=============================== [ INFO: suspicious RCU usage. ] 4.4.174+ #4 Not tainted ------------------------------- net/ipv6/ip6_fib.c:1465 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 6 locks held by blkid/30619: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 fs/exec.c:1225 #1: (rcu_read_lock){......}, at: [] INIT_LIST_HEAD include/linux/list.h:28 [inline] #1: (rcu_read_lock){......}, at: [] avc_compute_av+0xac/0x610 security/selinux/avc.c:973 #2: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] lockdep_copy_map include/linux/lockdep.h:165 [inline] #2: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] call_timer_fn+0xde/0x850 kernel/time/timer.c:1175 #3: (fib6_gc_lock){+.-...}, at: [] spin_lock_bh include/linux/spinlock.h:307 [inline] #3: (fib6_gc_lock){+.-...}, at: [] fib6_run_gc+0x3a/0x230 net/ipv6/ip6_fib.c:1811 #4: (rcu_read_lock){......}, at: [] __fib6_clean_all+0x0/0x240 net/ipv6/ip6_fib.c:1698 #5: (&tb->tb6_lock){++--..}, at: [] __fib6_clean_all+0xe8/0x240 net/ipv6/ip6_fib.c:1712 stack backtrace: CPU: 0 PID: 30619 Comm: blkid Not tainted 4.4.174+ #4 0000000000000000 17bed34075b688e2 ffff8801db607940 ffffffff81aad1a1 ffff8801d845afc0 0000000000000000 0000000000000001 00000000000005b9 ffff8801bcaf17c0 ffff8801db607970 ffffffff813ab7d6 ffff8801db607b90 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305 [] fib6_del+0x7ea/0xae0 net/ipv6/ip6_fib.c:1465 [] fib6_clean_node+0x29c/0x500 net/ipv6/ip6_fib.c:1652 [] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1578 [] fib6_walk+0x91/0xe0 net/ipv6/ip6_fib.c:1623 [] fib6_clean_tree+0xe8/0x120 net/ipv6/ip6_fib.c:1697 [] __fib6_clean_all+0x100/0x240 net/ipv6/ip6_fib.c:1713 [] fib6_clean_all net/ipv6/ip6_fib.c:1724 [inline] [] fib6_run_gc+0xaf/0x230 net/ipv6/ip6_fib.c:1821 [] fib6_gc_timer_cb+0x1d/0x30 net/ipv6/ip6_fib.c:1836 [] call_timer_fn+0x18d/0x850 kernel/time/timer.c:1185 [] __run_timers kernel/time/timer.c:1261 [inline] [] run_timer_softirq+0x51f/0xb70 kernel/time/timer.c:1444 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10a/0x150 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:652 [inline] [] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:926 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:768 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] avc_reclaim_node security/selinux/avc.c:541 [inline] [] avc_alloc_node security/selinux/avc.c:559 [inline] [] avc_alloc_node+0x31c/0x3c0 security/selinux/avc.c:547 [] avc_insert security/selinux/avc.c:670 [inline] [] avc_compute_av+0x182/0x610 security/selinux/avc.c:976 [] avc_has_perm_noaudit security/selinux/avc.c:1112 [inline] [] avc_has_perm+0x355/0x3a0 security/selinux/avc.c:1146 [] inode_has_perm security/selinux/hooks.c:1614 [inline] [] file_has_perm+0x2bc/0x460 security/selinux/hooks.c:1692 [] file_map_prot_check+0x1e3/0x310 security/selinux/hooks.c:3343 [] selinux_mmap_file+0x6e/0x90 security/selinux/hooks.c:3369 [] security_mmap_file+0x97/0x180 security/security.c:793 [] vm_mmap_pgoff+0xce/0x1c0 mm/util.c:293 [] vm_mmap+0x6a/0x90 mm/util.c:314 [] elf_map+0x1de/0x230 fs/binfmt_elf.c:366 [] load_elf_binary+0xc89/0x4b80 fs/binfmt_elf.c:976 [] search_binary_handler fs/exec.c:1475 [inline] [] search_binary_handler+0x14f/0x700 fs/exec.c:1453 [] exec_binprm fs/exec.c:1517 [inline] [] do_execveat_common.isra.0+0x1007/0x1e90 fs/exec.c:1639 [] do_execve fs/exec.c:1683 [inline] [] SYSC_execve fs/exec.c:1764 [inline] [] SyS_execve+0x42/0x50 fs/exec.c:1759 [] stub_execve+0x5/0x5 arch/x86/entry/entry_64.S:440 audit: type=1400 audit(1554369495.271:1304): avc: denied { set_context_mgr } for pid=30635 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 audit: type=1400 audit(1554369495.391:1305): avc: denied { create } for pid=30621 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 binder: 30635:30637 ioctl 40046207 0 returned -13 binder: 30635:30642 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30635:30642 ioctl c0306201 20000040 returned -14 binder: 30635:30643 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30635:30643 Release 1 refcount change on invalid ref 0 ret -22 audit: type=1400 audit(1554369495.591:1306): avc: denied { set_context_mgr } for pid=30635 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. binder: 30635:30643 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30635:30637 