binder: 17581:17592 transaction failed 29189/-22, size 0-0 line 2845 ============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:2/47: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<0000000079ff0952>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<0000000018651660>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<00000000a797e578>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 0 PID: 47 Comm: kworker/u4:2 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 kauditd_printk_skb: 85 callbacks suppressed audit: type=1326 audit(1514912866.910:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.911:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.922:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=222 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.922:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.922:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.947:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=223 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.947:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.949:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.951:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912866.952:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17774 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor7 (pid 17842) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 17842) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. openvswitch: netlink: Flow set message rejected, Key attribute missing. netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. openvswitch: netlink: Flow set message rejected, Key attribute missing. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. device syz6 entered promiscuous mode kvm: emulating exchange as write binder: 18215:18229 ioctl c018620b 202dd000 returned -14 binder: 18215:18229 ERROR: BC_REGISTER_LOOPER called without request binder: 18229 RLIMIT_NICE not set binder: 18229 RLIMIT_NICE not set binder: 18215:18237 got reply transaction with bad transaction stack, transaction 103 has target 18215:18229 binder: 18215:18237 transaction failed 29201/-71, size 0-0 line 2775 binder: 18215:18229 ioctl c018620b 202dd000 returned -14 binder: release 18215:18229 transaction 103 in, still active binder: send failed reply for transaction 103 to 18215:18237 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: 18215:18237 ERROR: BC_REGISTER_LOOPER called without request binder: 18237 RLIMIT_NICE not set binder: 18215:18238 transaction failed 29201/-28, size 207382803975-4294967296 line 2960 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: binder_alloc_mmap_handler: 18246 20004000-20005000 already mapped failed -16 device syz1 entered promiscuous mode netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. irq bypass consumer (token 0000000062df6be2) registration fails: -16 irq bypass consumer (token 000000006984621d) registration fails: -16 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device syz0 entered promiscuous mode kauditd_printk_skb: 40 callbacks suppressed audit: type=1326 audit(1514912872.166:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.166:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.167:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=193 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.167:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.167:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.173:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.174:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.174:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.175:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514912872.176:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19010 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. The task syz-executor7 (19152) triggered the difference, watch for misbehavior. device gre0 left promiscuous mode device gre0 entered promiscuous mode binder_alloc: binder_alloc_mmap_handler: 19215 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 19215:19218 ioctl 40046207 0 returned -16 binder_alloc: 19215: binder_alloc_buf, no vma binder: 19215:19218 transaction failed 29189/-3, size 80-16 line 2960 binder: 19258:19261 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 19258:19261 DecRefs 0 refcount change on invalid ref 1 ret -22 binder: 19258:19261 BC_INCREFS_DONE uffffffffffffffff no match binder_alloc: 19258: binder_alloc_buf, no vma binder: 19258:19261 transaction failed 29189/-3, size 32-24 line 2960 binder: 19258:19261 ioctl c0306201 20004000 returned -14 binder_alloc: 19258: binder_alloc_buf, no vma binder: 19258:19261 transaction failed 29189/-3, size 0-32 line 2960 binder: BINDER_SET_CONTEXT_MGR already set binder: 19258:19261 ioctl 40046207 0 returned -16 binder: 19258:19261 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 19258:19261 DecRefs 0 refcount change on invalid ref 1 ret -22 binder: 19258:19261 BC_INCREFS_DONE uffffffffffffffff no match binder_alloc: 19258: binder_alloc_buf, no vma binder: 19258:19261 transaction failed 29189/-3, size 32-24 line 2960 binder: 19258:19261 ioctl c0306201 20004000 returned -14 binder_alloc: 19258: binder_alloc_buf, no vma binder: 19258:19266 transaction failed 29189/-3, size 0-32 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 19215:19218 transaction 108 out, still active binder: send failed reply for transaction 108, target dead QAT: Invalid ioctl QAT: Invalid ioctl APIC base relocation is unsupported by KVM netlink: 11 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor7'. QAT: Invalid ioctl QAT: Invalid ioctl netlink: 'syz-executor7': attribute type 2 has an invalid length. netlink: 'syz-executor7': attribute type 2 has an invalid length. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. binder: 19717:19728 transaction failed 29201/-28, size 7271182603747155163-7308332182914596864 line 2960 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: 19717: binder_alloc_buf, no vma binder: 19717:19732 transaction failed 29189/-3, size 7271182603747155163-7308332182914596864 line 2960 binder: undelivered TRANSACTION_ERROR: 29189 netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 61 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 61 bytes leftover after parsing attributes in process `syz-executor3'. sock: sock_set_timeout: `syz-executor3' (pid 19982) tries to set negative timeout sock: sock_set_timeout: `syz-executor3' (pid 19982) tries to set negative timeout