============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:4/4112: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<0000000015918e2c>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<00000000007ec46f>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<000000000676db49>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 1 PID: 4112 Comm: kworker/u4:4 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. RDS: rds_bind could not find a transport for 172.20.0.187, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 172.20.0.187, load rds_tcp or rds_rdma? netlink: 21 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 21 bytes leftover after parsing attributes in process `syz-executor0'. kvm: apic: phys broadcast and lowest prio device lo entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device eql entered promiscuous mode binder: 11967:11971 got reply transaction with no transaction stack binder: 11967:11971 transaction failed 29201/-71, size 0-8 line 2760 kauditd_printk_skb: 106 callbacks suppressed audit: type=1400 audit(1514914123.852:951): avc: denied { getrlimit } for pid=11960 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 binder: 11967:11979 got reply transaction with no transaction stack binder: 11967:11979 transaction failed 29201/-71, size 0-8 line 2760 audit: type=1400 audit(1514914123.939:952): avc: denied { accept } for pid=11998 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1514914124.543:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.570:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=256 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.570:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.573:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.573:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.574:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.575:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514914124.576:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12118 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 device gre0 entered promiscuous mode binder: 12240:12255 transaction failed 29189/-22, size 0-0 line 2845 binder: 12337:12343 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 12337 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 12337:12359 ioctl 40046207 0 returned -16 binder: undelivered transaction 45, process died. netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'. mmap: syz-executor3 (12711): VmData 18358272 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. binder: 12863:12867 got transaction with invalid offset (32, min 0 max 0) or object. binder: 12863:12867 transaction failed 29201/-22, size 0-8 line 3023 binder: 12863:12867 got reply transaction with no transaction stack binder: 12863:12867 transaction failed 29201/-71, size 24-72 line 2760 device eql entered promiscuous mode binder_alloc: 12863: binder_alloc_buf, no vma binder: 12863:12901 got reply transaction with no transaction stack binder: 12863:12901 transaction failed 29201/-71, size 24-72 line 2760 binder: 12863:12888 transaction failed 29189/-3, size 0-8 line 2960 binder: BINDER_SET_CONTEXT_MGR already set binder: 12990:13005 ioctl 40046207 0 returned -16 QAT: Invalid ioctl QAT: Invalid ioctl binder: 13140:13143 ERROR: BC_REGISTER_LOOPER called without request binder: 13143 RLIMIT_NICE not set binder: 13140:13156 got reply transaction with bad transaction stack, transaction 56 has target 13140:0 binder: 13140:13156 transaction failed 29201/-71, size 24-8 line 2775 binder: BINDER_SET_CONTEXT_MGR already set binder: 13140:13156 ioctl 40046207 0 returned -16 binder: 13140:13156 ERROR: BC_REGISTER_LOOPER called without request binder: 13156 RLIMIT_NICE not set binder_alloc: 13140: binder_alloc_buf, no vma binder: 13140:13163 transaction failed 29189/-3, size 0-0 line 2960 binder: 13140:13156 got reply transaction with no transaction stack binder: 13140:13156 transaction failed 29201/-71, size 24-8 line 2760 binder: 13140:13156 BC_FREE_BUFFER u0000000000000000 no match binder: 13140:13156 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 13140:13156 got transaction to invalid handle binder: 13140:13156 transaction failed 29201/-22, size 0-0 line 2845 binder: 13143 RLIMIT_NICE not set binder: release 13140:13143 transaction 56 in, still active binder: send failed reply for transaction 56 to 13140:13156 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=13251 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=13257 comm=syz-executor4 binder: 13327:13332 BC_ACQUIRE_DONE u0000000000000000 no match binder: 13327:13343 BC_ACQUIRE_DONE u0000000000000000 no match SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=13357 comm=syz-executor5