syzbot

===============================
[ INFO: suspicious RCU usage. ]
4.9.73-gf3f3457 #1 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
5 locks held by syzkaller123889/3341:
 #0:  (&mm->mmap_sem){++++++}, at: [<ffffffff8149671b>] vm_mmap_pgoff+0x12b/0x1b0 mm/util.c:303
 #1:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff812a3894>] lockdep_copy_map include/linux/lockdep.h:165 [inline]
 #1:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff812a3894>] call_timer_fn+0xe4/0x700 kernel/time/timer.c:1311
 #2:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<ffffffff83471275>] spin_lock_bh include/linux/spinlock.h:307 [inline]
 #2:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<ffffffff83471275>] fib6_run_gc+0xa5/0x2c0 net/ipv6/ip6_fib.c:1816
 #3:  (rcu_read_lock){......}, at: [<ffffffff8346b880>] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:740
 #4:  (&tb->tb6_lock){++-...}, at: [<ffffffff8346b960>] __fib6_clean_all+0xe0/0x230 net/ipv6/ip6_fib.c:1717

stack backtrace:
CPU: 0 PID: 3341 Comm: syzkaller123889 Not tainted 4.9.73-gf3f3457 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801db207900 ffffffff81d922b9 ffff8801c8284800 0000000000000000
 0000000000000002 ffffffff83f4ae40 ffffed003b640f70 ffff8801db207930
 ffffffff81236529 ffff8801d06d0700 ffff8801d06d0700 dffffc0000000000
Call Trace:
 <IRQ> [   71.036090]  [<ffffffff81d922b9>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ> [   71.036090]  [<ffffffff81d922b9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81236529>] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4455
 [<ffffffff8347097b>] fib6_del+0x6ab/0xa30 net/ipv6/ip6_fib.c:1470
 [<ffffffff83471036>] fib6_clean_node+0x336/0x4a0 net/ipv6/ip6_fib.c:1657
 [<ffffffff83467f0b>] fib6_walk_continue+0x39b/0x620 net/ipv6/ip6_fib.c:1583
 [<ffffffff8346a8a9>] fib6_walk+0xd9/0x150 net/ipv6/ip6_fib.c:1628
 [<ffffffff8346aa05>] fib6_clean_tree+0xe5/0x130 net/ipv6/ip6_fib.c:1702
 [<ffffffff8346b979>] __fib6_clean_all+0xf9/0x230 net/ipv6/ip6_fib.c:1718
 [<ffffffff834712e7>] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline]
 [<ffffffff834712e7>] fib6_run_gc+0x117/0x2c0 net/ipv6/ip6_fib.c:1826
 [<ffffffff834714ac>] fib6_gc_timer_cb+0x1c/0x20 net/ipv6/ip6_fib.c:1841
 [<ffffffff812a3914>] call_timer_fn+0x164/0x700 kernel/time/timer.c:1321
 [<ffffffff812a5782>] expire_timers kernel/time/timer.c:1361 [inline]
 [<ffffffff812a5782>] __run_timers kernel/time/timer.c:1660 [inline]
 [<ffffffff812a5782>] run_timer_softirq+0x6a2/0x1660 kernel/time/timer.c:1686
 [<ffffffff838b5d76>] __do_softirq+0x206/0x951 kernel/softirq.c:284
 [<ffffffff81144e85>] invoke_softirq kernel/softirq.c:364 [inline]
 [<ffffffff81144e85>] irq_exit+0x165/0x190 kernel/softirq.c:405
 [<ffffffff838b498b>] exiting_irq arch/x86/include/asm/apic.h:659 [inline]
 [<ffffffff838b498b>] smp_apic_timer_interrupt+0x7b/0xa0 arch/x86/kernel/apic/apic.c:960
 [<ffffffff838b0d5c>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:704
 <EOI> [   71.271115]  [<ffffffff838aedef>] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:767 [inline]
 <EOI> [   71.271115]  [<ffffffff838aedef>] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline]
 <EOI> [   71.271115]  [<ffffffff838aedef>] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191
 [<ffffffff81dfc582>] __debug_check_no_obj_freed lib/debugobjects.c:730 [inline]
 [<ffffffff81dfc582>] debug_check_no_obj_freed+0x2c2/0xa10 lib/debugobjects.c:746
 [<ffffffff81448995>] free_pages_prepare mm/page_alloc.c:1061 [inline]
 [<ffffffff81448995>] __free_pages_ok+0x1e5/0x16c0 mm/page_alloc.c:1263
 [<ffffffff81449ece>] free_compound_page+0x5e/0x70 mm/page_alloc.c:594
 [<ffffffff81552079>] free_transhuge_page+0x99/0xc0 mm/huge_memory.c:2228
 [<ffffffff81462a07>] __put_compound_page+0x87/0xb0 mm/swap.c:94
 [<ffffffff814636b4>] release_pages+0x2e4/0x930 mm/swap.c:763
 [<ffffffff81508183>] free_pages_and_swap_cache+0x113/0x160 mm/swap_state.c:273
 [<ffffffff814c0054>] tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:259
 [<ffffffff814c3933>] tlb_flush_mmu mm/memory.c:268 [inline]
 [<ffffffff814c3933>] tlb_finish_mmu+0x23/0xa0 mm/memory.c:279
 [<ffffffff814da4fe>] unmap_region+0x29e/0x3a0 mm/mmap.c:2506
 [<ffffffff814de661>] do_munmap+0x721/0xeb0 mm/mmap.c:2702
 [<ffffffff814e497d>] mmap_region+0x14d/0xfd0 mm/mmap.c:1635
 [<ffffffff814e5d7b>] do_mmap+0x57b/0xbe0 mm/mmap.c:1473
 [<ffffffff8149675b>] do_mmap_pgoff include/linux/mm.h:2019 [inline]
 [<ffffffff8149675b>] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305
 [<ffffffff814dfe20>] SYSC_mmap_pgoff mm/mmap.c:1523 [inline]
 [<ffffffff814dfe20>] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481
 [<ffffffff8105f216>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
 [<ffffffff8105f216>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
 [<ffffffff838af585>] entry_SYSCALL_64_fastpath+0x23/0xc6