===============================
[ INFO: suspicious RCU usage. ]
4.9.141+ #1 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
4 locks held by syz-executor.3/3372:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 #1:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<ffffffff826ef796>] spin_trylock_bh include/linux/spinlock.h:367 [inline]
 #1:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<ffffffff826ef796>] fib6_run_gc+0x226/0x2c0 net/ipv6/ip6_fib.c:1817
 #2:  (rcu_read_lock){......}, at: [<ffffffff826e6c70>] __fib6_clean_all+0x0/0x220 net/ipv6/ip6_fib.c:1703
 #3:  (&tb->tb6_lock){++--..}, at: [<ffffffff826e6d50>] __fib6_clean_all+0xe0/0x220 net/ipv6/ip6_fib.c:1717

stack backtrace:
CPU: 1 PID: 3372 Comm: syz-executor.3 Not tainted 4.9.141+ #1
 ffff8801cb9df5f8 ffffffff81b42e79 ffff8801cae4c740 0000000000000000
 0000000000000002 ffffffff82cc2480 ffffed003973bf0d ffff8801cb9df628
 ffffffff813fe948 ffff8801d29a0fc0 ffff8801cb9df818 ffff8801d29a0fc0
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff813fe948>] lockdep_rcu_suspicious.cold.32+0x110/0x141 kernel/locking/lockdep.c:4455
 [<ffffffff826eed80>] fib6_del+0x810/0xb10 net/ipv6/ip6_fib.c:1470
 [<ffffffff826ef2a0>] fib6_clean_node+0x220/0x4c0 net/ipv6/ip6_fib.c:1657
 [<ffffffff826e6545>] fib6_walk_continue+0x3e5/0x640 net/ipv6/ip6_fib.c:1583
 [<ffffffff826e6b01>] fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1628
 [<ffffffff826e6c33>] fib6_clean_tree+0xd3/0x110 net/ipv6/ip6_fib.c:1702
 [<ffffffff826e6d69>] __fib6_clean_all+0xf9/0x220 net/ipv6/ip6_fib.c:1718
 [<ffffffff826ef687>] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline]
 [<ffffffff826ef687>] fib6_run_gc+0x117/0x2c0 net/ipv6/ip6_fib.c:1826
 [<ffffffff826fa99c>] ndisc_netdev_event+0x2ac/0x350 net/ipv6/ndisc.c:1750
 [<ffffffff811478d4>] notifier_call_chain+0xb4/0x1d0 kernel/notifier.c:93
 [<ffffffff81147a5d>] __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 [<ffffffff81147a5d>] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
 [<ffffffff822f4a45>] call_netdevice_notifiers_info+0x55/0x70 net/core/dev.c:1647
 [<ffffffff822f5764>] call_netdevice_notifiers net/core/dev.c:1663 [inline]
 [<ffffffff822f5764>] dev_close_many+0x2e4/0x6a0 net/core/dev.c:1456
 [<ffffffff823031ac>] rollback_registered_many+0x3ac/0xb50 net/core/dev.c:6838
 [<ffffffff82303a3e>] rollback_registered+0xee/0x1b0 net/core/dev.c:6901
 [<ffffffff8230d5fa>] unregister_netdevice_queue+0x1aa/0x230 net/core/dev.c:7888
 [<ffffffff81ed1e91>] unregister_netdevice include/linux/netdevice.h:2465 [inline]
 [<ffffffff81ed1e91>] __tun_detach+0x821/0xa00 drivers/net/tun.c:575
 [<ffffffff81ed20b4>] tun_detach drivers/net/tun.c:585 [inline]
 [<ffffffff81ed20b4>] tun_chr_close+0x44/0x60 drivers/net/tun.c:2392
 [<ffffffff81510293>] __fput+0x263/0x700 fs/file_table.c:208
 [<ffffffff815107b5>] ____fput+0x15/0x20 fs/file_table.c:244
 [<ffffffff8113dc4c>] task_work_run+0x10c/0x180 kernel/task_work.c:116
 [<ffffffff81003e49>] tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 [<ffffffff81003e49>] exit_to_usermode_loop+0x129/0x150 arch/x86/entry/common.c:162
 [<ffffffff81005932>] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 [<ffffffff81005932>] syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
 [<ffffffff81005932>] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
audit_printk_skb: 2064 callbacks suppressed
