============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:3/72: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<000000008c4ae3bb>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<0000000089c5a0c7>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<00000000505a3afd>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 0 PID: 72 Comm: kworker/u4:3 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. ptrace attach of "/root/syz-executor4"[3692] was attempted by "/root/syz-executor4"[11632] ptrace attach of "/root/syz-executor4"[3692] was attempted by "/root/syz-executor4"[11639] binder: 11676 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 11672:11676 ioctl 40046207 0 returned -16 binder: undelivered death notification, 0000000000000000 kvm: apic: phys broadcast and lowest prio device syz0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl Empty option to dns_resolver key Empty option to dns_resolver key SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=12085 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=12094 comm=syz-executor5 l2tp_core: tunl 79: sockfd_lookup(fd=14609257) returned -9 l2tp_core: tunl 79: sockfd_lookup(fd=14609257) returned -9 kauditd_printk_skb: 95 callbacks suppressed audit: type=1326 audit(1514912788.913:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12271 comm="syz-executor7" exe="/root/syz-executor7" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 audit: type=1326 audit(1514912788.912:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.914:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.914:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=162 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.920:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.920:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.920:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.920:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=54 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.920:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912788.920:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12272 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=140 compat=0 ip=0x452ac9 code=0x7ffc0000 device eql entered promiscuous mode binder_alloc: binder_alloc_mmap_handler: 12496 209a1000-209a4000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 12496 209a1000-209a4000 already mapped failed -16 device syz5 entered promiscuous mode netlink: 'syz-executor1': attribute type 13 has an invalid length. netlink: 'syz-executor1': attribute type 13 has an invalid length. netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. device syz4 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device eql entered promiscuous mode sctp: [Deprecated]: syz-executor5 (pid 12919) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead device eql entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13087 comm=syz-executor6 netlink: 40 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 40 bytes leftover after parsing attributes in process `syz-executor4'. sctp: [Deprecated]: syz-executor3 (pid 13265) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 13265) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor1': attribute type 25 has an invalid length. kauditd_printk_skb: 122 callbacks suppressed audit: type=1326 audit(1514912794.048:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.048:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.049:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=133 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.049:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.049:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.051:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.051:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.056:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.056:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912794.057:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13394 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 device eql entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. binder: 13703 RLIMIT_NICE not set binder: 13703 RLIMIT_NICE not set binder: release 13696:13703 transaction 61 in, still active binder: send failed reply for transaction 61 to 13696:13698 binder: BINDER_SET_CONTEXT_MGR already set binder: 13696:13703 ioctl 40046207 0 returned -16 binder_alloc: 13696: binder_alloc_buf, no vma binder: 13696:13698 transaction failed 29189/-3, size 0-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 futex_wake_op: syz-executor2 tries to shift op by -65; fix this program futex_wake_op: syz-executor2 tries to shift op by -65; fix this program device eql entered promiscuous mode