PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex ============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:0/5: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000fe052b87>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000eea82927>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<00000000ec42586e>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket pig=4876 comm=syz-executor6 PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket pig=4876 comm=syz-executor6 PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex ptrace attach of "/root/syz-executor5"[3692] was attempted by "/root/syz-executor5"[5024] PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex QAT: Invalid ioctl QAT: Invalid ioctl PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device syz4 entered promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device syz3 entered promiscuous mode kauditd_printk_skb: 138 callbacks suppressed audit: type=1326 audit(1514913847.699:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.730:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=238 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.730:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.730:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.731:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=55 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.732:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.732:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.732:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.735:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913847.736:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5454 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=43 compat=0 ip=0x452ac9 code=0x7ffc0000 PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex nla_parse: 48 callbacks suppressed netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex sock: process `syz-executor1' is using obsolete setsockopt SO_BSDCOMPAT netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex device gre0 entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device syz5 entered promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 'syz-executor3': attribute type 29 has an invalid length. netlink: 'syz-executor3': attribute type 29 has an invalid length. PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device eql entered promiscuous mode binder: 6133:6138 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 6133:6138 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: undelivered death notification, 0000000000000000 binder: 6133:6138 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: BINDER_SET_CONTEXT_MGR already set binder: 6133:6144 ioctl 40046207 0 returned -16 binder: undelivered death notification, 0000000000000000 PF_BRIDGE: br_mdb_parse() with unknown ifindex SELinux: unrecognized netlink message: protocol=4 nlmsg_type=85 sclass=netlink_tcpdiag_socket pig=6215 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=6229 comm=syz-executor7 PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex openvswitch: netlink: Either Ethernet header or EtherType is required. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device lo entered promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 'syz-executor3': attribute type 13 has an invalid length. device gre0 entered promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex binder: 6857:6861 ioctl c0306201 20382000 returned -11 binder: BINDER_SET_CONTEXT_MGR already set binder: 6857:6861 ioctl 40046207 0 returned -16 device gre0 entered promiscuous mode nla_parse: 43 callbacks suppressed netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex device eql entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 'syz-executor0': attribute type 3 has an invalid length. netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 3 has an invalid length. netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex device lo entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. PF_BRIDGE: br_mdb_parse() with unknown ifindex device lo left promiscuous mode device lo entered promiscuous mode PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex device lo entered promiscuous mode