audit: type=1400 audit(1554991835.216:12441): avc:  denied  { dac_override } for  pid=2115 comm="syz-executor.2" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.216:12442): avc:  denied  { sys_admin } for  pid=2112 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.216:12443): avc:  denied  { sys_admin } for  pid=2112 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.216:12444): avc:  denied  { sys_admin } for  pid=2112 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.226:12445): avc:  denied  { net_admin } for  pid=2116 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.236:12446): avc:  denied  { sys_admin } for  pid=2112 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.246:12447): avc:  denied  { net_admin } for  pid=2116 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.246:12448): avc:  denied  { net_admin } for  pid=2112 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.256:12449): avc:  denied  { net_admin } for  pid=2112 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991835.256:12450): avc:  denied  { net_admin } for  pid=2112 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3382 comm=syz-executor.3
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3482:3483 ioctl 40046207 0 returned -16
binder: 3482:3483 unknown command -1068621437
binder: 3482:3483 ioctl c0306201 2000dfd0 returned -22
binder: 3482:3483 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 3482:3483 unknown command 0
binder: 3482:3483 ioctl c0306201 200005c0 returned -22
binder: undelivered death notification, 0000000000000000
input: syz1 as /devices/virtual/input/input186
SELinux:  unknown common `
syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 0 PID: 3521 Comm: syz-executor.2 Not tainted 4.9.141+ #1
 ffff8801a31d78a0 ffffffff81b42e79 1ffff1003463af16 ffff8801ca4517c0
 ffffffff82aa8c00 0000000000000001 0000000000400000 ffff8801a31d79e8
 ffffffff814fc7c8 0000000041b58ab3 ffffffff82e37a10 ffffffff81427db0
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff814fc7c8>] warn_alloc.cold.31+0x7f/0x9c mm/page_alloc.c:3068
 [<ffffffff814c9f8e>] __vmalloc_node_range+0x35e/0x600 mm/vmalloc.c:1723
 [<ffffffff814ca71b>] __vmalloc_node mm/vmalloc.c:1745 [inline]
 [<ffffffff814ca71b>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
 [<ffffffff814ca71b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1774
 [<ffffffff81a122d5>] sel_write_load+0x135/0xfa0 security/selinux/selinuxfs.c:514
 [<ffffffff81508085>] __vfs_write+0x115/0x580 fs/read_write.c:507
 [<ffffffff8150ab97>] vfs_write+0x187/0x520 fs/read_write.c:557
 [<ffffffff8150e9c9>] SYSC_write fs/read_write.c:604 [inline]
 [<ffffffff8150e9c9>] SyS_write+0xd9/0x1c0 fs/read_write.c:596
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Mem-Info:
active_anon:417125 inactive_anon:69387 isolated_anon:0
 active_file:4869 inactive_file:17110 isolated_file:0
 unevictable:22 dirty:147 writeback:0 unstable:0
 slab_reclaimable:6215 slab_unreclaimable:69972
 mapped:73509 shmem:89003 pagetables:15554 bounce:0
 free:977413 free_pcp:339 free_cma:0
Node 0 active_anon:1668500kB inactive_anon:277548kB active_file:19476kB inactive_file:68440kB unevictable:88kB isolated(anon):0kB isolated(file):0kB mapped:294036kB dirty:588kB writeback:0kB shmem:356012kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA32 free:3019464kB min:4696kB low:7712kB high:10728kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020132kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:668kB local_pcp:668kB free_cma:0kB
Normal free:890188kB min:5580kB low:9168kB high:12756kB active_anon:1668500kB inactive_anon:277548kB active_file:19476kB inactive_file:68440kB unevictable:88kB writepending:588kB present:4718592kB managed:3589316kB mlocked:88kB slab_reclaimable:24860kB slab_unreclaimable:279888kB kernel_stack:23616kB pagetables:62216kB bounce:0kB free_pcp:688kB local_pcp:596kB free_cma:0kB
DMA32: 4*4kB (UM) 3*8kB (M) 2*16kB (M) 4*32kB (UM) 4*64kB (UM) 4*128kB (UM) 3*256kB (UM) 2*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 735*4096kB (M) = 3019464kB
