffd1b956b28 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f7aa9eeca77 RDX: 0000000000000200 RSI: 00007ffd1b957cb0 RDI: 00000000ffffff9c RBP: 00007ffd1b956bf0 R08: 0000000000000000 R09: 00007ffd1b9569c0 R10: 00005555563e38e3 R11: 0000000000000207 R12: 00007f7aa9f461f8 R13: 00007ffd1b957cb0 R14: 00005555563e3810 R15: 00007ffd1b957cf0 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. IPVS: ftp: loaded support on port[0] = 21 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. ip_tables: iptables: counters copy to user failed while replacing table kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns ip_tables: iptables: counters copy to user failed while replacing table netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 kauditd_printk_skb: 5 callbacks suppressed audit: type=1800 audit(1654175281.505:107): pid=11386 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14313 res=0 device lo entered promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 audit: type=1800 audit(1654175282.365:108): pid=11434 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14270 res=0 audit: type=1800 audit(1654175283.005:109): pid=11457 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=14319 res=0 9pnet_virtio: no channels available for device 127.0.0.1 audit: type=1800 audit(1654175283.615:110): pid=11468 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14320 res=0 audit: type=1800 audit(1654175284.285:111): pid=11485 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=14298 res=0 9pnet_virtio: no channels available for device 127.0.0.1 audit: type=1800 audit(1654175284.975:112): pid=11505 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14303 res=0 audit: type=1800 audit(1654175285.565:113): pid=11522 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=14293 res=0 (unnamed net_device) (uninitialized): Device bond_slave_1 is not our slave (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.