bisecting fixing commit since 78d697fc93f98054e36a3ab76dca1a88802ba7be building syzkaller on 4a4e0509de520c7139ca2b5606712cbadc550db2 testing commit 78d697fc93f98054e36a3ab76dca1a88802ba7be with gcc (GCC) 8.1.0 kernel signature: 878772145d1eed8a3f17919248227e0ca977e9bd16094164786d507000da254b all runs: crashed: WARNING: suspicious RCU usage in nf_reinject testing current HEAD 050272a0423e68207fd2367831ae610680129062 testing commit 050272a0423e68207fd2367831ae610680129062 with gcc (GCC) 8.1.0 kernel signature: 48cb4963e35b6abbafdef7a90d212404bed626ea14a32f7e54ccd6a5812969fa all runs: crashed: WARNING: suspicious RCU usage in nf_reinject revisions tested: 2, total time: 25m24.584750406s (build: 17m52.610587911s, test: 6m35.820029624s) the crash still happens on HEAD commit msg: Linux 4.14.177 crash: WARNING: suspicious RCU usage in nf_reinject ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ============================= WARNING: suspicious RCU usage 4.14.177-syzkaller #0 Not tainted ----------------------------- net/netfilter/nf_queue.c:227 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor.3/17703: #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x146/0x200 mm/util.c:331 #1: (rcu_callback){....}, at: [] __rcu_reclaim kernel/rcu/rcu.h:185 [inline] #1: (rcu_callback){....}, at: [] rcu_do_batch kernel/rcu/tree.c:2699 [inline] #1: (rcu_callback){....}, at: [] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] #1: (rcu_callback){....}, at: [] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] #1: (rcu_callback){....}, at: [] rcu_process_callbacks+0x8be/0x11e0 kernel/rcu/tree.c:2946 #2: (&(&inst->lock)->rlock){+.-.}, at: [] spin_lock_bh include/linux/spinlock.h:322 [inline] #2: (&(&inst->lock)->rlock){+.-.}, at: [] nfqnl_flush+0x2f/0x270 net/netfilter/nfnetlink_queue.c:232 stack backtrace: CPU: 1 PID: 17703 Comm: syz-executor.3 Not tainted 4.14.177-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xf7/0x13b lib/dump_stack.c:58 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4669 nf_reinject+0x4e4/0x680 net/netfilter/nf_queue.c:227 nfqnl_flush+0x18d/0x270 net/netfilter/nfnetlink_queue.c:237 instance_destroy_rcu+0x15/0x30 net/netfilter/nfnetlink_queue.c:171 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x7e0/0x11e0 kernel/rcu/tree.c:2946 __do_softirq+0x246/0x9b0 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x15f/0x1a0 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x149/0x5d0 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:validate_mm+0x9d/0x4d0 mm/mmap.c:358 RSP: 0018:ffff8880825d7b70 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 1ffff11010f9267c RBX: ffff888087c93358 RCX: 1ffff110111409df RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff888087c933e0 RBP: ffff8880825d7bd0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffff888088a04680 R12: dffffc0000000000 R13: ffff8880a6614078 R14: ffff888096208cb0 R15: ffff8880a6614068 vma_link+0xf6/0x160 mm/mmap.c:617 mmap_region+0xae9/0xf90 mm/mmap.c:1738 do_mmap+0x544/0xe20 mm/mmap.c:1495 do_mmap_pgoff include/linux/mm.h:2173 [inline] vm_mmap_pgoff+0x181/0x200 mm/util.c:333 SYSC_mmap_pgoff mm/mmap.c:1545 [inline] SyS_mmap_pgoff+0x9d/0x6b0 mm/mmap.c:1503 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c4ca RSP: 002b:00007fff25b7f248 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045c4ca RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000020022 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000021000 R14: 0000000000020022 R15: 0000000000000000 net_ratelimit: 1050 callbacks suppressed ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table net_ratelimit: 1082 callbacks suppressed ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table