============================= WARNING: suspicious RCU usage 4.14.103+ #20 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1590 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor.1/22421: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x330/0xb40 net/core/rtnetlink.c:4280 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: [] spin_trylock_bh include/linux/spinlock.h:377 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: [] fib6_run_gc+0x1ff/0x2a0 net/ipv6/ip6_fib.c:1939 #2: (rcu_read_lock){....}, at: [] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:1823 #3: (&tb->tb6_lock){++.-}, at: [] __fib6_clean_all+0xde/0x230 net/ipv6/ip6_fib.c:1837 stack backtrace: CPU: 1 PID: 22421 Comm: syz-executor.1 Not tainted 4.14.103+ #20 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 fib6_del+0x8c2/0xbe0 net/ipv6/ip6_fib.c:1590 fib6_clean_node+0x270/0x440 net/ipv6/ip6_fib.c:1777 fib6_walk_continue+0x3a5/0x5f0 net/ipv6/ip6_fib.c:1703 fib6_walk+0x8d/0xe0 net/ipv6/ip6_fib.c:1748 fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:1822 __fib6_clean_all+0xf5/0x230 net/ipv6/ip6_fib.c:1838 fib6_clean_all net/ipv6/ip6_fib.c:1849 [inline] fib6_run_gc+0x104/0x2a0 net/ipv6/ip6_fib.c:1947 ndisc_netdev_event+0x91/0x3d0 net/ipv6/ndisc.c:1761 notifier_call_chain+0x10c/0x1a0 kernel/notifier.c:93 tty_warn_deprecated_flags: 'syz-executor.4' is using deprecated serial flags (with no effect): 00000200 tty_warn_deprecated_flags: 'syz-executor.4' is using deprecated serial flags (with no effect): 00000200 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. selinux_nlmsg_perm: 7 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22491 comm=syz-executor.3 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. keychord: Insufficient bytes present for keycount 14 keychord: Insufficient bytes present for keycount 14 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1400 audit(2000000010.200:387): avc: denied { create } for pid=22795 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(2000000010.210:388): avc: denied { write } for pid=22795 comm="syz-executor.3" path="socket:[53485]" dev="sockfs" ino=53485 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(2000000012.160:389): avc: denied { map } for pid=22836 comm="syz-executor.3" path="socket:[53549]" dev="sockfs" ino=53549 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1