===============================
[ INFO: suspicious RCU usage. ]
4.4.174+ #4 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1465 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
4 locks held by syz-executor.1/6416:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff8226e537>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 #1:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa48c>] spin_trylock_bh include/linux/spinlock.h:367 [inline]
 #1:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa48c>] fib6_run_gc+0x18c/0x230 net/ipv6/ip6_fib.c:1812
 #2:  (rcu_read_lock){......}, at: [<ffffffff825f1ee0>] __fib6_clean_all+0x0/0x240 net/ipv6/ip6_fib.c:1698
 #3:  (&tb->tb6_lock){++--..}, at: [<ffffffff825f1fc8>] __fib6_clean_all+0xe8/0x240 net/ipv6/ip6_fib.c:1712

stack backtrace:
CPU: 1 PID: 6416 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 e5001c66eef8cf9d ffff88008fc8f650 ffffffff81aad1a1
 ffff8801d3b5c380 0000000000000000 0000000000000001 00000000000005b9
 ffff880195aa17c0 ffff88008fc8f680 ffffffff813ab7d6 ffff88008fc8f8a0
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ab7d6>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305
 [<ffffffff825f9ada>] fib6_del+0x7ea/0xae0 net/ipv6/ip6_fib.c:1465
 [<ffffffff825fa06c>] fib6_clean_node+0x29c/0x500 net/ipv6/ip6_fib.c:1652
 [<ffffffff825f1830>] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1578
 [<ffffffff825f1d71>] fib6_walk+0x91/0xe0 net/ipv6/ip6_fib.c:1623
 [<ffffffff825f1ea8>] fib6_clean_tree+0xe8/0x120 net/ipv6/ip6_fib.c:1697
 [<ffffffff825f1fe0>] __fib6_clean_all+0x100/0x240 net/ipv6/ip6_fib.c:1713
 [<ffffffff825fa3af>] fib6_clean_all net/ipv6/ip6_fib.c:1724 [inline]
 [<ffffffff825fa3af>] fib6_run_gc+0xaf/0x230 net/ipv6/ip6_fib.c:1821
 [<ffffffff82606780>] ndisc_netdev_event+0x2b0/0x360 net/ipv6/ndisc.c:1707
 [<ffffffff81137e69>] notifier_call_chain+0xb9/0x1e0 kernel/notifier.c:93
 [<ffffffff81137ffe>] __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 [<ffffffff81137ffe>] raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:401
 [<ffffffff822274e6>] call_netdevice_notifiers_info+0x56/0x70 net/core/dev.c:1643
 [<ffffffff822486f8>] call_netdevice_notifiers net/core/dev.c:1659 [inline]
 [<ffffffff822486f8>] __dev_notify_flags+0x1a8/0x270 net/core/dev.c:6086
 [<ffffffff82249867>] dev_change_flags+0xf7/0x140 net/core/dev.c:6117
 [<ffffffff824a3ec0>] devinet_ioctl+0xf30/0x15e0 net/ipv4/devinet.c:1052
 [<ffffffff824aa48b>] inet_ioctl+0x10b/0x1a0 net/ipv4/af_inet.c:893
 [<ffffffff821d39aa>] sock_do_ioctl+0x6a/0xb0 net/socket.c:896
 [<ffffffff821d43ac>] sock_ioctl+0x24c/0x3d0 net/socket.c:982
 [<ffffffff814d23f7>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff814d23f7>] file_ioctl fs/ioctl.c:470 [inline]
 [<ffffffff814d23f7>] do_vfs_ioctl+0x6e7/0xfa0 fs/ioctl.c:605
 [<ffffffff814d2d3f>] SYSC_ioctl fs/ioctl.c:622 [inline]
 [<ffffffff814d2d3f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
binder: 6592:6594 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 6592:6594 Acquire 1 refcount change on invalid ref 0 ret -22
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
binder: 6626:6628 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 6626:6628 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 6642:6643 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 6642:6643 Acquire 1 refcount change on invalid ref 0 ret -22
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
binder: 6712:6713 ioctl c0306201 0 returned -14
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
binder: 6723:6730 ioctl c0306201 0 returned -14
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
binder: 6739:6740 ioctl c0306201 0 returned -14
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
binder: 6797:6803 Acquire 1 refcount change on invalid ref 0 ret -22