============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:3/260: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<0000000059165e25>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000c9661d03>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<00000000c34096ea>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 1 PID: 260 Comm: kworker/u4:3 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 binder: 9465:9468 ERROR: BC_REGISTER_LOOPER called without request binder: 9468 RLIMIT_NICE not set binder: 9465:9468 got reply transaction with no transaction stack binder: 9465:9468 transaction failed 29201/-71, size 24-8 line 2760 binder_alloc: 9499: binder_alloc_buf size 7308332182914596864 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 9499:9502 transaction failed 29201/-28, size 0-7308332182914596864 line 2960 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: binder_alloc_mmap_handler: 9465 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 9465:9484 ioctl 40046207 0 returned -16 binder: 9465:9507 ERROR: BC_REGISTER_LOOPER called without request binder: 9507 RLIMIT_NICE not set binder_alloc: 9465: binder_alloc_buf, no vma binder: 9465:9484 transaction failed 29189/-3, size 0-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 24 to 9465:9484 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 9546:9549 transaction 31 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 9549 RLIMIT_NICE not set binder: 9549 RLIMIT_NICE not set binder_alloc: binder_alloc_mmap_handler: 9546 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 9546:9556 ioctl 40046207 0 returned -16 binder_alloc: 9546: binder_alloc_buf, no vma binder: 9546:9556 transaction failed 29189/-3, size 0-0 line 2960 binder: 9556 RLIMIT_NICE not set binder: 9556 RLIMIT_NICE not set binder_alloc: 9546: binder_alloc_buf, no vma binder: 9546:9556 transaction failed 29189/-3, size 0-0 line 2960 device eql entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189 binder: release 9546:9549 transaction 32 out, still active binder: release 9546:9549 transaction 31 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 9546:9556 transaction 32 in, still active binder: send failed reply for transaction 32, target dead binder: send failed reply for transaction 31, target dead binder: undelivered TRANSACTION_ERROR: 29189 dccp_v6_rcv: dropped packet with invalid checksum binder: 9691:9693 ERROR: BC_REGISTER_LOOPER called without request binder: 9693 RLIMIT_NICE not set binder: 9693 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 9691:9695 ioctl 40046207 0 returned -16 binder: 9691:9693 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 9691: binder_alloc_buf, no vma binder: 9691:9695 transaction failed 29189/-3, size 0-0 line 2960 binder: 9693 RLIMIT_NICE not set binder: undelivered TRANSACTION_ERROR: 29189 binder: release 9691:9695 transaction 36 out, still active binder: undelivered TRANSACTION_COMPLETE device syz6 entered promiscuous mode binder: release 9691:9693 transaction 36 in, still active binder: send failed reply for transaction 36, target dead NFS: bad mount option value specified: v device syz6 entered promiscuous mode NFS: bad mount option value specified: v netlink: 'syz-executor4': attribute type 3 has an invalid length. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. device eql entered promiscuous mode QAT: Invalid ioctl binder: 10053:10056 unknown command 0 binder: 10053:10056 ioctl c0306201 2000a000 returned -22 binder: 10053:10056 got transaction with too large buffer binder: 10053:10056 transaction failed 29201/-22, size 96-16 line 3119 binder: 10060 RLIMIT_NICE not set binder: 10060 RLIMIT_NICE not set binder_alloc: binder_alloc_mmap_handler: 10053 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10053:10056 ioctl 40046207 0 returned -16 binder: 10053:10065 unknown command 0 binder: 10053:10065 ioctl c0306201 2000a000 returned -22 netlink: 14 bytes leftover after parsing attributes in process `syz-executor0'. openvswitch: netlink: Flow get message rejected, Key attribute missing. binder_alloc: binder_alloc_mmap_handler: 10058 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10058:10060 ioctl 40046207 0 returned -16 netlink: 14 bytes leftover after parsing attributes in process `syz-executor0'. openvswitch: netlink: Flow get message rejected, Key attribute missing. binder_alloc: 10058: binder_alloc_buf, no vma binder: 10058:10060 transaction failed 29189/-3, size 0-0 line 2960 binder: 10072 RLIMIT_NICE not set binder: undelivered TRANSACTION_ERROR: 29189 binder: release 10058:10060 transaction 42 in, still active binder: send failed reply for transaction 42 to 10058:10060 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode capability: warning: `syz-executor6' uses deprecated v2 capabilities in a way that may be insecure netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. QAT: Invalid ioctl netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. DRBG: could not allocate digest TFM handle: hmac(sha512) sctp: [Deprecated]: syz-executor4 (pid 10223) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor4 (pid 10223) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead kauditd_printk_skb: 34 callbacks suppressed audit: type=1400 audit(1514913817.536:712): avc: denied { map } for pid=10297 comm="syz-executor4" path="/dev/audio" dev="devtmpfs" ino=1123 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissive=1 device syz2 entered promiscuous mode audit: type=1400 audit(1514913817.645:713): avc: denied { write } for pid=10334 comm="syz-executor0" name="net" dev="proc" ino=26726 