============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:1/21: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000811cb1a1>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000ac72e3b0>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<00000000f61c0402>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 ptrace attach of "/root/syz-executor7"[3709] was attempted by "/root/syz-executor7"[10578] binder: 10610:10623 BC_ACQUIRE_DONE u0000000000000000 no match binder: 10610:10633 BC_ACQUIRE_DONE u0000000000000000 no match binder_alloc: binder_alloc_mmap_handler: 10709 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10709:10713 ioctl 40046207 0 returned -16 binder_alloc: 10709: binder_alloc_buf, no vma binder: 10709:10713 transaction failed 29189/-3, size 80-16 line 2960 binder: release 10709:10713 transaction 50 out, still active binder: send failed reply for transaction 50, target dead QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10802 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10820 comm=syz-executor3 device gre0 entered promiscuous mode ptrace attach of "/root/syz-executor0"[3692] was attempted by "/root/syz-executor0"[10918] ptrace attach of "/root/syz-executor0"[3692] was attempted by "/root/syz-executor0"[10925] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=30385 sclass=netlink_xfrm_socket pig=10963 comm=syz-executor1 netlink: 'syz-executor5': attribute type 3 has an invalid length. netlink: 'syz-executor5': attribute type 3 has an invalid length. QAT: Invalid ioctl QAT: Invalid ioctl netlink: 'syz-executor5': attribute type 2 has an invalid length. openvswitch: netlink: Message has 6 unknown bytes. openvswitch: netlink: Message has 6 unknown bytes. kauditd_printk_skb: 66 callbacks suppressed audit: type=1326 audit(1514912885.086:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 syz-executor7 (11411): attempted to duplicate a private mapping with mremap. This is not supported. audit: type=1326 audit(1514912885.086:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.088:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=97 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.088:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.088:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.088:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.088:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.094:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.095:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=53 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912885.126:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11384 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 binder: 11539:11543 got transaction to invalid handle binder: 11539:11543 transaction failed 29201/-22, size 495-16 line 2845 binder: 11539:11543 got reply transaction with bad transaction stack, transaction 58 has target 11539:0 binder: 11539:11543 transaction failed 29201/-71, size 24-8 line 2775 binder: release 11539:11543 transaction 58 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 11539:11543 got transaction to invalid handle binder: 11539:11543 transaction failed 29201/-22, size 495-16 line 2845 binder: 11539:11543 got reply transaction with no transaction stack binder: 11539:11543 transaction failed 29201/-71, size 24-8 line 2760 netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 58, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: release 11539:11563 transaction 62 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 62, target dead device gre0 entered promiscuous mode ICMPv6: NA: bb:bb:bb:bb:bb:04 advertised our address fe80::4aa on syz4! ICMPv6: NA: bb:bb:bb:bb:bb:04 advertised our address fe80::4aa on syz4! QAT: Invalid ioctl QAT: Invalid ioctl ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! sctp: [Deprecated]: syz-executor2 (pid 11850) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor2 (pid 11850) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl openvswitch: netlink: Key type 246 is out of range max 29 openvswitch: netlink: Key type 246 is out of range max 29 netlink: 40 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 'syz-executor5': attribute type 3 has an invalid length. binder: 12227:12231 got reply transaction with bad transaction stack, transaction 65 has target 12227:0 binder: 12227:12231 transaction failed 29201/-71, size 24-8 line 2775 binder: BINDER_SET_CONTEXT_MGR already set binder: 12227:12239 ioctl 40046207 0 returned -16 binder_alloc: 12227: binder_alloc_buf, no vma binder: 12227:12239 transaction failed 29189/-3, size 0-0 line 2960 binder: 12227:12231 got reply transaction with no transaction stack binder: 12227:12231 transaction failed 29201/-71, size 24-8 line 2760 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12227:12231 transaction 65 out, still active binder: send failed reply for transaction 65, target dead device gre0 left promiscuous mode device gre0 left promiscuous mode binder: 12565:12573 got transaction with invalid parent offset or type binder: 12565:12573 transaction failed 29201/-22, size 96-16 line 3083 binder: BINDER_SET_CONTEXT_MGR already set binder: 12565:12583 ioctl 40046207 0 returned -16 binder_alloc: 12565: binder_alloc_buf, no vma binder: 12565:12573 transaction failed 29189/-3, size 96-16 line 2960 binder: 12604:12607 unknown command 0 binder: 12604:12607 ioctl c0306201 2000a000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 12604:12616 ioctl 40046207 0 returned -16 binder: 12604:12607 unknown command 0 binder: 12604:12607 ioctl c0306201 2000a000 returned -22 binder_alloc: 12604: binder_alloc_buf, no vma binder: 12604:12633 transaction failed 29189/-3, size 56-8 line 2960 kauditd_printk_skb: 139 callbacks suppressed audit: type=1326 audit(1514912890.517:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12626 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.519:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12626 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.519:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12626 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.529:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12626 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=319 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.529:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12626 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.530:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12627 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.530:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12627 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=310 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.530:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12627 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.532:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12627 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912890.532:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12627 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 QAT: Invalid ioctl binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12604:12616 transaction 74 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 74, target dead binder: BINDER_SET_CONTEXT_MGR already set binder: 12821:12828 ioctl 40046207 0 returned -16 binder: 12821:12828 IncRefs 0 refcount change on invalid ref 10 ret -22 binder: 12842:12847 unknown command 0