=============================
WARNING: suspicious RCU usage
4.15.0-rc6-next-20180102+ #86 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by kworker/u4:4/281:
 #0:  ((wq_completion)"%s""netns"){+.+.}, at: [<00000000433f9f1f>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083
 #1:  (net_cleanup_work){+.+.}, at: [<00000000ac411fe0>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087
 #2:  (net_mutex){+.+.}, at: [<00000000cc6e6a58>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450

stack backtrace:
CPU: 0 PID: 281 Comm: kworker/u4:4 Not tainted 4.15.0-rc6-next-20180102+ #86
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x137/0x198 lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585
 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057
 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142
 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484
 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112
 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246
 kthread+0x33c/0x400 kernel/kthread.c:238
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
binder_alloc: 6776: binder_alloc_buf failed to map page at 20000000 in userspace
binder: 6776:6779 transaction failed 29201/-12, size 0-0 line 2960
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6776:6779 ioctl 40046207 0 returned -16
binder_alloc: 6776: binder_alloc_buf, no vma
binder: 6776:6779 transaction failed 29189/-3, size 0-0 line 2960
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
netlink: 'syz-executor7': attribute type 27 has an invalid length.
device eql entered promiscuous mode
netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
kauditd_printk_skb: 45 callbacks suppressed
audit: type=1326 audit(1514913241.163:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.163:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.181:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913241.181:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7193 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1000 sclass=netlink_xfrm_socket pig=7235 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1000 sclass=netlink_xfrm_socket pig=7248 comm=syz-executor5
sctp: [Deprecated]: syz-executor5 (pid 7289) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
binder_alloc: binder_alloc_mmap_handler: 7308 20004000-20005000 already mapped failed -16
binder: 7394:7404 transaction failed 29201/-28, size 7271182603747155163-7308332182914596864 line 2960
binder: undelivered TRANSACTION_ERROR: 29201
binder: 7431:7435 BC_FREE_BUFFER uffffffffffffffff no match
binder: 7431:7435 BC_FREE_BUFFER uffffffffffffffff no match
binder: 7431:7441 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=289 sclass=netlink_xfrm_socket pig=7540 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=289 sclass=netlink_xfrm_socket pig=7540 comm=syz-executor0
binder: 7567:7572 BC_ACQUIRE_DONE u0000000000000000 no match
device gre0 entered promiscuous mode
binder: 7567:7584 BC_ACQUIRE_DONE u0000000000000000 no match
ptrace attach of "/root/syz-executor4"[3711] was attempted by "/root/syz-executor4"[7873]
ptrace attach of "/root/syz-executor4"[3711] was attempted by "/root/syz-executor4"[7880]
sctp: [Deprecated]: syz-executor0 (pid 7933) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor0 (pid 7933) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
QAT: Invalid ioctl
QAT: Invalid ioctl
device gre0 entered promiscuous mode
device eql entered promiscuous mode
binder: 8201:8204 IncRefs 0 refcount change on invalid ref 3 ret -22
binder: 8201:8204 unknown command 0
binder: 8201:8204 ioctl c0306201 20693fd0 returned -22
binder: 8211:8213 transaction failed 29189/-22, size 0-0 line 2845
binder: 8211:8213 BC_ACQUIRE_DONE uffffffffffffffff no match
binder: 8211:8213 IncRefs 0 refcount change on invalid ref 4 ret -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8201:8209 ioctl 40046207 0 returned -16
binder: 8201:8209 IncRefs 0 refcount change on invalid ref 3 ret -22
binder: 8201:8209 unknown command 0
binder: 8201:8209 ioctl c0306201 20693fd0 returned -22
binder_alloc: binder_alloc_mmap_handler: 8211 20000000-20002000 already mapped failed -16
binder: 8211:8213 transaction failed 29189/-22, size 0-0 line 2845
binder: 8211:8213 BC_ACQUIRE_DONE uffffffffffffffff no match
binder: 8211:8213 IncRefs 0 refcount change on invalid ref 4 ret -22
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8253 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8257 comm=syz-executor7
irq bypass consumer (token 000000002756b48d) registration fails: -16
binder: 8289:8291 BC_FREE_BUFFER u0000000000000000 no match
binder: 8289:8291 got transaction to invalid handle
binder: 8289:8291 transaction failed 29201/-22, size 40-16 line 2845
device syz4 entered promiscuous mode
binder: 8320:8325 unknown command 0
binder: 8320:8325 ioctl c0306201 2000a000 returned -22
binder: 8320:8325 got transaction with too large buffer
binder: 8320:8325 transaction failed 29201/-22, size 96-16 line 3119
binder_alloc: binder_alloc_mmap_handler: 8320 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8320:8325 ioctl 40046207 0 returned -16
binder: 8320:8329 unknown command 0
binder: 8320:8329 ioctl c0306201 2000a000 returned -22
kauditd_printk_skb: 92 callbacks suppressed
audit: type=1326 audit(1514913246.333:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.339:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.339:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.339:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.365:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40ce01 code=0x7ffc0000
audit: type=1326 audit(1514913246.365:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.366:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=148 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.366:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.368:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000
audit: type=1326 audit(1514913246.368:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8401 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000
sctp: [Deprecated]: syz-executor2 (pid 8464) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor2 (pid 8485) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
device eql entered promiscuous mode
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8491 comm=syz-executor7
binder: 8667:8673 got transaction with invalid parent offset or type
binder: 8667:8673 transaction failed 29201/-22, size 32-8 line 3083
binder_alloc: binder_alloc_mmap_handler: 8667 2011a000-2051a000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8667:8692 ioctl 40046207 0 returned -16
binder: undelivered TRANSACTION_ERROR: 29201
device eql entered promiscuous mode
encrypted_key: insufficient parameters specified
device syz5 entered promiscuous mode
encrypted_key: insufficient parameters specified
could not allocate digest TFM handle rm(2w�?�z_m�o~Ħ��"�2��:�)���F��<�$,��ɰ�6���
netlink: 'syz-executor1': attribute type 16 has an invalid length.