=============================== [ INFO: suspicious RCU usage. ] 4.4.172+ #2 Not tainted ------------------------------- net/ipv6/ip6_fib.c:1465 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 5 locks held by syz-executor2/2154: #0: (rcu_read_lock){......}, at: [] INIT_LIST_HEAD include/linux/list.h:28 [inline] #0: (rcu_read_lock){......}, at: [] avc_compute_av+0xac/0x610 security/selinux/avc.c:973 #1: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] lockdep_copy_map include/linux/lockdep.h:165 [inline] #1: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] call_timer_fn+0xde/0x850 kernel/time/timer.c:1175 #2: (fib6_gc_lock){+.-...}, at: [] spin_lock_bh include/linux/spinlock.h:307 [inline] #2: (fib6_gc_lock){+.-...}, at: [] fib6_run_gc+0x3a/0x230 net/ipv6/ip6_fib.c:1811 #3: (rcu_read_lock){......}, at: [] __fib6_clean_all+0x0/0x240 net/ipv6/ip6_fib.c:1698 #4: (&tb->tb6_lock){++--..}, at: [] __fib6_clean_all+0xe8/0x240 net/ipv6/ip6_fib.c:1712 stack backtrace: CPU: 1 PID: 2154 Comm: syz-executor2 Not tainted 4.4.172+ #2 0000000000000000 5311d19771f7b63f ffff8801db707940 ffffffff81aacde1 ffff8800b5822e00 0000000000000000 0000000000000001 00000000000005b9 ffff8800b60e2f80 ffff8801db707970 ffffffff813ab5d0 ffff8801db707b90 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305 [] fib6_del+0x7ea/0xae0 net/ipv6/ip6_fib.c:1465 [] fib6_clean_node+0x29c/0x500 net/ipv6/ip6_fib.c:1652 [] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1578 [] fib6_walk+0x91/0xe0 net/ipv6/ip6_fib.c:1623 [] fib6_clean_tree+0xe8/0x120 net/ipv6/ip6_fib.c:1697 audit_printk_skb: 27 callbacks suppressed audit: type=1400 audit(1549475886.947:375): avc: denied { create } for pid=9612 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [] __fib6_clean_all+0x100/0x240 net/ipv6/ip6_fib.c:1713 audit: type=1400 audit(1549475887.007:376): avc: denied { write } for pid=9612 comm="syz-executor3" path="socket:[257916]" dev="sockfs" ino=257916 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1549475887.007:377): avc: denied { write } for pid=9612 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [] fib6_clean_all net/ipv6/ip6_fib.c:1724 [inline] [] fib6_run_gc+0xaf/0x230 net/ipv6/ip6_fib.c:1821 [] fib6_gc_timer_cb+0x1d/0x30 net/ipv6/ip6_fib.c:1836 [] call_timer_fn+0x18d/0x850 kernel/time/timer.c:1185 [] __run_timers kernel/time/timer.c:1261 [inline] [] run_timer_softirq+0x51f/0xb70 kernel/time/timer.c:1444 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10a/0x150 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:652 [inline] [] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:926 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:768 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] avc_reclaim_node security/selinux/avc.c:541 [inline] [] avc_alloc_node security/selinux/avc.c:559 [inline] [] avc_alloc_node+0x31c/0x3c0 security/selinux/avc.c:547 [] avc_insert security/selinux/avc.c:670 [inline] [] avc_compute_av+0x182/0x610 security/selinux/avc.c:976 [] avc_has_perm_noaudit+0x2a8/0x300 security/selinux/avc.c:1112 [] cred_has_capability.isra.0+0x106/0x250 security/selinux/hooks.c:1576 [] selinux_capable+0x41/0x50 security/selinux/hooks.c:2069 [] security_capable+0x88/0xc0 security/security.c:187 [] ns_capable_common+0x73/0x160 kernel/capability.c:373 [] ns_capable kernel/capability.c:395 [inline] [] capable_wrt_inode_uidgid+0x81/0xc0 kernel/capability.c:485 [] generic_permission+0x279/0x3c0 fs/namei.c:356 [] do_inode_permission fs/namei.c:390 [inline] [] __inode_permission2+0x79/0x250 fs/namei.c:417 [] inode_permission2+0x32/0x110 fs/namei.c:475 [] may_open.isra.0+0x124/0x210 fs/namei.c:2781 [] do_last fs/namei.c:3264 [inline] [] path_openat+0x1310/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_sys_open+0x2f8/0x600 fs/open.c:1038 [] SYSC_open fs/open.c:1056 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1051 [] entry_SYSCALL_64_fastpath+0x1e/0x9a audit: type=1400 audit(1549475887.667:378): avc: denied { create } for pid=9630 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475887.877:379): avc: denied { write } for pid=9630 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475888.147:380): avc: denied { read } for pid=9630 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475888.217:381): avc: denied { create } for pid=9630 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475888.247:382): avc: denied { write } for pid=9630 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475889.177:383): avc: denied { create } for pid=9647 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1549475890.647:384): avc: denied { create } for pid=9692 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit_printk_skb: 9 callbacks suppressed audit: type=1400 audit(1549475892.347:388): avc: denied { create } for pid=9757 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1549475893.437:389): avc: denied { create } for pid=9803 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475893.607:390): avc: denied { write } for pid=9803 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475893.737:391): avc: denied { read } for pid=9803 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475894.697:392): avc: denied { create } for pid=9847 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475894.747:393): avc: denied { write } for pid=9847 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475894.817:394): avc: denied { read } for pid=9847 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 9870:9874 ioctl c0306201 0 returned -14 binder: 9883:9887 ioctl c0306201 0 returned -14 audit: type=1400 audit(1549475895.807:395): avc: denied { create } for pid=9891 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475895.877:396): avc: denied { write } for pid=9891 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1549475895.927:397): avc: denied { read } for pid=9891 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 9903:9905 ioctl c0306201 0 returned -14