RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0
R13: 00007ffc2af4284f R14: 00007fe98968c300 R15: 0000000000022000
=============================
WARNING: suspicious RCU usage
4.14.232-syzkaller #0 Not tainted
-----------------------------
net/ipv4/tcp_ipv4.c:918 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
4 locks held by kworker/u4:3/374:
 #0:  ("%s""netns"){+.+.}, at: [<ffffffff813639b0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
 #1:  (net_cleanup_work){+.+.}, at: [<ffffffff813639e6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
 #2:  (net_mutex){+.+.}, at: [<ffffffff85c0eb70>] cleanup_net+0x110/0x840 net/core/net_namespace.c:450
 #3:  (rtnl_mutex){+.+.}, at: [<ffffffff85c444de>] netdev_run_todo+0x20e/0xad0 net/core/dev.c:7926

stack backtrace:
CPU: 0 PID: 374 Comm: kworker/u4:3 Not tainted 4.14.232-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 tcp_md5_do_lookup+0x3b4/0x510 net/ipv4/tcp_ipv4.c:918
 tcp_established_options+0x94/0x410 net/ipv4/tcp_output.c:690
 __tcp_transmit_skb+0x286/0x2cb0 net/ipv4/tcp_output.c:1032
 tcp_transmit_skb net/ipv4/tcp_output.c:1149 [inline]
 tcp_send_active_reset+0x40b/0x5c0 net/ipv4/tcp_output.c:3159
 tcp_disconnect+0x159/0x1890 net/ipv4/tcp.c:2341
 rds_tcp_conn_paths_destroy net/rds/tcp.c:515 [inline]
 rds_tcp_kill_sock net/rds/tcp.c:544 [inline]
 rds_tcp_dev_event+0x73f/0xa30 net/rds/tcp.c:573
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 netdev_run_todo+0x242/0xad0 net/core/dev.c:7927
 default_device_exit_batch+0x2e2/0x380 net/core/dev.c:8747
 ops_exit_list+0xf9/0x150 net/core/net_namespace.c:145
 cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

Mem-Info:
=============================
active_anon:192580 inactive_anon:4910 isolated_anon:0
 active_file:11655 inactive_file:75236 isolated_file:0
 unevictable:0 dirty:297 writeback:0 unstable:0
 slab_reclaimable:17547 slab_unreclaimable:124864
 mapped:60262 shmem:5098 pagetables:2529 bounce:0
 free:1204572 free_pcp:304 free_cma:0
WARNING: suspicious RCU usage
4.14.232-syzkaller #0 Not tainted
-----------------------------
include/net/sock.h:1800 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
Node 0 active_anon:772756kB inactive_anon:19840kB active_file:45596kB inactive_file:301044kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241048kB dirty:1084kB writeback:0kB shmem:20792kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 362496kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
4 locks held by kworker/u4:3/374:
 #0:  ("%s""netns"){+.+.}, at: [<ffffffff813639b0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
 #1:  (net_cleanup_work){+.+.}, at: [<ffffffff813639e6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
 #2:  (net_mutex){+.+.}, at: [<ffffffff85c0eb70>] cleanup_net+0x110/0x840 net/core/net_namespace.c:450
Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
 #3:  (rtnl_mutex){+.+.}, at: [<ffffffff85c444de>] netdev_run_todo+0x20e/0xad0 net/core/dev.c:7926

stack backtrace:
CPU: 0 PID: 374 Comm: kworker/u4:3 Not tainted 4.14.232-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Node 0 
Workqueue: netns cleanup_net
DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 __sk_dst_set include/net/sock.h:1800 [inline]
 __sk_dst_reset include/net/sock.h:1820 [inline]
 tcp_disconnect+0x1412/0x1890 net/ipv4/tcp.c:2383
 rds_tcp_conn_paths_destroy net/rds/tcp.c:515 [inline]
 rds_tcp_kill_sock net/rds/tcp.c:544 [inline]
 rds_tcp_dev_event+0x73f/0xa30 net/rds/tcp.c:573
lowmem_reserve[]:
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 0
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 netdev_run_todo+0x242/0xad0 net/core/dev.c:7927
 default_device_exit_batch+0x2e2/0x380 net/core/dev.c:8747
 2717
 2718
 ops_exit_list+0xf9/0x150 net/core/net_namespace.c:145
 cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 2718
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
block nbd3: shutting down sockets
 2718
Node 0 DMA32 free:768972kB min:36200kB low:45248kB high:54296kB active_anon:764620kB inactive_anon:19756kB active_file:45528kB inactive_file:300852kB unevictable:0kB writepending:1168kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:9440kB pagetables:9840kB bounce:0kB free_pcp:1404kB local_pcp:716kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:4041064kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
block nbd3: Receive control failed (result -32)
lowmem_reserve[]: 0 0 0 0 0
block nbd3: shutting down sockets
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 1395*4kB (UME) 216*8kB (UME) 222*16kB (UME) 199*32kB (UME) 696*64kB (UME) 120*128kB (UME) 136*256kB (UM) 91*512kB (UM) 57*1024kB (UME) 40*2048kB (UM) 115*4096kB (UM) = 769868kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 74*4kB (UE) 398*8kB (UME) 269*16kB (UM) 78*32kB (UM) 23*64kB (UME) 17*128kB (UM) 9*256kB (UM) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041064kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
26878 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
2097051 pages RAM
0 pages HighMem/MovableOnly
363849 pages reserved
0 pages cma reserved
mmap: syz-executor.1 (16669) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
The task syz-executor.0 (16735) triggered the difference, watch for misbehavior.
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
bond2 (unregistering): Released all slaves
bond1 (unregistering): Released all slaves
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves