audit: type=1400 audit(1552982734.427:103): avc: denied { create } for pid=15318 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! binder: BINDER_SET_CONTEXT_MGR already set binder: 15321:15336 ioctl 40046207 0 returned -16 =============================== [ INFO: suspicious RCU usage. ] 4.9.141+ #1 Not tainted ------------------------------- net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 4 locks held by syz-executor.4/15314: #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [] spin_trylock_bh include/linux/spinlock.h:367 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [] fib6_run_gc+0x226/0x2c0 net/ipv6/ip6_fib.c:1817 #2: (rcu_read_lock){......}, at: [] __fib6_clean_all+0x0/0x220 net/ipv6/ip6_fib.c:1703 #3: (&tb->tb6_lock){++--..}, at: [] __fib6_clean_all+0xe0/0x220 net/ipv6/ip6_fib.c:1717 stack backtrace: CPU: 1 PID: 15314 Comm: syz-executor.4 Not tainted 4.9.141+ #1 ffff8801c6f37330 ffffffff81b42e79 ffff8801a2c2c740 0000000000000000 0000000000000002 ffffffff82cc2480 ffffed0038de6eb4 ffff8801c6f37360 ffffffff813fe948 ffff8801d2f701c0 ffff8801c6f37550 ffff8801d2f701c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] lockdep_rcu_suspicious.cold.32+0x110/0x141 kernel/locking/lockdep.c:4455 [] fib6_del+0x810/0xb10 net/ipv6/ip6_fib.c:1470 [] fib6_clean_node+0x220/0x4c0 net/ipv6/ip6_fib.c:1657 [] fib6_walk_continue+0x3e5/0x640 net/ipv6/ip6_fib.c:1583 [] fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1628 [] fib6_clean_tree+0xd3/0x110 net/ipv6/ip6_fib.c:1702 [] __fib6_clean_all+0xf9/0x220 net/ipv6/ip6_fib.c:1718 [] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline] [] fib6_run_gc+0x117/0x2c0 net/ipv6/ip6_fib.c:1826 [] ndisc_netdev_event+0x2ac/0x350 net/ipv6/ndisc.c:1750 [] notifier_call_chain+0xb4/0x1d0 kernel/notifier.c:93 [] __raw_notifier_call_chain kernel/notifier.c:394 [inline] [] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 [] call_netdevice_notifiers_info+0x55/0x70 net/core/dev.c:1647 [] call_netdevice_notifiers net/core/dev.c:1663 [inline] [] dev_close_many+0x2e4/0x6a0 net/core/dev.c:1456 [] rollback_registered_many+0x3ac/0xb50 net/core/dev.c:6838 [] rollback_registered+0xee/0x1b0 net/core/dev.c:6901 [] unregister_netdevice_queue+0x1aa/0x230 net/core/dev.c:7888 [] unregister_netdevice include/linux/netdevice.h:2465 [inline] [] __tun_detach+0x821/0xa00 drivers/net/tun.c:575 [] tun_detach drivers/net/tun.c:585 [inline] [] tun_chr_close+0x44/0x60 drivers/net/tun.c:2392 [] __fput+0x263/0x700 fs/file_table.c:208 [] ____fput+0x15/0x20 fs/file_table.c:244 [] task_work_run+0x10c/0x180 kernel/task_work.c:116 [] get_signal+0x1042/0x1460 kernel/signal.c:2151 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ------------[ cut here ]------------ WARNING: CPU: 0 PID: 15405 at mm/page_alloc.c:3556 __alloc_pages_slowpath mm/page_alloc.c:3556 [inline] WARNING: CPU: 0 PID: 15405 at mm/page_alloc.c:3556 __alloc_pages_nodemask+0x13a0/0x1bd0 mm/page_alloc.c:3862 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15404 comm=syz-executor.0