binder: 13754:13756 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 =============================== [ INFO: suspicious RCU usage. ] 4.9.79-g71f1469 #25 Not tainted ------------------------------- net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 3 locks held by syz-executor2/13792: #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 #1: (rcu_read_lock){......}, at: [] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:740 #2: (&tb->tb6_lock){++--..}, at: [] __fib6_clean_all+0xe0/0x230 net/ipv6/ip6_fib.c:1717 stack backtrace: CPU: 0 PID: 13792 Comm: syz-executor2 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d52cf2d8 ffffffff81d94829 ffff8801d4c19800 0000000000000000 0000000000000002 ffffffff83f4be40 ffffed003aa59eab ffff8801d52cf308 ffffffff81238379 ffff8801cb166e00 ffff8801cb166e00 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4455 [] fib6_del+0x6ab/0xa30 net/ipv6/ip6_fib.c:1470 [] fib6_clean_node+0x336/0x4a0 net/ipv6/ip6_fib.c:1657 [] fib6_walk_continue+0x39b/0x620 net/ipv6/ip6_fib.c:1583 [] fib6_walk+0xd9/0x150 net/ipv6/ip6_fib.c:1628 [] fib6_clean_tree+0xe5/0x130 net/ipv6/ip6_fib.c:1702 [] __fib6_clean_all+0xf9/0x230 net/ipv6/ip6_fib.c:1718 [] fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1729 [] rt6_ifdown+0xa1/0x7f0 net/ipv6/route.c:2715 [] addrconf_ifdown+0xd0/0x10f0 net/ipv6/addrconf.c:3566 [] addrconf_notify+0x948/0x2230 net/ipv6/addrconf.c:3490 [] notifier_call_chain+0x90/0x1a0 kernel/notifier.c:93 [] __raw_notifier_call_chain kernel/notifier.c:394 [inline] [] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 [] call_netdevice_notifiers_info+0x51/0x90 net/core/dev.c:1647 [] call_netdevice_notifiers net/core/dev.c:1663 [inline] [] __dev_notify_flags+0x197/0x270 net/core/dev.c:6500 [] dev_change_flags+0xf5/0x140 net/core/dev.c:6531 [] dev_ifsioc+0x5cc/0x820 net/core/dev_ioctl.c:255 [] dev_ioctl+0x1d5/0xd40 net/core/dev_ioctl.c:533 [] sock_do_ioctl+0x94/0xb0 net/socket.c:899 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x29/0xe8 binder: 13824:13828 got reply transaction with no transaction stack binder: 13824:13828 transaction failed 29201/-71, size 0-0 line 2920 binder: undelivered TRANSACTION_ERROR: 29201 binder: 13824:13844 got reply transaction with no transaction stack binder: 13824:13844 transaction failed 29201/-71, size 0-0 line 2920 binder: undelivered TRANSACTION_ERROR: 29201 SELinux: policydb magic number 0x9e44aa76 does not match expected magic number 0xf97cff8c SELinux: policydb magic number 0x9e44aa76 does not match expected magic number 0xf97cff8c device gre0 entered promiscuous mode audit_printk_skb: 2283 callbacks suppressed audit: type=1400 audit(1517591812.622:4443): avc: denied { net_admin } for pid=4147 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.622:4445): avc: denied { dac_override } for pid=14447 comm="syz-executor7" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.622:4444): avc: denied { net_admin } for pid=14449 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.622:4446): avc: denied { dac_override } for pid=14449 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.622:4447): avc: denied { sys_admin } for pid=14447 comm="syz-executor7" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.622:4448): avc: denied { net_admin } for pid=14449 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.622:4449): avc: denied { dac_override } for pid=14449 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.652:4450): avc: denied { net_admin } for pid=4151 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.652:4451): avc: denied { net_admin } for pid=4151 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591812.652:4452): avc: denied { net_admin } for pid=4125 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: ebitmap: truncated map SELinux: ebitmap: truncated map audit_printk_skb: 3900 callbacks suppressed audit: type=1400 audit(1517591817.652:5755): avc: denied { net_admin } for pid=4127 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.672:5756): avc: denied { dac_override } for pid=15854 comm="syz-executor6" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.682:5757): avc: denied { dac_override } for pid=15854 comm="syz-executor6" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.682:5758): avc: denied { sys_admin } for pid=15853 comm="syz-executor2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.692:5759): avc: denied { net_admin } for pid=4153 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.692:5760): avc: denied { net_admin } for pid=4147 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.712:5761): avc: denied { net_admin } for pid=4123 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.712:5762): avc: denied { dac_override } for pid=15850 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.722:5763): avc: denied { dac_override } for pid=15869 comm="syz-executor6" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517591817.732:5764): avc: denied { net_admin } for pid=15850 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1