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30635:30642 ioctl 40046207 0 returned -13 binder: 30635:30643 Release 1 refcount change on invalid ref 0 ret -22 binder: 30635:30637 ioctl c0306201 20000040 returned -14 audit: type=1400 audit(1554369495.941:1307): avc: denied { create } for pid=30621 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369496.231:1308): avc: denied { set_context_mgr } for pid=30670 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 30670:30676 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30670:30679 Acquire 1 refcount change on invalid ref 0 ret -22 audit: type=1400 audit(1554369496.421:1309): avc: denied { set_context_mgr } for pid=30677 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 30670:30679 Release 1 refcount change on invalid ref 0 ret -22 binder: 30670:30672 ioctl 40046207 0 returned -13 binder: 30670:30676 ioctl c0306201 20000040 returned -14 binder: 30677:30678 ioctl 40046207 0 returned -13 binder: 30677:30682 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30677:30682 ioctl c0306201 20000040 returned -14 binder: 30677:30685 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30677:30685 Release 1 refcount change on invalid ref 0 ret -22 audit: type=1400 audit(1554369496.961:1310): avc: denied { create } for pid=30683 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369497.041:1311): avc: denied { set_context_mgr } for pid=30707 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 30707:30709 ioctl 40046207 0 returned -13 binder: 30707:30708 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30707:30708 ioctl c0306201 20000040 returned -14 binder: 30707:30715 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30707:30715 Release 1 refcount change on invalid ref 0 ret -22 audit: type=1400 audit(1554369497.371:1312): avc: denied { set_context_mgr } for pid=30719 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 30719:30722 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30719:30724 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30719:30724 Release 1 refcount change on invalid ref 0 ret -22 binder: 30719:30720 ioctl 40046207 0 returned -13 binder: 30719:30722 ioctl c0306201 20000040 returned -14 binder: 30735:30737 ioctl 40046207 0 returned -13 binder: 30735:30738 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30735:30738 ioctl c0306201 20000040 returned -14 binder: 30735:30737 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30735:30737 Release 1 refcount change on invalid ref 0 ret -22 binder: 30743:30746 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30743:30751 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30743:30746 ioctl c0306201 20000040 returned -14 binder: 30743:30751 Release 1 refcount change on invalid ref 0 ret -22 binder: 30768:30770 ioctl 40046207 0 returned -13 binder: 30768:30773 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30768:30770 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30768:30770 Release 1 refcount change on invalid ref 0 ret -22 binder: 30768:30773 ioctl c0306201 20000040 returned -14 binder: 30788:30792 ioctl 40046207 0 returned -13 binder: 30788:30795 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30788:30795 ioctl c0306201 20000040 returned -14 binder: 30811:30817 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30811:30817 ioctl c0306201 20000040 returned -14 audit_printk_skb: 15 callbacks suppressed audit: type=1400 audit(1554369500.621:1318): avc: denied { create } for pid=30812 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369500.651:1319): avc: denied { create } for pid=30810 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 binder: 30872:30875 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 30872:30875 ioctl c0306201 20000040 returned -14 audit: type=1400 audit(1554369501.821:1320): avc: denied { create } for pid=30861 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369502.041:1321): avc: denied { create } for pid=30870 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369503.161:1322): avc: denied { create } for pid=30914 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369503.321:1323): avc: denied { create } for pid=30921 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1554369504.341:1324): avc: denied { create } for pid=30966 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0