openvswitch: netlink: Message has 10 unknown bytes. ============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:1/21: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<0000000072db7ac8>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000d1f988f5>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<000000007a218366>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 device gre0 entered promiscuous mode IPv6: NLM_F_REPLACE set, but no existing node found! device eql entered promiscuous mode IPv6: NLM_F_REPLACE set, but no existing node found! device eql entered promiscuous mode Disabled LAPIC found during irq injection device syz3 entered promiscuous mode mmap: syz-executor1 (13893): VmData 35168256 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. nla_parse: 2 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. kauditd_printk_skb: 77 callbacks suppressed audit: type=1400 audit(1514914030.761:1003): avc: denied { map } for pid=14066 comm="syz-executor1" path="socket:[36386]" dev="sockfs" ino=36386 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1514914030.990:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=14110 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 audit: type=1326 audit(1514914031.014:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=14110 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=35 compat=0 ip=0x47e131 code=0x0 audit: type=1326 audit(1514914031.018:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=14131 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 audit: type=1326 audit(1514914031.018:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=14110 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 audit: type=1326 audit(1514914031.092:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=14131 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 binder: 14147 RLIMIT_NICE not set binder: 14143:14147 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 14147 RLIMIT_NICE not set binder: 14143:14165 tried to acquire reference to desc 0, got 1 instead binder: 14143:14165 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 14143:14147 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 14147 RLIMIT_NICE not set binder: 14143:14165 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 14143:14165 ERROR: BC_REGISTER_LOOPER called without request binder: 14165 RLIMIT_NICE not set binder: 14143:14169 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: undelivered death notification, 0000000000000000 netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. binder: 14288 RLIMIT_NICE not set program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 binder: 14282:14300 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer binder: BINDER_SET_CONTEXT_MGR already set binder: 14282:14313 ioctl 40046207 0 returned -16 binder_alloc: 14282: binder_alloc_buf, no vma binder: 14282:14300 transaction failed 29189/-3, size 0-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: 14389:14394 unknown command 24 binder: 14389:14394 ioctl c0306201 20009fd0 returned -22 binder: 14389:14403 unknown command 24 binder: 14389:14403 ioctl c0306201 20009fd0 returned -22 device gre0 entered promiscuous mode audit: type=1400 audit(1514914032.298:1009): avc: denied { map } for pid=14456 comm="syz-executor7" path="/dev/rfkill" dev="devtmpfs" ino=1045 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wireless_device_t:s0 tclass=chr_file permissive=1 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 encrypted_key: insufficient parameters specified encrypted_key: insufficient parameters specified binder: 14949:14953 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 14949:14957 IncRefs 0 refcount change on invalid ref 0 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 14949:14957 ioctl 40046207 0 returned -16 netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. binder: 15024:15026 ERROR: BC_REGISTER_LOOPER called without request binder: 15026 RLIMIT_NICE not set binder: 15026 RLIMIT_NICE not set binder: 15026 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 15024:15045 ioctl 40046207 0 returned -16 binder: 15024:15045 ERROR: BC_REGISTER_LOOPER called without request binder: 15045 RLIMIT_NICE not set binder: 15024:15026 unknown command 76 binder: 15024:15026 ioctl c0306201 2000a000 returned -22 binder: 15024:15053 got reply transaction with no transaction stack binder: 15024:15053 transaction failed 29201/-71, size 24-8 line 2760 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 78, process died. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. QAT: Invalid ioctl QAT: Invalid ioctl binder: 15117 RLIMIT_NICE not set binder: 15117 RLIMIT_NICE not set binder: 15115:15117 ioctl c0306201 2000afd0 returned -14 binder: release 15115:15117 transaction 81 in, still active binder: send failed reply for transaction 81 to 15115:15132 audit: type=1400 audit(1514914035.852:1010): avc: denied { dac_read_search } for pid=15135 comm="syz-executor5" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0,c1 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0,c1 tclass=cap_userns permissive=1 binder: undelivered TRANSACTION_COMPLETE binder: 15154 RLIMIT_NICE not set binder: 15115:15132 transaction failed 29189/-22, size 0-0 line 2845 binder_alloc: 15115: binder_alloc_buf, no vma binder: 15115:15117 transaction failed 29189/-3, size 0-0 line 2960 binder_alloc: binder_alloc_mmap_handler: 15162 20000000-20002000 already mapped failed -16 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1326 audit(1514914036.131:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.155:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.165:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40ce01 code=0x7ffc0000 audit: type=1326 audit(1514914036.165:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.165:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.168:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=44 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.169:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.169:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914036.170:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15220 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=278 compat=0 ip=0x452ac9 code=0x7ffc0000 binder: 15265 RLIMIT_NICE not set binder: 15265 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 15264:15273 ioctl 40046207 0 returned -16 binder: 15273 RLIMIT_NICE not set binder_alloc: 15264: binder_alloc_buf, no vma binder: 15264:15265 transaction failed 29189/-3, size 0-0 line 2960 binder_alloc: 15264: binder_alloc_buf, no vma binder: 15264:15265 transaction failed 29189/-3, size 0-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 15264:15265 transaction 86 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 15285:15291 unknown command 0 binder: 15285:15291 ioctl c0306201 20007000 returned -22 binder: 15285:15291 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 15285:15291 Release 1 refcount change on invalid ref 0 ret -22 binder: 15285:15298 unknown command 0 binder: 15285:15298 ioctl c0306201 20007000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 15285:15291 ioctl 40046207 0 returned -16 binder: 15285:15302 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: release 15264:15265 transaction 87 out, still active binder: release 15264:15265 transaction 86 in, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 87, target dead binder: send failed reply for transaction 86, target dead device gre0 left promiscuous mode device gre0 entered promiscuous mode binder: 15552:15556 ioctl 40046205 7ff returned -22 tc_ctl_action: received NO action attribs tc_ctl_action: received NO action attribs binder: 15552:15556 unknown command 1594194118 binder: 15552:15556 ioctl c0306201 20003000 returned -22 binder: 15552:15562 ioctl 40046205 7ff returned -22