============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #179 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1704 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor1/24055: #0: (br_ioctl_mutex){+.+.}, at: [<0000000033b6378a>] sock_ioctl+0x367/0x440 net/socket.c:1018 #1: (rtnl_mutex){+.+.}, at: [<00000000958a7ac7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #2: (rcu_read_lock){....}, at: [<00000000a17d3d69>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 24055 Comm: syz-executor1 Not tainted 4.15.0-rc5+ #179 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0xcaa/0x11b0 net/ipv6/ip6_fib.c:1703 fib6_clean_node+0x42e/0x580 net/ipv6/ip6_fib.c:1894 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_down_dev net/ipv6/route.c:3611 [inline] rt6_disable_ip+0xfd/0x700 net/ipv6/route.c:3616 addrconf_ifdown+0x14b/0x14f0 net/ipv6/addrconf.c:3595 addrconf_notify+0x5f8/0x2310 net/ipv6/addrconf.c:3519 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] rollback_registered_many+0x8b5/0xe20 net/core/dev.c:7335 rollback_registered+0x1be/0x3c0 net/core/dev.c:7377 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8392 br_dev_delete+0x138/0x190 net/bridge/br_if.c:320 br_del_bridge+0xac/0xe0 net/bridge/br_if.c:421 br_ioctl_deviceless_stub+0x2ec/0xa00 net/bridge/br_ioctl.c:380 sock_ioctl+0x383/0x440 net/socket.c:1020 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fd58d185c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd58d186700 RCX: 0000000000452ac9 RDX: 0000000020be2000 RSI: 00000000000089a1 RDI: 0000000000000018 RBP: 0000000000a2f870 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007fd58d1869c0 R15: 0000000000000014 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #179 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1731 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor1/24055: #0: (br_ioctl_mutex){+.+.}, at: [<0000000033b6378a>] sock_ioctl+0x367/0x440 net/socket.c:1018 #1: (rtnl_mutex){+.+.}, at: [<00000000958a7ac7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #2: (rcu_read_lock){....}, at: [<00000000a17d3d69>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 24055 Comm: syz-executor1 Not tainted 4.15.0-rc5+ #179 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0x425/0x11b0 net/ipv6/ip6_fib.c:1730 fib6_clean_node+0x42e/0x580 net/ipv6/ip6_fib.c:1894 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_down_dev net/ipv6/route.c:3611 [inline] rt6_disable_ip+0xfd/0x700 net/ipv6/route.c:3616 addrconf_ifdown+0x14b/0x14f0 net/ipv6/addrconf.c:3595 addrconf_notify+0x5f8/0x2310 net/ipv6/addrconf.c:3519 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] rollback_registered_many+0x8b5/0xe20 net/core/dev.c:7335 rollback_registered+0x1be/0x3c0 net/core/dev.c:7377 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8392 br_dev_delete+0x138/0x190 net/bridge/br_if.c:320 br_del_bridge+0xac/0xe0 net/bridge/br_if.c:421 br_ioctl_deviceless_stub+0x2ec/0xa00 net/bridge/br_ioctl.c:380 sock_ioctl+0x383/0x440 net/socket.c:1020 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fd58d185c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd58d186700 RCX: 0000000000452ac9 RDX: 0000000020be2000 RSI: 00000000000089a1 RDI: 0000000000000018 RBP: 0000000000a2f870 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007fd58d1869c0 R15: 0000000000000014 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #179 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1641 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor1/24055: #0: (br_ioctl_mutex){+.+.}, at: [<0000000033b6378a>] sock_ioctl+0x367/0x440 net/socket.c:1018 #1: (rtnl_mutex){+.+.}, at: [<00000000958a7ac7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #2: (rcu_read_lock){....}, at: [<00000000a17d3d69>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 24055 Comm: syz-executor1 Not tainted 4.15.0-rc5+ #179 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del_route net/ipv6/ip6_fib.c:1640 [inline] fib6_del+0xd18/0x11b0 net/ipv6/ip6_fib.c:1733 fib6_clean_node+0x42e/0x580 net/ipv6/ip6_fib.c:1894 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_down_dev net/ipv6/route.c:3611 [inline] rt6_disable_ip+0xfd/0x700 net/ipv6/route.c:3616 addrconf_ifdown+0x14b/0x14f0 net/ipv6/addrconf.c:3595 addrconf_notify+0x5f8/0x2310 net/ipv6/addrconf.c:3519 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] rollback_registered_many+0x8b5/0xe20 net/core/dev.c:7335 rollback_registered+0x1be/0x3c0 net/core/dev.c:7377 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8392 br_dev_delete+0x138/0x190 net/bridge/br_if.c:320 br_del_bridge+0xac/0xe0 net/bridge/br_if.c:421 br_ioctl_deviceless_stub+0x2ec/0xa00 net/bridge/br_ioctl.c:380 sock_ioctl+0x383/0x440 net/socket.c:1020 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fd58d185c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd58d186700 RCX: 0000000000452ac9 RDX: 0000000020be2000 RSI: 00000000000089a1 RDI: 0000000000000018 RBP: 0000000000a2f870 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007fd58d1869c0 R15: 0000000000000014 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #179 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1678 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 5 locks held by syz-executor1/24055: #0: (br_ioctl_mutex){+.