============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:4/281: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000433f9f1f>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000ac411fe0>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<00000000cc6e6a58>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 0 PID: 281 Comm: kworker/u4:4 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 binder_alloc: 6776: binder_alloc_buf failed to map page at 20000000 in userspace binder: 6776:6779 transaction failed 29201/-12, size 0-0 line 2960 binder: BINDER_SET_CONTEXT_MGR already set binder: 6776:6779 ioctl 40046207 0 returned -16 binder_alloc: 6776: binder_alloc_buf, no vma binder: 6776:6779 transaction failed 29189/-3, size 0-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 'syz-executor7': attribute type 27 has an invalid length. device eql entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. kauditd_printk_skb: 45 callbacks suppressed audit: type=1326 audit(1514913241.163:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.163:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.181:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913241.181:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1000 sclass=netlink_xfrm_socket pig=7235 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1000 sclass=netlink_xfrm_socket pig=7248 comm=syz-executor5 sctp: [Deprecated]: syz-executor5 (pid 7289) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead binder_alloc: binder_alloc_mmap_handler: 7308 20004000-20005000 already mapped failed -16 binder: 7394:7404 transaction failed 29201/-28, size 7271182603747155163-7308332182914596864 line 2960 binder: undelivered TRANSACTION_ERROR: 29201 binder: 7431:7435 BC_FREE_BUFFER uffffffffffffffff no match binder: 7431:7435 BC_FREE_BUFFER uffffffffffffffff no match binder: 7431:7441 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=289 sclass=netlink_xfrm_socket pig=7540 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=289 sclass=netlink_xfrm_socket pig=7540 comm=syz-executor0 binder: 7567:7572 BC_ACQUIRE_DONE u0000000000000000 no match device gre0 entered promiscuous mode binder: 7567:7584 BC_ACQUIRE_DONE u0000000000000000 no match ptrace attach of "/root/syz-executor4"[3711] was attempted by "/root/syz-executor4"[7873] ptrace attach of "/root/syz-executor4"[3711] was attempted by "/root/syz-executor4"[7880] sctp: [Deprecated]: syz-executor0 (pid 7933) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 7933) Use of int in max_burst socket option. Use struct sctp_assoc_value instead QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode device eql entered promiscuous mode binder: 8201:8204 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 8201:8204 unknown command 0 binder: 8201:8204 ioctl c0306201 20693fd0 returned -22 binder: 8211:8213 transaction failed 29189/-22, size 0-0 line 2845 binder: 8211:8213 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 8211:8213 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 8201:8209 ioctl 40046207 0 returned -16 binder: 8201:8209 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 8201:8209 unknown command 0 binder: 8201:8209 ioctl c0306201 20693fd0 returned -22 binder_alloc: binder_alloc_mmap_handler: 8211 20000000-20002000 already mapped failed -16 binder: 8211:8213 transaction failed 29189/-22, size 0-0 line 2845 binder: 8211:8213 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 8211:8213 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8253 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8257 comm=syz-executor7 irq bypass consumer (token 000000002756b48d) registration fails: -16 binder: 8289:8291 BC_FREE_BUFFER u0000000000000000 no match binder: 8289:8291 got transaction to invalid handle binder: 8289:8291 transaction failed 29201/-22, size 40-16 line 2845 device syz4 entered promiscuous mode binder: 8320:8325 unknown command 0 binder: 8320:8325 ioctl c0306201 2000a000 returned -22 binder: 8320:8325 got transaction with too large buffer binder: 8320:8325 transaction failed 29201/-22, size 96-16 line 3119 binder_alloc: binder_alloc_mmap_handler: 8320 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 8320:8325 ioctl 40046207 0 returned -16 binder: 8320:8329 unknown command 0 binder: 8320:8329 ioctl c0306201 2000a000 returned -22 kauditd_printk_skb: 92 callbacks suppressed audit: type=1326 audit(1514913246.333:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.339:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.339:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.339:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.365:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40ce01 code=0x7ffc0000 audit: type=1326 audit(1514913246.365:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.366:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=148 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.366:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.368:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913246.368:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 sctp: [Deprecated]: syz-executor2 (pid 8464) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor2 (pid 8485) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device eql entered promiscuous mode SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8491 comm=syz-executor7 binder: 8667:8673 got transaction with invalid parent offset or type binder: 8667:8673 transaction failed 29201/-22, size 32-8 line 3083 binder_alloc: binder_alloc_mmap_handler: 8667 2011a000-2051a000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 8667:8692 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 device eql entered promiscuous mode encrypted_key: insufficient parameters specified device syz5 entered promiscuous mode encrypted_key: insufficient parameters specified could not allocate digest TFM handle rm(2w?z_mo~Ħ"2:) F<$,ɰ6 netlink: 'syz-executor1': attribute type 16 has an invalid length.