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1514913817.651:714): avc: denied { add_name } for pid=10334 comm="syz-executor0" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1514913817.652:715): avc: denied { create } for pid=10334 comm="syz-executor0" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1 binder: 10427:10428 ERROR: BC_REGISTER_LOOPER called without request binder: 10428 RLIMIT_NICE not set QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 10428 RLIMIT_NICE not set QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 10427:10447 ERROR: BC_REGISTER_LOOPER called without request binder: 10447 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 10427:10428 ioctl 40046207 0 returned -16 binder: release 10427:10428 transaction 47 in, still active binder: send failed reply for transaction 47 to 10427:10447 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 device syz0 entered promiscuous mode device syz4 entered promiscuous mode audit: type=1326 audit(1514913818.789:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10669 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913818.815:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10669 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=278 compat=0 ip=0x452ac9 code=0x7ffc0000 binder: 10703:10709 ioctl c0306201 2027cfd0 returned -14 binder: 10703:10709 ioctl c0306201 2027cfd0 returned -14 binder: 10716:10720 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: 10716:10720 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10716:10720 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10716:10720 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10720 RLIMIT_NICE not set binder_alloc: binder_alloc_mmap_handler: 10716 209a1000-209a4000 already mapped failed -16 binder: 10716:10720 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: 10716:10720 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10716:10720 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10716:10720 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10720 RLIMIT_NICE not set audit: type=1326 audit(1514913818.816:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10669 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913818.816:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10669 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913818.817:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10669 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913818.819:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10669 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. dccp_invalid_packet: P.Data Offset(66) too large dccp_invalid_packet: P.Data Offset(66) too large device eql entered promiscuous mode tmpfs: Bad mount option ]g4G tmpfs: Bad mount option ]g4G tmpfs: Bad mount option ]g4G tmpfs: Bad mount option ]g4G binder: 11098:11100 transaction failed 29189/-22, size 0-0 line 2845 binder: undelivered TRANSACTION_ERROR: 29189 kvm [11175]: vcpu0, guest rIP: 0xfff0 Hyper-V uhandled wrmsr: 0x40000025 data 0x0 device gre0 entered promiscuous mode netlink: 'syz-executor2': attribute type 40 has an invalid length. netlink: 'syz-executor2': attribute type 40 has an invalid length. binder: 11361:11365 ioctl c0306201 20009fd0 returned -14 ptrace attach of "/root/syz-executor3"[3696] was attempted by "/root/syz-executor3"[11366] binder: 11361:11365 ioctl c0306201 20009fd0 returned -14 ptrace attach of "/root/syz-executor0"[3697] was attempted by "/root/syz-executor0"[11427] binder: 11572 RLIMIT_NICE not set binder: 11572 RLIMIT_NICE not set binder: 11572 RLIMIT_NICE not set binder: 11562:11607 tried to acquire reference to desc 0, got 1 instead binder: 11562:11607 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 11562:11593 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 11562:11607 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 11593 RLIMIT_NICE not set binder: 11593 RLIMIT_NICE not set binder: 11562:11608 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: undelivered death notification, 0000000000000000 RDS: rds_bind could not find a transport for 172.20.6.170, load rds_tcp or rds_rdma? kauditd_printk_skb: 149 callbacks suppressed audit: type=1326 audit(1514913823.157:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. sctp: [Deprecated]: syz-executor0 (pid 11740) Use of int in maxseg socket option. Use struct sctp_assoc_value instead audit: type=1326 audit(1514913823.163:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.191:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40ce01 code=0x7ffc0000 audit: type=1326 audit(1514913823.191:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.191:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.192:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=91 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.196:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.197:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=163 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.197:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913823.197:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11737 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 QAT: Invalid ioctl QAT: Invalid ioctl netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. device eql entered promiscuous mode binder: 11895:11899 transaction failed 29189/-22, size -4294967039-4294967295 line 2845 binder: 11895:11901 transaction failed 29189/-22, size -4294967039-4294967295 line 2845 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189