+.}, at: [<0000000033b6378a>] sock_ioctl+0x367/0x440 net/socket.c:1018 #1: (rtnl_mutex){+.+.}, at: [<00000000958a7ac7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #2: (rcu_read_lock){....}, at: [<00000000a17d3d69>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f31c96c2>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 #4: (&net->ipv6.fib6_walker_lock){++-.}, at: [<00000000df6f6a97>] fib6_del_route net/ipv6/ip6_fib.c:1673 [inline] #4: (&net->ipv6.fib6_walker_lock){++-.}, at: [<00000000df6f6a97>] fib6_del+0x935/0x11b0 net/ipv6/ip6_fib.c:1733 stack backtrace: CPU: 1 PID: 24055 Comm: syz-executor1 Not tainted 4.15.0-rc5+ #179 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del_route net/ipv6/ip6_fib.c:1677 [inline] fib6_del+0xeb3/0x11b0 net/ipv6/ip6_fib.c:1733 fib6_clean_node+0x42e/0x580 net/ipv6/ip6_fib.c:1894 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_down_dev net/ipv6/route.c:3611 [inline] rt6_disable_ip+0xfd/0x700 net/ipv6/route.c:3616 addrconf_ifdown+0x14b/0x14f0 net/ipv6/addrconf.c:3595 addrconf_notify+0x5f8/0x2310 net/ipv6/addrconf.c:3519 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] rollback_registered_many+0x8b5/0xe20 net/core/dev.c:7335 rollback_registered+0x1be/0x3c0 net/core/dev.c:7377 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8392 br_dev_delete+0x138/0x190 net/bridge/br_if.c:320 br_del_bridge+0xac/0xe0 net/bridge/br_if.c:421 br_ioctl_deviceless_stub+0x2ec/0xa00 net/bridge/br_ioctl.c:380 sock_ioctl+0x383/0x440 net/socket.c:1020 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fd58d185c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd58d186700 RCX: 0000000000452ac9 RDX: 0000000020be2000 RSI: 00000000000089a1 RDI: 0000000000000018 RBP: 0000000000a2f870 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007fd58d1869c0 R15: 0000000000000014 device yam0 left promiscuous mode sctp: [Deprecated]: syz-executor2 (pid 24153) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor2 (pid 24153) Use of int in max_burst socket option. Use struct sctp_assoc_value instead nla_parse: 1 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. ip6tnl0: Invalid MTU 2003179473 requested, hw max 65392 ip6tnl0: Invalid MTU 2003179473 requested, hw max 65392 netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 68 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 68 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=24384 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=24384 comm=syz-executor7 netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket pig=24467 comm=syz-executor6 netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 'syz-executor2': attribute type 16 has an invalid length. sctp: [Deprecated]: syz-executor3 (pid 25274) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 25274) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 25334) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 25352) Use of int in max_burst socket option. Use struct sctp_assoc_value instead dccp_v6_rcv: dropped packet with invalid checksum dccp_v6_rcv: dropped packet with invalid checksum netlink: 'syz-executor4': attribute type 6 has an invalid length. Trying to set illegal importance in message Trying to set illegal importance in message device syz4 entered promiscuous mode device syz4 left promiscuous mode device syz4 entered promiscuous mode device syz4 left promiscuous mode nla_parse: 22 callbacks suppressed netlink: 17 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 'syz-executor0': attribute type 15 has an invalid length. netlink: 'syz-executor0': attribute type 15 has an invalid length. audit: type=1400 audit(1515460021.366:89): avc: denied { map } for pid=26103 comm="syz-executor7" path="socket:[125449]" dev="sockfs" ino=125449 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'. sctp: [Deprecated]: syz-executor0 (pid 26171) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. sctp: [Deprecated]: syz-executor0 (pid 26190) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead netlink: 11 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor7'.