===============================
[ INFO: suspicious RCU usage. ]
4.9.168+ #39 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1470 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
5 locks held by syz-executor.5/5540:
 #0:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<000000000ed9278e>] spin_lock include/linux/spinlock.h:302 [inline]
 #0:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<000000000ed9278e>] zap_pte_range mm/memory.c:1116 [inline]
 #0:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<000000000ed9278e>] zap_pmd_range mm/memory.c:1249 [inline]
 #0:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<000000000ed9278e>] zap_pud_range mm/memory.c:1270 [inline]
 #0:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<000000000ed9278e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291
 #1:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<00000000b3af69a0>] lockdep_copy_map include/linux/lockdep.h:165 [inline]
 #1:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<00000000b3af69a0>] call_timer_fn+0xde/0x6d0 kernel/time/timer.c:1309
 #2:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<0000000014cc28db>] spin_lock_bh include/linux/spinlock.h:307 [inline]
 #2:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<0000000014cc28db>] fib6_run_gc+0xa2/0x2e0 net/ipv6/ip6_fib.c:1816
 #3:  (rcu_read_lock){......}, at: [<0000000074b1260b>] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:1703
 #4:  (&tb->tb6_lock){++--..}, at: [<0000000031397988>] __fib6_clean_all+0xe3/0x230 net/ipv6/ip6_fib.c:1717

stack backtrace:
CPU: 1 PID: 5540 Comm: syz-executor.5 Not tainted 4.9.168+ #39
 ffff8801db707890 ffffffff81b4f5d1 ffff8801a8910fc0 0000000000000000
 0000000000000002 00000000000005be ffff8801c9eb4740 ffff8801db7078c0
 ffffffff81400d99 ffff8801db707ae0 dffffc0000000000 00000000ffffffff
Call Trace:
 <IRQ> [ 2386.099420]  [<00000000ebb59ba7>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ> [ 2386.099420]  [<00000000ebb59ba7>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<0000000031604898>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458
 [<00000000daafc564>] fib6_del+0x81f/0xb20 net/ipv6/ip6_fib.c:1470
 [<0000000072c21450>] fib6_clean_node+0x29c/0x4d0 net/ipv6/ip6_fib.c:1657
 [<000000005cdbd22c>] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1583
 [<000000001ffe36c8>] fib6_walk+0x9d/0xf0 net/ipv6/ip6_fib.c:1628
 [<000000005a436846>] fib6_clean_tree+0xe7/0x120 net/ipv6/ip6_fib.c:1702
 [<000000001751ec2a>] __fib6_clean_all+0xfb/0x230 net/ipv6/ip6_fib.c:1718
 [<00000000a387ac7e>] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline]
 [<00000000a387ac7e>] fib6_run_gc+0x124/0x2e0 net/ipv6/ip6_fib.c:1826
 [<00000000b379ecd9>] fib6_gc_timer_cb+0x1d/0x30 net/ipv6/ip6_fib.c:1841
 [<00000000ee56cde3>] call_timer_fn+0x167/0x6d0 kernel/time/timer.c:1319
 [<00000000d37a8f1b>] expire_timers+0x25b/0x5c0 kernel/time/timer.c:1359
 [<0000000041ab37db>] __run_timers kernel/time/timer.c:1674 [inline]
 [<0000000041ab37db>] run_timer_softirq+0x1ff/0x620 kernel/time/timer.c:1687
 [<0000000029ecc1c8>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
 [<00000000e0f049aa>] invoke_softirq kernel/softirq.c:368 [inline]
 [<00000000e0f049aa>] irq_exit+0x119/0x160 kernel/softirq.c:409
 [<00000000875eeb2a>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
 [<00000000875eeb2a>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:962
 [<0000000096435ab4>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? constant_test_bit arch/x86/include/asm/bitops.h:311 [inline]
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? PageCompound include/linux/page-flags.h:159 [inline]
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? page_mapcount include/linux/mm.h:535 [inline]
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? zap_pte_range mm/memory.c:1163 [inline]
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? zap_pmd_range mm/memory.c:1249 [inline]
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? zap_pud_range mm/memory.c:1270 [inline]
 <EOI> [ 2386.384503]  [<00000000c74c6a1a>] ? unmap_page_range+0xd15/0x1690 mm/memory.c:1291
 [<00000000c74c6a1a>] constant_test_bit arch/x86/include/asm/bitops.h:311 [inline]
 [<00000000c74c6a1a>] PageCompound include/linux/page-flags.h:159 [inline]
 [<00000000c74c6a1a>] page_mapcount include/linux/mm.h:535 [inline]
 [<00000000c74c6a1a>] zap_pte_range mm/memory.c:1163 [inline]
 [<00000000c74c6a1a>] zap_pmd_range mm/memory.c:1249 [inline]
 [<00000000c74c6a1a>] zap_pud_range mm/memory.c:1270 [inline]
 [<00000000c74c6a1a>] unmap_page_range+0xd15/0x1690 mm/memory.c:1291
 [<000000008c8ee308>] unmap_single_vma+0x124/0x180 mm/memory.c:1336
 [<00000000f8105954>] unmap_vmas+0x48/0xa0 mm/memory.c:1366
 [<000000006adc6f5b>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3020
 [<0000000029f8521f>] __mmput kernel/fork.c:884 [inline]
 [<0000000029f8521f>] mmput kernel/fork.c:906 [inline]
 [<0000000029f8521f>] mmput+0xd5/0x370 kernel/fork.c:901
 [<00000000a5f023d4>] exit_mm kernel/exit.c:514 [inline]
 [<00000000a5f023d4>] do_exit+0x6ca/0x2aa0 kernel/exit.c:828
 [<0000000060f7e0a4>] do_group_exit+0x111/0x300 kernel/exit.c:945
 [<00000000677e45e3>] get_signal+0x348/0x1aa0 kernel/signal.c:2380
 [<000000008ac574e8>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:807
 [<00000000929acebb>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:158
 [<000000000781632a>] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 [<000000000781632a>] syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
 [<000000000781632a>] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
 [<0000000019c42014>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb