keychord: invalid keycode count 0
===============================
[ INFO: suspicious RCU usage. ]
4.4.174+ #4 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1465 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
6 locks held by syz-executor.4/2140:
 #0:  (tasklist_lock){.+.+..}, at: [<ffffffff810de74e>] do_wait+0x2be/0xa00 kernel/exit.c:1515
 #1:  (rcu_read_lock){......}, at: [<ffffffff819631a0>] task_has_perm+0x0/0x330 security/selinux/hooks.c:5620
 #2:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff8125822e>] lockdep_copy_map include/linux/lockdep.h:165 [inline]
 #2:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff8125822e>] call_timer_fn+0xde/0x850 kernel/time/timer.c:1175
 #3:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa33a>] spin_lock_bh include/linux/spinlock.h:307 [inline]
 #3:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa33a>] fib6_run_gc+0x3a/0x230 net/ipv6/ip6_fib.c:1811
 #4:  (rcu_read_lock){......}, at: [<ffffffff825f1ee0>] __fib6_clean_all+0x0/0x240 net/ipv6/ip6_fib.c:1698
 #5:  (&tb->tb6_lock){++--..}, at: [<ffffffff825f1fc8>] __fib6_clean_all+0xe8/0x240 net/ipv6/ip6_fib.c:1712

stack backtrace:
CPU: 1 PID: 2140 Comm: syz-executor.4 Not tainted 4.4.174+ #4
 0000000000000000 534232f7be89a1cb ffff8801db707940 ffffffff81aad1a1
 ffff8801cf53c380 0000000000000000 0000000000000001 00000000000005b9
 ffff8801d5808000 ffff8801db707970 ffffffff813ab7d6 ffff8801db707b90
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ab7d6>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305
 [<ffffffff825f9ada>] fib6_del+0x7ea/0xae0 net/ipv6/ip6_fib.c:1465
 [<ffffffff825fa06c>] fib6_clean_node+0x29c/0x500 net/ipv6/ip6_fib.c:1652
 [<ffffffff825f1830>] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1578
 [<ffffffff825f1d71>] fib6_walk+0x91/0xe0 net/ipv6/ip6_fib.c:1623
 [<ffffffff825f1ea8>] fib6_clean_tree+0xe8/0x120 net/ipv6/ip6_fib.c:1697
 [<ffffffff825f1fe0>] __fib6_clean_all+0x100/0x240 net/ipv6/ip6_fib.c:1713
 [<ffffffff825fa3af>] fib6_clean_all net/ipv6/ip6_fib.c:1724 [inline]
 [<ffffffff825fa3af>] fib6_run_gc+0xaf/0x230 net/ipv6/ip6_fib.c:1821
 [<ffffffff825fa54d>] fib6_gc_timer_cb+0x1d/0x30 net/ipv6/ip6_fib.c:1836
 [<ffffffff812582dd>] call_timer_fn+0x18d/0x850 kernel/time/timer.c:1185
 [<ffffffff81258ebf>] __run_timers kernel/time/timer.c:1261 [inline]
 [<ffffffff81258ebf>] run_timer_softirq+0x51f/0xb70 kernel/time/timer.c:1444
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b24e>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b24e>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:926
 [<ffffffff8271a59d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:768
 <EOI>  [<ffffffff81963368>] ? rcu_read_unlock include/linux/rcupdate.h:916 [inline]
 <EOI>  [<ffffffff81963368>] ? task_has_perm+0x1c8/0x330 security/selinux/hooks.c:1524
 [<ffffffff81963368>] rcu_read_unlock include/linux/rcupdate.h:916 [inline]
 [<ffffffff81963368>] task_has_perm+0x1c8/0x330 security/selinux/hooks.c:1524
 [<ffffffff819634f4>] selinux_task_wait+0x24/0x30 security/selinux/hooks.c:3763
 [<ffffffff8194fcc3>] security_task_wait+0x73/0xb0 security/security.c:993
 [<ffffffff810db16b>] wait_consider_task+0x28b/0x35b0 kernel/exit.c:1334
 [<ffffffff810de7e0>] do_wait_thread kernel/exit.c:1447 [inline]
 [<ffffffff810de7e0>] do_wait+0x350/0xa00 kernel/exit.c:1518
 [<ffffffff810df714>] SYSC_wait4 kernel/exit.c:1649 [inline]
 [<ffffffff810df714>] SyS_wait4+0x144/0x210 kernel/exit.c:1614
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
binder: 5283:5284 got transaction to invalid handle
binder: 5283:5284 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5283:5284 unknown command 0
binder: 5283:5284 ioctl c0306201 200003c0 returned -22
binder: 5283:5284 got transaction to invalid handle
binder: 5283:5296 unknown command 0
binder: 5283:5296 ioctl c0306201 200003c0 returned -22
binder: 5283:5284 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5315:5318 got transaction to invalid handle
binder: 5315:5318 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5315:5318 unknown command 0
binder: 5315:5318 ioctl c0306201 200003c0 returned -22
binder: 5357:5362 got transaction to invalid handle
binder: 5357:5362 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5357:5362 unknown command 0
binder: 5357:5362 ioctl c0306201 200003c0 returned -22
binder: 5395:5399 got transaction to invalid handle
binder: 5395:5399 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5475:5477 got transaction to invalid handle
binder: 5475:5477 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5505:5506 got transaction to invalid handle
binder: 5505:5506 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5526:5527 got transaction to invalid handle
binder: 5526:5527 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5554:5561 got transaction to invalid handle
binder: 5554:5561 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5610:5631 got transaction to invalid handle
binder: 5610:5631 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5673:5673 got transaction to invalid handle
binder: 5673:5673 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5682:5689 got transaction to invalid handle
binder: 5682:5689 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5707:5727 got transaction to invalid handle
binder: 5707:5727 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5747:5772 got transaction to invalid handle
binder: 5747:5772 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5785:5788 got transaction to invalid handle
binder: 5785:5788 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5809:5810 got transaction to invalid handle
binder: 5809:5810 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5823:5824 got transaction to invalid handle
binder: 5823:5824 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5845:5846 got transaction to invalid handle
binder: 5845:5846 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5855:5856 got transaction to invalid handle
binder: 5855:5856 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5865:5868 got transaction to invalid handle
binder: 5865:5868 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5875:5876 got transaction to invalid handle
binder: 5875:5876 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5880:5882 got transaction to invalid handle
binder: 5880:5882 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5890:5892 got transaction to invalid handle
binder: 5890:5892 transaction failed 29201/-22, size 70368744177688-8 line 3014
binder: 5898:5901 got transaction to invalid handle
binder: 5898:5901 transaction failed 29201/-22, size 70368744177688-8 line 3014