=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:2076 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_del+0xcf2/0x1770 net/ipv6/ip6_fib.c:2076
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:2088 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_del+0x2ef/0x1770 net/ipv6/ip6_fib.c:2088
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1974 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_del_route net/ipv6/ip6_fib.c:1974 [inline]
fib6_del+0x1084/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1983 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_del_route net/ipv6/ip6_fib.c:1983 [inline]
fib6_del+0xfef/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1987 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_del_route net/ipv6/ip6_fib.c:1987 [inline]
fib6_del+0x149b/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:2028 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
4 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
#3: ffff888036654eb8 (&net->ipv6.fib6_walker_lock){++..}-{3:3}, at: fib6_del_route net/ipv6/ip6_fib.c:2024 [inline]
#3: ffff888036654eb8 (&net->ipv6.fib6_walker_lock){++..}-{3:3}, at: fib6_del+0x880/0x1770 net/ipv6/ip6_fib.c:2093
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_del_route net/ipv6/ip6_fib.c:2028 [inline]
fib6_del+0x1281/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1067 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_purge_rt+0x542/0xbf0 net/ipv6/ip6_fib.c:1067
fib6_del_route net/ipv6/ip6_fib.c:2048 [inline]
fib6_del+0xa5e/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
=============================
WARNING: suspicious RCU usage
6.15.0-syzkaller-12426-ge271ed52b344 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1077 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz.4.3385/17411:
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
#0: ffffffff9034bc68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e5c4cc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x3a/0x2d0 net/ipv6/ip6_fib.c:2316
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880548ee030 (&tb->tb6_lock){+.-.}-{3:3}, at: __fib6_clean_all+0xeb/0x2d0 net/ipv6/ip6_fib.c:2320
stack backtrace:
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6871
fib6_purge_rt+0x5d7/0xbf0 net/ipv6/ip6_fib.c:1077
fib6_del_route net/ipv6/ip6_fib.c:2048 [inline]
fib6_del+0xa5e/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
==================================================================
BUG: KASAN: global-out-of-bounds in call_fib6_entry_notifiers_replace net/ipv6/ip6_fib.c:432 [inline]
BUG: KASAN: global-out-of-bounds in fib6_del_route net/ipv6/ip6_fib.c:2055 [inline]
BUG: KASAN: global-out-of-bounds in fib6_del+0xb39/0x1770 net/ipv6/ip6_fib.c:2093
Read of size 4 at addr ffffffff9b2233c8 by task syz.4.3385/17411
CPU: 1 UID: 0 PID: 17411 Comm: syz.4.3385 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xcd/0x680 mm/kasan/report.c:521
kasan_report+0xe0/0x110 mm/kasan/report.c:634
call_fib6_entry_notifiers_replace net/ipv6/ip6_fib.c:432 [inline]
fib6_del_route net/ipv6/ip6_fib.c:2055 [inline]
fib6_del+0xb39/0x1770 net/ipv6/ip6_fib.c:2093
fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2255
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2177
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2225
fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2305
__fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2321
rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:5009
addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3857
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
dev_close_many+0x319/0x630 net/core/dev.c:1785
unregister_netdevice_many_notify+0x578/0x2700 net/core/dev.c:12047
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
unregister_netdevice include/linux/netdevice.h:3379 [inline]
__tun_detach+0x1249/0x1540 drivers/net/tun.c:620
tun_detach drivers/net/tun.c:636 [inline]
tun_chr_close+0xc2/0x230 drivers/net/tun.c:3396
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x14d/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x864/0x2bd0 kernel/exit.c:955
do_group_exit+0xd3/0x2a0 kernel/exit.c:1104
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
The buggy address belongs to the variable:
binder_devices+0x28/0x40
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b223
flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002000 ffffea00006c88c8 ffffea00006c88c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)
Memory state around the buggy address:
ffffffff9b223280: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
ffffffff9b223300: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
>ffffffff9b223380: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
^
ffffffff9b223400: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
ffffffff9b223480: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================