ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table WARNING: can't dereference registers at ffff8880910a7228 for ip common_interrupt+0x93/0x93 arch/x86/entry/entry_64.S:576 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. ip_tables: iptables: counters copy to user failed while replacing table device macsec2 entered promiscuous mode device veth5 entered promiscuous mode ip_tables: iptables: counters copy to user failed while replacing table IPv6: ADDRCONF(NETDEV_UP): macsec2: link is not ready ================================================================== BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x131a/0x1700 arch/x86/kernel/unwind_orc.c:474 Read of size 8 at addr ffff8881fef57c68 by task syz-executor.1/601 CPU: 0 PID: 601 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_address_description.cold+0x54/0x1dc mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report mm/kasan/report.c:409 [inline] kasan_report.cold+0xa9/0x2b9 mm/kasan/report.c:393 unwind_next_frame+0x131a/0x1700 arch/x86/kernel/unwind_orc.c:474 perf_callchain_kernel+0x38c/0x520 arch/x86/events/core.c:2343 get_perf_callchain+0x2df/0x740 kernel/events/callchain.c:217 perf_callchain+0x147/0x190 kernel/events/callchain.c:190 perf_prepare_sample+0x75b/0x1350 kernel/events/core.c:6157 __perf_event_output kernel/events/core.c:6273 [inline] perf_event_output_forward+0xc9/0x1f0 kernel/events/core.c:6291 __perf_event_overflow+0x113/0x310 kernel/events/core.c:7536 perf_swevent_overflow+0x17b/0x210 kernel/events/core.c:7612 perf_swevent_event+0x19c/0x270 kernel/events/core.c:7645 perf_tp_event+0x611/0x7d0 kernel/events/core.c:8074 perf_trace_run_bpf_submit kernel/events/core.c:8044 [inline] perf_trace_run_bpf_submit+0x113/0x170 kernel/events/core.c:8030 perf_trace_lock_acquire+0x32c/0x4b0 include/trace/events/lock.h:13 trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0x2b8/0x3f0 kernel/locking/lockdep.c:3997 fs_reclaim_acquire.part.0+0x20/0x30 mm/page_alloc.c:3552 slab_pre_alloc_hook mm/slab.h:416 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x22/0x3c0 mm/slab.c:3550 kmem_cache_zalloc include/linux/slab.h:651 [inline] get_empty_filp+0x86/0x3e0 fs/file_table.c:123 alloc_file+0x23/0x440 fs/file_table.c:164 create_pipe_files+0x47c/0x880 fs/pipe.c:774 __do_pipe_flags+0x30/0x210 fs/pipe.c:816 SYSC_pipe2 fs/pipe.c:864 [inline] SyS_pipe2+0x66/0x120 fs/pipe.c:858 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45cba9 RSP: 002b:00007f0b08bf7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 00000000004fb440 RCX: 000000000045cba9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000085d R14: 0000000000524be7 R15: 00007f0b08bf86d4 The buggy address belongs to the page: page:ffffea0007fbd5c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x57ffe0000000000() raw: 057ffe0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 0000000100000001 ffff8880582284d0 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881fef57b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881fef57b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881fef57c00: 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3 ^ ffff8881fef57c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881fef57d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================