audit: type=1400 audit(1561380492.139:330): avc:  denied  { create } for  pid=4928 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
===============================
[ INFO: suspicious RCU usage. ]
4.4.174+ #17 Not tainted
-------------------------------
net/ipv4/xfrm4_protocol.c:80 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
no locks held by syz-executor.0/4967.

stack backtrace:
CPU: 0 PID: 4967 Comm: syz-executor.0 Not tainted 4.4.174+ #17
audit: type=1400 audit(1561380492.249:331): avc:  denied  { set_context_mgr } for  pid=4966 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
 0000000000000000 fa8f551c5d398f49 ffff8801d122f6f8 ffffffff81aad1a1
 ffffffff831af4e0 0000000000000000 0000000000000001 0000000000000050
 ffff8800ba120000 ffff8801d122f728 ffffffff813ab7d6 ffff8800b73b0a00[  175.587692] audit: type=1400 audit(1561380492.289:332): avc:  denied  { set_context_mgr } for  pid=4966 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1

Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ab7d6>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305
 [<ffffffff8254222a>] xfrm4_rcv_encap+0x30a/0x370 net/ipv4/xfrm4_protocol.c:80
 [<ffffffff82540745>] xfrm4_udp_encap_rcv+0x3f5/0x620 net/ipv4/xfrm4_input.c:148
 [<ffffffff82482087>] udp_queue_rcv_skb+0xe57/0x14e0 net/ipv4/udp.c:1547
 [<ffffffff821e5e40>] sk_backlog_rcv include/net/sock.h:875 [inline]
 [<ffffffff821e5e40>] __release_sock net/core/sock.c:2024 [inline]
 [<ffffffff821e5e40>] release_sock+0x170/0x500 net/core/sock.c:2477
 [<ffffffff8247f646>] udp_sendmsg+0x1176/0x1c60 net/ipv4/udp.c:1107
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821da269>] ___sys_sendmsg+0x769/0x890 net/socket.c:1975
 [<ffffffff821dd0c5>] __sys_sendmsg+0xc5/0x160 net/socket.c:2009
 [<ffffffff822acdda>] C_SYSC_sendmsg net/compat.c:725 [inline]
 [<ffffffff822acdda>] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:723
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
binder: 4993:4994 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 4993:4994 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: 4993:4995 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5025:5032 ioctl 40046207 0 returned -16
binder: 5042:5044 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 5042:5045 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5081:5084 ioctl 40046207 0 returned -16
binder: 5089:5090 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 5089:5094 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
audit_printk_skb: 81 callbacks suppressed
audit: type=1400 audit(1561380496.499:360): avc:  denied  { set_context_mgr } for  pid=5103 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5108:5111 ioctl 40046207 0 returned -16
binder: 5112:5114 ioctl 40046207 0 returned -16
audit: type=1400 audit(1561380496.999:361): avc:  denied  { set_context_mgr } for  pid=5118 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1561380497.169:362): avc:  denied  { set_context_mgr } for  pid=5125 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5128:5137 ioctl 40046207 0 returned -16
binder: 5133:5134 ioctl 40046207 0 returned -16
audit: type=1400 audit(1561380497.679:363): avc:  denied  { set_context_mgr } for  pid=5142 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1561380497.879:364): avc:  denied  { set_context_mgr } for  pid=5148 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 5151:5161 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5152:5156 ioctl 40046207 0 returned -16
audit: type=1400 audit(1561380498.179:365): avc:  denied  { set_context_mgr } for  pid=5166 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1561380498.569:366): avc:  denied  { set_context_mgr } for  pid=5173 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 5174:5180 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5179:5185 ioctl 40046207 0 returned -16
audit: type=1400 audit(1561380499.009:367): avc:  denied  { set_context_mgr } for  pid=5192 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5200:5203 ioctl 40046207 0 returned -16
binder: 5199:5205 ioctl 40046207 0 returned -16
audit: type=1400 audit(1561380499.509:368): avc:  denied  { set_context_mgr } for  pid=5214 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1561380499.669:369): avc:  denied  { set_context_mgr } for  pid=5219 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5224:5225 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5235:5239 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5245:5249 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5247:5251 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5256:5259 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5260:5262 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5263:5265 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5275:5280 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5300:5302 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set