netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. ip_tables: iptables: counters copy to user failed while replacing table ============================= WARNING: suspicious RCU usage 4.14.281-syzkaller #0 Not tainted ----------------------------- net/netfilter/nf_queue.c:244 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-fuzzer/9529: #0: (rcu_callback){....}, at: [] __rcu_reclaim kernel/rcu/rcu.h:185 [inline] #0: (rcu_callback){....}, at: [] rcu_do_batch kernel/rcu/tree.c:2699 [inline] #0: (rcu_callback){....}, at: [] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] #0: (rcu_callback){....}, at: [] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] #0: (rcu_callback){....}, at: [] rcu_process_callbacks+0x84e/0x1180 kernel/rcu/tree.c:2946 #1: (&(&inst->lock)->rlock#2){+.-.}, at: [] spin_lock_bh include/linux/spinlock.h:322 [inline] #1: (&(&inst->lock)->rlock#2){+.-.}, at: [] nfqnl_flush+0x2f/0x2a0 net/netfilter/nfnetlink_queue.c:232 stack backtrace: CPU: 0 PID: 9529 Comm: syz-fuzzer Not tainted 4.14.281-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nf_reinject+0x56e/0x700 net/netfilter/nf_queue.c:244 nfqnl_flush+0x1ab/0x2a0 net/netfilter/nfnetlink_queue.c:237 instance_destroy_rcu+0x19/0x30 net/netfilter/nfnetlink_queue.c:171 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0033:0x50146e RSP: 002b:000000c0081910b0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000008 RBX: 000000c015bb1860 RCX: 000000c0081919b8 RDX: 0000000000000000 RSI: 000000c000092000 RDI: 000000c0081919b8 RBP: 000000c0081911a8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000000 R13: 0000000000000000 R14: 000000c01efac340 R15: 00007f57a129681a kauditd_printk_skb: 9 callbacks suppressed audit: type=1804 audit(1654044716.578:25): pid=11180 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/54/bus" dev="sda1" ino=14162 res=1 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. device lo entered promiscuous mode Y4`Ҙ: renamed from lo device lo entered promiscuous mode Y4`Ҙ: renamed from lo EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1654044719.118:26): pid=11399 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/58/bus" dev="sda1" ino=14216 res=1 audit: type=1804 audit(1654044719.218:27): pid=11399 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/58/bus" dev="sda1" ino=14216 res=1 gfs2: not a GFS2 filesystem audit: type=1804 audit(1654044719.248:28): pid=11399 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/58/bus" dev="sda1" ino=14216 res=1 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1654044719.308:29): pid=11406 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/58/bus" dev="sda1" ino=14216 res=1 gfs2: not a GFS2 filesystem ADFS-fs: unrecognised mount option "nfs_export=off" or missing value audit: type=1804 audit(1654044719.998:30): pid=11464 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/59/bus" dev="sda1" ino=14214 res=1 audit: type=1804 audit(1654044720.028:31): pid=11464 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/59/bus" dev="sda1" ino=14214 res=1 gfs2: not a GFS2 filesystem audit: type=1804 audit(1654044720.028:32): pid=11464 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/59/bus" dev="sda1" ino=14214 res=1 ADFS-fs: unrecognised mount option "nfs_export=off" or missing value audit: type=1804 audit(1654044720.098:33): pid=11475 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/59/bus" dev="sda1" ino=14214 res=1 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue gfs2: not a GFS2 filesystem ADFS-fs: unrecognised mount option "nfs_export=off" or missing value audit: type=1804 audit(1654044720.908:34): pid=11518 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/60/bus" dev="sda1" ino=14203 res=1 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue kauditd_printk_skb: 3 callbacks suppressed audit: type=1804 audit(1654044721.959:38): pid=11576 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/61/bus" dev="sda1" ino=14206 res=1 audit: type=1804 audit(1654044721.999:39): pid=11576 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/61/bus" dev="sda1" ino=14206 res=1 audit: type=1804 audit(1654044722.009:40): pid=11576 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/61/bus" dev="sda1" ino=14206 res=1 audit: type=1804 audit(1654044722.099:41): pid=11582 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir2833967762/syzkaller.deRmnn/61/bus" dev="sda1" ino=14206 res=1 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. IPVS: ftp: loaded support on port[0] = 21 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. FAT-fs (loop0): FAT read failed (blocknr 32) FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop0): FAT read failed (blocknr 32) FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop0): FAT read failed (blocknr 32) usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1 FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop0): FAT read failed (blocknr 32) usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1