============================= WARNING: suspicious RCU usage 4.14.91+ #3 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1590 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor0/13464: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x330/0xb40 net/core/rtnetlink.c:4280 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [] spin_trylock_bh include/linux/spinlock.h:377 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [] fib6_run_gc+0x1ff/0x2a0 net/ipv6/ip6_fib.c:1939 #2: (rcu_read_lock){....}, at: [] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:1823 #3: (&tb->tb6_lock){++--}, at: [] __fib6_clean_all+0xde/0x230 net/ipv6/ip6_fib.c:1837 stack backtrace: CPU: 0 PID: 13464 Comm: syz-executor0 Not tainted 4.14.91+ #3 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 fib6_del+0x8c2/0xbe0 net/ipv6/ip6_fib.c:1590 fib6_clean_node+0x270/0x440 net/ipv6/ip6_fib.c:1777 fib6_walk_continue+0x3a5/0x5f0 net/ipv6/ip6_fib.c:1703 fib6_walk+0x8d/0xe0 net/ipv6/ip6_fib.c:1748 fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:1822 __fib6_clean_all+0xf5/0x230 net/ipv6/ip6_fib.c:1838 fib6_clean_all net/ipv6/ip6_fib.c:1849 [inline] fib6_run_gc+0x104/0x2a0 net/ipv6/ip6_fib.c:1947 ndisc_netdev_event+0x32b/0x3d0 net/ipv6/ndisc.c:1779 notifier_call_chain+0x10c/0x1a0 kernel/notifier.c:93 binder_alloc: binder_alloc_mmap_handler: 13418 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 13418:13481 ioctl 40046207 0 returned -16 binder: 13418:13481 ERROR: BC_REGISTER_LOOPER called without request netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=13626 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=13626 comm=syz-executor1 EXT4-fs warning (device sda1): verify_group_input:123: Last group not full EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 4294967292 (only 16 groups) audit: type=1400 audit(2000000090.884:405): avc: denied { accept } for pid=13793 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000090.934:406): avc: denied { relabelto } for pid=13801 comm="syz-executor3" name="UNIX" dev="sockfs" ino=221814 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xen_device_t:s0 tclass=unix_stream_socket permissive=1 EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 4294967292 (only 16 groups) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13922 comm=syz-executor3 binder: BINDER_SET_CONTEXT_MGR already set binder: 13963:13967 ioctl 40046207 0 returned -16 binder: 13963:13967 ERROR: BC_REGISTER_LOOPER called without request binder: 13963:13967 unknown command -1 binder: 13963:13967 ioctl c0306201 20007000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 13963:14029 ioctl 40046207 0 returned -16 binder: 13963:13990 ERROR: BC_REGISTER_LOOPER called without request binder: 13963:14029 unknown command -1 binder: 13963:14029 ioctl c0306201 20007000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set