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313617 pages reserved
SELinux:  unknown common `
syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 0 PID: 3527 Comm: syz-executor.2 Not tainted 4.9.141+ #1
 ffff8801c63678a0 ffffffff81b42e79 1ffff10038c6cf16 ffff8801b6242f80
 ffffffff82aa8c00 0000000000000001 0000000000400000 ffff8801c63679e8
 ffffffff814fc7c8 0000000041b58ab3 ffffffff82e37a10 ffffffff81427db0
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff814fc7c8>] warn_alloc.cold.31+0x7f/0x9c mm/page_alloc.c:3068
 [<ffffffff814c9f8e>] __vmalloc_node_range+0x35e/0x600 mm/vmalloc.c:1723
 [<ffffffff814ca71b>] __vmalloc_node mm/vmalloc.c:1745 [inline]
 [<ffffffff814ca71b>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
 [<ffffffff814ca71b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1774
 [<ffffffff81a122d5>] sel_write_load+0x135/0xfa0 security/selinux/selinuxfs.c:514
 [<ffffffff81508085>] __vfs_write+0x115/0x580 fs/read_write.c:507
 [<ffffffff8150ab97>] vfs_write+0x187/0x520 fs/read_write.c:557
 [<ffffffff8150e9c9>] SYSC_write fs/read_write.c:604 [inline]
 [<ffffffff8150e9c9>] SyS_write+0xd9/0x1c0 fs/read_write.c:596
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Mem-Info:
active_anon:417125 inactive_anon:69387 isolated_anon:0
 active_file:4869 inactive_file:17110 isolated_file:0
 unevictable:22 dirty:147 writeback:0 unstable:0
 slab_reclaimable:6215 slab_unreclaimable:69947
 mapped:73509 shmem:89003 pagetables:15554 bounce:0
 free:977381 free_pcp:423 free_cma:0
Node 0 active_anon:1668500kB inactive_anon:277548kB active_file:19476kB inactive_file:68440kB unevictable:88kB isolated(anon):0kB isolated(file):0kB mapped:294036kB dirty:588kB writeback:0kB shmem:356012kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA32 free:3019464kB min:4696kB low:7712kB high:10728kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020132kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:668kB local_pcp:668kB free_cma:0kB
Normal free:890060kB min:5580kB low:9168kB high:12756kB active_anon:1668500kB inactive_anon:277548kB active_file:19476kB inactive_file:68440kB unevictable:88kB writepending:588kB present:4718592kB managed:3589316kB mlocked:88kB slab_reclaimable:24860kB slab_unreclaimable:279788kB kernel_stack:23712kB pagetables:62216kB bounce:0kB free_pcp:1024kB local_pcp:580kB free_cma:0kB
DMA32: 4*4kB (UM) 3*8kB (M) 2*16kB (M) 4*32kB (UM) 4*64kB (UM) 4*128kB (UM) 3*256kB (UM) 2*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 735*4096kB (M) = 3019464kB
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313617 pages reserved
uinput: write device info first
audit_printk_skb: 3337 callbacks suppressed
audit: type=1400 audit(1554991840.226:13564): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.266:13565): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.296:13566): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.326:13567): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.356:13568): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.376:13569): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.406:13570): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.426:13571): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.456:13572): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554991840.486:13573): avc:  denied  { net_admin } for  pid=2115 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
binder_alloc: 3394: binder_alloc_buf, no vma
binder: 3635:3639 transaction failed 29189/-3, size 24-8 line 3136
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3394: binder_alloc_buf, no vma
binder: 3635:3660 transaction failed 29189/-3, size 24-8 line 3136
binder: undelivered TRANSACTION_ERROR: 29189
device lo entered promiscuous mode