
=============================
WARNING: suspicious RCU usage
4.15.0-rc6-next-20180102+ #86 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by kworker/u4:4/3796:
 #0:  ((wq_completion)"%s""netns"){+.+.}, at: [<00000000b17180eb>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083
 #1:  (net_cleanup_work){+.+.}, at: [<000000003fe62be2>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087
 #2:  (net_mutex){+.+.}, at: [<0000000003f1773a>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450

stack backtrace:
CPU: 1 PID: 3796 Comm: kworker/u4:4 Not tainted 4.15.0-rc6-next-20180102+ #86
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x137/0x198 lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585
 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057
device gre0 entered promiscuous mode
 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142
 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484
 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112
 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246
 kthread+0x33c/0x400 kernel/kthread.c:238
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
binder: 5250:5251 ERROR: BC_REGISTER_LOOPER called without request
binder: 5251 RLIMIT_NICE not set
binder: 5250:5251 got reply transaction with no transaction stack
binder: 5250:5251 transaction failed 29201/-71, size 24-8 line 2760
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5250:5272 ioctl 40046207 0 returned -16
binder: 5250:5251 ERROR: BC_REGISTER_LOOPER called without request
binder: 5251 RLIMIT_NICE not set
binder_alloc: 5250: binder_alloc_buf, no vma
binder: 5250:5272 transaction failed 29189/-3, size 0-0 line 2960
binder: undelivered TRANSACTION_ERROR: 29189
binder: send failed reply for transaction 12 to 5250:5272
binder: undelivered TRANSACTION_ERROR: 29201
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
sock: sock_set_timeout: `syz-executor2' (pid 5342) tries to set negative timeout
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=34320 sclass=netlink_xfrm_socket pig=5587 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=34320 sclass=netlink_xfrm_socket pig=5587 comm=syz-executor7
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
QAT: Invalid ioctl
kvm: vcpu 0: requested 68374 ns lapic timer period limited to 500000 ns
kauditd_printk_skb: 85 callbacks suppressed
audit: type=1326 audit(1514913499.284:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
QAT: Invalid ioctl
capability: warning: `syz-executor4' uses deprecated v2 capabilities in a way that may be insecure
audit: type=1326 audit(1514913499.287:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.287:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=41 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.287:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.287:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.287:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=42 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.287:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.293:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.293:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913499.293:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5930 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40ce01 code=0x7ffc0000
syz-executor6: vmalloc: allocation failure: 7178027008 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor6 cpuset=/ mems_allowed=0
CPU: 1 PID: 6346 Comm: syz-executor6 Not tainted 4.15.0-rc6-next-20180102+ #86
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x137/0x198 lib/dump_stack.c:53
 warn_alloc+0x160/0x260 mm/page_alloc.c:3313
 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1719
 __vmalloc_node mm/vmalloc.c:1748 [inline]
 __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1770
 kvmalloc_node+0x82/0xd0 mm/util.c:406
 kvmalloc include/linux/mm.h:541 [inline]
 kvmalloc_array include/linux/mm.h:557 [inline]
 xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
 translate_table+0x20e/0x1660 net/ipv6/netfilter/ip6_tables.c:699
 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline]
 do_ip6t_set_ctl+0x281/0x430 net/ipv6/netfilter/ip6_tables.c:1686
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928
 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2874
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
 SYSC_setsockopt net/socket.c:1821 [inline]
 SyS_setsockopt+0x158/0x240 net/socket.c:1800
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f2996bcac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f2996bcb700 RCX: 0000000000452ac9
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000013
RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020001fde R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a2f7ef R14: 00007f2996bcb9c0 R15: 0000000000000000
Mem-Info:
active_anon:76146 inactive_anon:59 isolated_anon:0
 active_file:3530 inactive_file:9348 isolated_file:0
 unevictable:0 dirty:5384 writeback:0 unstable:0
 slab_reclaimable:9501 slab_unreclaimable:90803
 mapped:23211 shmem:66 pagetables:765 bounce:0
 free:1415694 free_pcp:408 free_cma:0
Node 0 active_anon:310512kB inactive_anon:236kB active_file:14120kB inactive_file:37392kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:92844kB dirty:21536kB writeback:0kB shmem:264kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2881 6392 6392
Node 0 DMA32 free:2951788kB min:30384kB low:37980kB high:45576kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952592kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:804kB local_pcp:156kB free_cma:0kB
lowmem_reserve[]: 0 0 3511 3511
Node 0 Normal free:2714436kB min:37032kB low:46288kB high:55544kB active_anon:285708kB inactive_anon:240kB active_file:14120kB inactive_file:37404kB unevictable:0kB writepending:21564kB present:4718592kB managed:3595920kB mlocked:0kB kernel_stack:3872kB pagetables:2708kB bounce:0kB free_pcp:1084kB local_pcp:656kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 3*4kB (M) 4*8kB (UM) 2*16kB (UM) 1*32kB (M) 4*64kB (UM) 2*128kB (M) 4*256kB (UM) 2*512kB (UM) 4*1024kB (UM) 2*2048kB (UM) 718*4096kB (M) = 2951788kB
Node 0 Normal: 1085*4kB (UME) 252*8kB (UME) 1036*16kB (UME) 385*32kB (UM) 146*64kB (UM) 10*128kB (UM) 14*256kB (UME) 3*512kB (ME) 3*1024kB (UM) 7*2048kB (ME) 646*4096kB (M) = 2714420kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
12948 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
324874 pages reserved
syz-executor6: vmalloc: allocation failure: 7178027008 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor6 cpuset=/ mems_allowed=0
CPU: 0 PID: 6388 Comm: syz-executor6 Not tainted 4.15.0-rc6-next-20180102+ #86
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x137/0x198 lib/dump_stack.c:53
 warn_alloc+0x160/0x260 mm/page_alloc.c:3313
 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1719
 __vmalloc_node mm/vmalloc.c:1748 [inline]
 __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1770
 kvmalloc_node+0x82/0xd0 mm/util.c:406
 kvmalloc include/linux/mm.h:541 [inline]
 kvmalloc_array include/linux/mm.h:557 [inline]
 xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
 translate_table+0x20e/0x1660 net/ipv6/netfilter/ip6_tables.c:699
 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline]
 do_ip6t_set_ctl+0x281/0x430 net/ipv6/netfilter/ip6_tables.c:1686
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928
 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2874
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
 SYSC_setsockopt net/socket.c:1821 [inline]
 SyS_setsockopt+0x158/0x240 net/socket.c:1800
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f2996b88c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f2996b89700 RCX: 0000000000452ac9
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000013
RBP: 0000000000a2f870 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020001fde R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a2f7ef R14: 00007f2996b899c0 R15: 0000000000000001
QAT: Device 2 not found
netlink: 48 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 48 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 'syz-executor3': attribute type 13 has an invalid length.
