ip_tables: iptables: counters copy to user failed while replacing table
could not allocate digest TFM handle sm3
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 8 Comm: ksoftirqd/0 Not tainted 4.14.286-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
task: ffff8880b540e200 task.stack: ffff8880b5418000
RIP: 0010:skb_segment+0x1733/0x2e60 net/core/skbuff.c:3627
RSP: 0018:ffff8880b541e6a0 EFLAGS: 00010202
RAX: 0000000000000010 RBX: 000000000000113a RCX: ffff8880951db744
RDX: 0000000000000100 RSI: 0000000000000598 RDI: 0000000000000080
RBP: ffff8880b541e830 R08: 0000000000000001 R09: ffffed1014a92073
R10: ffff8880a549039f R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880abebe580 R14: 00000000000010f8 R15: 0000000000000598
FS:  0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff6be94b000 CR3: 00000000b0493000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 sctp_gso_segment net/sctp/offload.c:76 [inline]
 sctp_gso_segment+0x204/0x810 net/sctp/offload.c:43
 inet_gso_segment+0x487/0x10f0 net/ipv4/af_inet.c:1272
 inet_gso_segment+0x487/0x10f0 net/ipv4/af_inet.c:1272
 skb_mac_gso_segment+0x240/0x4c0 net/core/dev.c:2745
 __skb_gso_segment+0x302/0x600 net/core/dev.c:2818
 skb_gso_segment include/linux/netdevice.h:4005 [inline]
 validate_xmit_skb+0x49c/0x9f0 net/core/dev.c:3071
 validate_xmit_skb_list+0xaf/0x110 net/core/dev.c:3122
 sch_direct_xmit+0x2dc/0x500 net/sched/sch_generic.c:181
 qdisc_restart net/sched/sch_generic.c:249 [inline]
 __qdisc_run+0x25d/0xe00 net/sched/sch_generic.c:257
 __dev_xmit_skb net/core/dev.c:3231 [inline]
 __dev_queue_xmit+0x13ac/0x2480 net/core/dev.c:3489
 neigh_hh_output include/net/neighbour.h:490 [inline]
 neigh_output include/net/neighbour.h:498 [inline]
 ip_finish_output2+0x9db/0x1340 net/ipv4/ip_output.c:237
 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:325
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_output+0x1cd/0x510 net/ipv4/ip_output.c:413
 dst_output include/net/dst.h:470 [inline]
 ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125
 iptunnel_xmit+0x5cc/0x950 net/ipv4/ip_tunnel_core.c:91
 ip_tunnel_xmit+0xedc/0x33e0 net/ipv4/ip_tunnel.c:799
 sit_tunnel_xmit__ net/ipv6/sit.c:1006 [inline]
 sit_tunnel_xmit+0x1ab/0x2130 net/ipv6/sit.c:1019
 __netdev_start_xmit include/linux/netdevice.h:4054 [inline]
 netdev_start_xmit include/linux/netdevice.h:4063 [inline]
 xmit_one net/core/dev.c:3005 [inline]
 dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021
 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521
 neigh_output include/net/neighbour.h:500 [inline]
 ip_finish_output2+0xba6/0x1340 net/ipv4/ip_output.c:237
 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:325
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_output+0x1cd/0x510 net/ipv4/ip_output.c:413
 dst_output include/net/dst.h:470 [inline]
 ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125
 nf_dup_ipv4 net/ipv4/netfilter/nf_dup_ipv4.c:91 [inline]
 nf_dup_ipv4+0x4bb/0x680 net/ipv4/netfilter/nf_dup_ipv4.c:53
 tee_tg4+0x109/0x160 net/netfilter/xt_TEE.c:36
 ipt_do_table+0xa9d/0x16f0 net/ipv4/netfilter/ip_tables.c:353
 iptable_filter_hook+0x172/0x1e0 net/ipv4/netfilter/iptable_filter.c:47
 nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
 nf_hook_slow+0xb0/0x1a0 net/netfilter/core.c:468
 nf_hook include/linux/netfilter.h:205 [inline]
 NF_HOOK include/linux/netfilter.h:248 [inline]
 ip_local_deliver+0x28c/0x460 net/ipv4/ip_input.c:257
 dst_input include/net/dst.h:476 [inline]
 ip_rcv_finish+0x6e3/0x19f0 net/ipv4/ip_input.c:396
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ip_rcv+0x8a7/0xf10 net/ipv4/ip_input.c:493
 __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474
 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512
 process_backlog+0x218/0x6f0 net/core/dev.c:5195
 napi_poll net/core/dev.c:5604 [inline]
 net_rx_action+0x466/0xfd0 net/core/dev.c:5670
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 run_ksoftirqd+0x50/0x1a0 kernel/softirq.c:670
 smpboot_thread_fn+0x5c1/0x920 kernel/smpboot.c:164
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 24 53 00 c7 44 24 1c 00 00 00 00 e9 ae ec ff ff e8 23 e2 94 fb 48 8b 84 24 e8 00 00 00 48 8d b8 80 00 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 8b 16 00 00 48 8b 84 24 
RIP: skb_segment+0x1733/0x2e60 net/core/skbuff.c:3627 RSP: ffff8880b541e6a0
---[ end trace 5270ba1bb7fb1d5b ]---
----------------
Code disassembly (best guess):
   0:	24 53                	and    $0x53,%al
   2:	00 c7                	add    %al,%bh
   4:	44 24 1c             	rex.R and $0x1c,%al
   7:	00 00                	add    %al,(%rax)
   9:	00 00                	add    %al,(%rax)
   b:	e9 ae ec ff ff       	jmpq   0xffffecbe
  10:	e8 23 e2 94 fb       	callq  0xfb94e238
  15:	48 8b 84 24 e8 00 00 	mov    0xe8(%rsp),%rax
  1c:	00
  1d:	48 8d b8 80 00 00 00 	lea    0x80(%rax),%rdi
  24:	48 89 f8             	mov    %rdi,%rax
  27:	48 c1 e8 03          	shr    $0x3,%rax
* 2b:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  30:	84 c0                	test   %al,%al
  32:	74 08                	je     0x3c
  34:	3c 03                	cmp    $0x3,%al
  36:	0f 8e 8b 16 00 00    	jle    0x16c7
  3c:	48                   	rex.W
  3d:	8b                   	.byte 0x8b
  3e:	84                   	.byte 0x84
  3f:	24                   	.byte 0x24