netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. ip_tables: iptables: counters copy to user failed while replacing table ============================= WARNING: suspicious RCU usage 4.14.280-syzkaller #0 Not tainted ----------------------------- net/netfilter/nf_queue.c:244 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by systemd-journal/4621: #0: (rcu_callback){....}, at: [] __rcu_reclaim kernel/rcu/rcu.h:185 [inline] #0: (rcu_callback){....}, at: [] rcu_do_batch kernel/rcu/tree.c:2699 [inline] #0: (rcu_callback){....}, at: [] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] #0: (rcu_callback){....}, at: [] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] #0: (rcu_callback){....}, at: [] rcu_process_callbacks+0x84e/0x1180 kernel/rcu/tree.c:2946 #1: (&(&inst->lock)->rlock){+.-.}, at: [] spin_lock_bh include/linux/spinlock.h:322 [inline] #1: (&(&inst->lock)->rlock){+.-.}, at: [] nfqnl_flush+0x2f/0x2a0 net/netfilter/nfnetlink_queue.c:232 stack backtrace: CPU: 1 PID: 4621 Comm: systemd-journal Not tainted 4.14.280-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nf_reinject+0x56e/0x700 net/netfilter/nf_queue.c:244 nfqnl_flush+0x1ab/0x2a0 net/netfilter/nfnetlink_queue.c:237 instance_destroy_rcu+0x19/0x30 net/netfilter/nfnetlink_queue.c:171 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:memcmp+0x3e/0xb0 lib/string.c:918 RSP: 0018:ffff8880a16e7af8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: ffff8880a16e7bb3 RCX: 0000000000000002 RDX: 0000000000000003 RSI: ffff8880a38424f3 RDI: ffff8880a16e7b98 RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff8880a16da080 R12: ffff8880a16e7bc8 R13: 0000000000000006 R14: ffff8880a16e7b98 R15: ffff8880a38424c0 find_stack lib/stackdepot.c:180 [inline] depot_save_stack+0x10d/0x3f0 lib/stackdepot.c:229 save_stack mm/kasan/kasan.c:453 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0x139/0x160 mm/kasan/kasan.c:551 kmem_cache_alloc+0x124/0x3c0 mm/slab.c:3552 getname_flags+0xc8/0x550 fs/namei.c:138 do_sys_open+0x1ce/0x410 fs/open.c:1075 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fd7d9693840 RSP: 002b:00007ffc099a4d58 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007ffc099a5060 RCX: 00007fd7d9693840 RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055b65cc63300 RBP: 000000000000000d R08: 000000000000c0c1 R09: 00000000ffffffff R10: 0000000000000075 R11: 0000000000000246 R12: 00000000ffffffff R13: 000055b65cc5d040 R14: 00007ffc099a5020 R15: 000055b65cc6a1e0 BTRFS info (device loop4): disk space caching is enabled REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal REISERFS (device loop5): using ordered data mode BTRFS info (device loop4): has skinny extents reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop5): Using r5 hash to sort names BTRFS error (device loop4): open_ctree failed audit: type=1400 audit(1653314143.065:32): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=11015 comm="syz-executor.3" (syz-executor.0,11016,0):ocfs2_fill_super:1023 ERROR: superblock probe failed! (syz-executor.0,11016,0):ocfs2_fill_super:1217 ERROR: status = -22 (syz-executor.0,11036,1):ocfs2_fill_super:1023 ERROR: superblock probe failed! (syz-executor.0,11036,1):ocfs2_fill_super:1217 ERROR: status = -22 Bluetooth: add_remote_oob_data: invalid length of 482 bytes (syz-executor.0,11054,0):ocfs2_fill_super:1023 ERROR: superblock probe failed! (syz-executor.0,11054,0):ocfs2_fill_super:1217 ERROR: status = -22 (syz-executor.0,11069,1):ocfs2_fill_super:1023 ERROR: superblock probe failed! (syz-executor.0,11069,1):ocfs2_fill_super:1217 ERROR: status = -22 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue device lo entered promiscuous mode overlayfs: fs on '.' does not support file handles, falling back to index=off. Y4`Ҙ: renamed from lo overlayfs: fs on './file0' does not support file handles, falling back to index=off. EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue overlayfs: fs on '.' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue overlayfs: fs on '.' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. Bluetooth: hci5 command 0x0405 tx timeout EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue overlayfs: fs on '.' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on '.' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue overlayfs: fs on '.' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. Invalid argument reading file caps for ./file0 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue overlayfs: fs on '.' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. audit: type=1800 audit(1653314148.975:33): pid=11547 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14133 res=0 audit: type=1800 audit(1653314149.435:34): pid=11577 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14122 res=0 audit: type=1800 audit(1653314150.095:35): pid=11639 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14117 res=0 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected audit: type=1800 audit(1653314150.595:36): pid=11683 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14117 res=0