netlink: 'syz-executor3': attribute type 13 has an invalid length.
QAT: Invalid ioctl
QAT: Invalid ioctl
binder: 6816 RLIMIT_NICE not set
binder: 6816 RLIMIT_NICE not set
binder: 6813:6816 BC_DEAD_BINDER_DONE 0000000000000005 not found
binder: 6813:6826 tried to acquire reference to desc 0, got 1 instead
binder: 6813:6831 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: 6813:6831 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
binder: 6831 RLIMIT_NICE not set
binder: 6813:6816 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: undelivered death notification, 0000000000000000
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
APIC base relocation is unsupported by KVM
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
binder: undelivered death notification, 0000000000000000
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6906:6907 ioctl 40046207 0 returned -16
futex_wake_op: syz-executor4 tries to shift op by -1; fix this program
futex_wake_op: syz-executor4 tries to shift op by -1; fix this program
binder: undelivered death notification, 0000000000000000
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
QAT: Invalid ioctl
Option '
$"~Ëª–ñÂça]g—:¸64¾—2½(å*ré„Áp·²©ø˜Šàú·µ;^”ké«x„îÑ)c°ˆéM€ê{€z‚†Œ[£yœÑü’½´U@ó<&I²ÛzÚ:5ÑýÏüF(@Ø:x§ûÛ±kcZSk“­Ì‰àíå(^å­à½F±ó"sNóÏV3Zëu1æ&`ŠœK…µ¤ïæ¥1–ÐŽ6&"éqý[Òcrtñ±>XÌNÆG@&ÎŒÓ5õ¬Tš*û²J’ç;„éÆRe0¼[5B÷ex_­T²êÉË^œÉÓR\Aw-âN‚¥Wx’˜Za†ÀÅV$‹©°ÏŠ6Þ' to dns_resolver key: bad/missing value
Option '
$"~Ëª–ñÂça]g—:¸64¾—2½(å*ré„Áp·²©ø˜Šàú·µ;^”ké«x„îÑ)c°ˆéM€ê{€z‚†Œ[£yœÑü’½´U@ó<&I²ÛzÚ:5ÑýÏüF(@Ø:x§ûÛ±kcZSk“­Ì‰àíå(^å­à½F±ó"sNóÏV3Zëu1æ&`ŠœK…µ¤ïæ¥1–ÐŽ6&"éqý[Òcrtñ±>XÌNÆG@&ÎŒÓ5õ¬Tš*û²J’ç;„éÆRe0¼[5B÷ex_­T²êÉË^œÉÓR\Aw-âN‚¥Wx’˜Za†ÀÅV$‹©°ÏŠ6Þ' to dns_resolver key: bad/missing value
device syz1 entered promiscuous mode
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
encrypted_key: master key parameter 'Ù%úý?ˆ{{Sb­çÅ†ÈXoEiEbùÕŽS°ÿG8Ð‘XZÝ¨íÍæ' is invalid
encrypted_key: master key parameter 'Ù%úý?ˆ{{Sb­çÅ†ÈXoEiEbùÕŽS°ÿG8Ð‘XZÝ¨íÍæ' is invalid
kauditd_printk_skb: 136 callbacks suppressed
audit: type=1326 audit(1514913504.992:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
device lo entered promiscuous mode
audit: type=1400 audit(1514913504.999:406): avc:  denied  { read } for  pid=7315 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1326 audit(1514913504.999:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=94 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913504.999:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913504.999:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913505.029:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=29 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913505.030:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913505.030:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913505.030:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=5 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913505.031:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7327 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
mmap: syz-executor1 (7391): VmData 18366464 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
The task syz-executor2 (7485) triggered the difference, watch for misbehavior.
netlink: 'syz-executor2': attribute type 4 has an invalid length.
netlink: 'syz-executor2': attribute type 4 has an invalid length.