netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. ip_tables: iptables: counters copy to user failed while replacing table ============================= WARNING: suspicious RCU usage 4.14.282-syzkaller #0 Not tainted ----------------------------- netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. net/netfilter/nf_queue.c:244 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor.3/10646: #0: (net_mutex){+.+.}, at: [] copy_net_ns+0x156/0x440 net/core/net_namespace.c:413 #1: (rcu_callback){....}, at: [] __rcu_reclaim kernel/rcu/rcu.h:185 [inline] #1: (rcu_callback){....}, at: [] rcu_do_batch kernel/rcu/tree.c:2699 [inline] #1: (rcu_callback){....}, at: [] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] #1: (rcu_callback){....}, at: [] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] #1: (rcu_callback){....}, at: [] rcu_process_callbacks+0x84e/0x1180 kernel/rcu/tree.c:2946 #2: (&(&inst->lock)->rlock){+.-.}, at: [] spin_lock_bh include/linux/spinlock.h:322 [inline] #2: (&(&inst->lock)->rlock){+.-.}, at: [] nfqnl_flush+0x2f/0x2a0 net/netfilter/nfnetlink_queue.c:232 stack backtrace: CPU: 0 PID: 10646 Comm: syz-executor.3 Not tainted 4.14.282-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nf_reinject+0x56e/0x700 net/netfilter/nf_queue.c:244 nfqnl_flush+0x1ab/0x2a0 net/netfilter/nfnetlink_queue.c:237 instance_destroy_rcu+0x19/0x30 net/netfilter/nfnetlink_queue.c:171 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__read_once_size_nocheck.constprop.0+0x3/0x10 include/linux/compiler.h:203 RSP: 0018:ffff8880b3e3f560 EFLAGS: 00000287 ORIG_RAX: ffffffffffffff10 RAX: ffffffff85c1c78a RBX: 1ffff110167c7eae RCX: ffffffff8ace2048 RDX: ffff8880b3e3f6e8 RSI: ffff8880b3e3f590 RDI: ffff8880b3e3faa8 RBP: ffff8880b3e3faa8 R08: ffffffff8ace204c R09: ffffffff8ace204d R10: 00000000001127f4 R11: 0000000000000001 R12: ffff8880b3e3f6a0 R13: ffff8880b3e3f6e8 R14: ffff8880b3e38000 R15: ffff8880b3e3f6a0 deref_stack_reg arch/x86/kernel/unwind_orc.c:289 [inline] deref_stack_reg+0x124/0x1a0 arch/x86/kernel/unwind_orc.c:283 unwind_next_frame+0xc98/0x17d0 arch/x86/kernel/unwind_orc.c:425 __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 __do_kmalloc mm/slab.c:3720 [inline] __kmalloc+0x15a/0x400 mm/slab.c:3729 kmalloc include/linux/slab.h:493 [inline] kzalloc include/linux/slab.h:661 [inline] __register_sysctl_table+0xfd/0xf90 fs/proc/proc_sysctl.c:1304 sysctl_route_net_init+0xda/0x230 net/ipv4/route.c:3052 ops_init+0xaa/0x3e0 net/core/net_namespace.c:118 setup_net+0x22f/0x530 net/core/net_namespace.c:298 copy_net_ns+0x19b/0x440 net/core/net_namespace.c:422 create_new_namespaces+0x375/0x720 kernel/nsproxy.c:107 copy_namespaces+0x27b/0x310 kernel/nsproxy.c:165 copy_process.part.0+0x25f8/0x71c0 kernel/fork.c:1794 copy_process kernel/fork.c:1606 [inline] _do_fork+0x184/0xc80 kernel/fork.c:2092 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f734a01e109 RSP: 002b:00007f7348993118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f734a130f60 RCX: 00007f734a01e109 RDX: 0000000000000000 RSI: 00002a452cb9d000 RDI: 0000000050000000 RBP: 00007f734a07808d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 00007fffa625f91f R14: 00007f7348993300 R15: 0000000000022000 ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored IPVS: ftp: loaded support on port[0] = 21 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored print_req_error: 4 callbacks suppressed print_req_error: I/O error, dev loop0, sector 0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored print_req_error: I/O error, dev loop0, sector 0 new mount options do not match the existing superblock, will be ignored print_req_error: I/O error, dev loop0, sector 0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 2(bridge_slave_1) entered disabled state print_req_error: I/O error, dev loop0, sector 0 new mount options do not match the existing superblock, will be ignored bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 2(bridge_slave_1) entered blocking state print_req_error: I/O error, dev loop0, sector 0 bridge0: port 2(bridge_slave_1) entered forwarding state new mount options do not match the existing superblock, will be ignored bridge0: port 2(bridge_slave_1) entered disabled state (syz-executor.0,10903,1):ocfs2_parse_options:1498 ERROR: Invalid heartbeat mount options (syz-executor.0,10903,1):ocfs2_fill_super:1217 ERROR: status = -22 bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state qnx6: invalid mount options. netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode syz-executor.4 (11013) used greatest stack depth: 25080 bytes left netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. kauditd_printk_skb: 5 callbacks suppressed audit: type=1804 audit(1654502665.100:17): pid=11146 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir309542490/syzkaller.HLITOV/68/bus" dev="sda1" ino=14164 res=1 audit: type=1800 audit(1654502665.140:18): pid=11146 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14164 res=0 audit: type=1804 audit(1654502665.370:19): pid=11180 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir309542490/syzkaller.HLITOV/69/bus" dev="sda1" ino=14163 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1800 audit(1654502665.380:20): pid=11180 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14163 res=0 audit: type=1804 audit(1654502666.370:21): pid=11238 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir309542490/syzkaller.HLITOV/70/bus" dev="sda1" ino=13841 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. audit: type=1800 audit(1654502666.380:22): pid=11238 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=13841 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1654502666.460:23): pid=11244 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2625217382/syzkaller.9IYLuk/45/bus" dev="sda1" ino=14179 res=1 audit: type=1800 audit(1654502666.460:24): pid=11244 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=14179 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.