============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 QAT: Invalid ioctl 3 locks held by kworker/u4:2/48: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000f274a289>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000946b1943>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<000000005fc1443a>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 1 PID: 48 Comm: kworker/u4:2 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 dccp_invalid_packet: P.Data Offset(4) too small dccp_invalid_packet: P.Data Offset(4) too small SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=22671 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=22699 comm=syz-executor1 device syz4 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 22803) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 22803) Use of int in max_burst socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor1': attribute type 4 has an invalid length. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 'syz-executor1': attribute type 4 has an invalid length. device syz6 entered promiscuous mode netlink: 'syz-executor5': attribute type 15 has an invalid length. netlink: 'syz-executor5': attribute type 15 has an invalid length. device eql entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 kauditd_printk_skb: 47 callbacks suppressed audit: type=1326 audit(1514913739.424:2612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23226 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 audit: type=1326 audit(1514913739.456:2613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23226 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. binder: 23363:23372 got reply transaction with no transaction stack binder: 23363:23372 transaction failed 29201/-71, size 0-8 line 2760 binder: 23363:23379 got reply transaction with no transaction stack binder: 23363:23379 transaction failed 29201/-71, size 0-8 line 2760 binder: 23405:23409 BC_ACQUIRE_DONE u0000000000000000 node 110 cookie mismatch 0000000000000002 != 0000000000000000 binder: 23405:23409 ioctl 4010aeac 20a1cff0 returned -22 binder: release 23405:23409 transaction 111 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 111, target dead binder: 23405:23424 BC_ACQUIRE_DONE u0000000000000000 no match binder: 23405:23409 ioctl 4010aeac 20a1cff0 returned -22 binder: release 23405:23419 transaction 113 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 113, target dead audit: type=1326 audit(1514913740.948:2614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 irq bypass consumer (token 00000000e82a5947) registration fails: -16 irq bypass consumer (token 0000000030bf14f9) registration fails: -16 netlink: 14 bytes leftover after parsing attributes in process `syz-executor3'. openvswitch: netlink: Flow get message rejected, Key attribute missing. audit: type=1326 audit(1514913740.949:2615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913740.978:2616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=157 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913740.978:2617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913740.978:2618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913740.978:2619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=284 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913740.979:2620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913740.979:2621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23476 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 ptrace attach of "/root/syz-executor0"[3697] was attempted by "/root/syz-executor0"[23711] ptrace attach of "/root/syz-executor0"[3697] was attempted by "/root/syz-executor0"[23711] ptrace attach of "/root/syz-executor0"[3697] was attempted by "/root/syz-executor0"[23734] sock: sock_set_timeout: `syz-executor7' (pid 23819) tries to set negative timeout sock: sock_set_timeout: `syz-executor7' (pid 23819) tries to set negative timeout binder: 23901 RLIMIT_NICE not set binder: 23901 RLIMIT_NICE not set binder: 23895:23914 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer binder: BINDER_SET_CONTEXT_MGR already set binder: 23895:23914 ioctl 40046207 0 returned -16 binder: 23901 RLIMIT_NICE not set binder_alloc: 23895: binder_alloc_buf, no vma binder: 23895:23921 transaction failed 29189/-3, size 0-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 23895:23901 transaction 115 in, still active binder: send failed reply for transaction 115 to 23895:23914 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 23959:23960 transaction failed 29201/-28, size 7271182603747155163-7308332182914596864 line 2960 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 188 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=40783 sclass=netlink_route_socket pig=24051 comm=syz-executor5 dccp_invalid_packet: invalid packet type NFS: bad mount option value specified: vþ NFS: bad mount option value specified: vþ device eql entered promiscuous mode device syz5 entered promiscuous mode kauditd_printk_skb: 52 callbacks suppressed audit: type=1400 audit(1514913744.665:2671): avc: denied { map } for pid=24382 comm="syz-executor0" path="/750/control" dev="tmpfs" ino=60739 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 sctp: [Deprecated]: syz-executor3 (pid 24479) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 24485) Use of int in max_burst socket option. Use struct sctp_assoc_value instead netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. device eql entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. audit: type=1326 audit(1514913745.758:2672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.758:2673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.784:2674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=32 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.784:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.784:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.786:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.787:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.787:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913745.788:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24579 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 binder: 24654:24656 got transaction with invalid data ptr binder: 24654:24656 transaction failed 29201/-14, size 167-0 line 2979 binder_alloc: binder_alloc_mmap_handler: 24654 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 24654:24660 ioctl 40046207 0 returned -16 binder_alloc: 24654: binder_alloc_buf, no vma binder: 24654:24660 transaction failed 29189/-3, size 167-0 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201