===============================
[ INFO: suspicious RCU usage. ]
4.9.141+ #1 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
4 locks held by syz-executor.4/20620:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 #1:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<ffffffff826ef796>] spin_trylock_bh include/linux/spinlock.h:367 [inline]
 #1:  (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [<ffffffff826ef796>] fib6_run_gc+0x226/0x2c0 net/ipv6/ip6_fib.c:1817
 #2:  (rcu_read_lock){......}, at: [<ffffffff826e6c70>] __fib6_clean_all+0x0/0x220 net/ipv6/ip6_fib.c:1703
 #3:  (&tb->tb6_lock){++--..}, at: [<ffffffff826e6d50>] __fib6_clean_all+0xe0/0x220 net/ipv6/ip6_fib.c:1717

stack backtrace:
CPU: 0 PID: 20620 Comm: syz-executor.4 Not tainted 4.9.141+ #1
 ffff88018df2f560 ffffffff81b42e79 ffff8801a9fb97c0 0000000000000000
 0000000000000002 ffffffff82cc2480 ffffed0031be5efa ffff88018df2f590
 ffffffff813fe948 ffff8801c6082700 ffff88018df2f780 ffff8801c6082700
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff813fe948>] lockdep_rcu_suspicious.cold.32+0x110/0x141 kernel/locking/lockdep.c:4455
 [<ffffffff826eed80>] fib6_del+0x810/0xb10 net/ipv6/ip6_fib.c:1470
 [<ffffffff826ef2a0>] fib6_clean_node+0x220/0x4c0 net/ipv6/ip6_fib.c:1657
 [<ffffffff826e6545>] fib6_walk_continue+0x3e5/0x640 net/ipv6/ip6_fib.c:1583
 [<ffffffff826e6b01>] fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1628
 [<ffffffff826e6c33>] fib6_clean_tree+0xd3/0x110 net/ipv6/ip6_fib.c:1702
 [<ffffffff826e6d69>] __fib6_clean_all+0xf9/0x220 net/ipv6/ip6_fib.c:1718
 [<ffffffff826ef687>] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline]
 [<ffffffff826ef687>] fib6_run_gc+0x117/0x2c0 net/ipv6/ip6_fib.c:1826
 [<ffffffff826fa99c>] ndisc_netdev_event+0x2ac/0x350 net/ipv6/ndisc.c:1750
 [<ffffffff811478d4>] notifier_call_chain+0xb4/0x1d0 kernel/notifier.c:93
 [<ffffffff81147a5d>] __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 [<ffffffff81147a5d>] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
 [<ffffffff822f4a45>] call_netdevice_notifiers_info+0x55/0x70 net/core/dev.c:1647
 [<ffffffff82317fdd>] call_netdevice_notifiers net/core/dev.c:1663 [inline]
 [<ffffffff82317fdd>] __dev_notify_flags+0x19d/0x270 net/core/dev.c:6541
 [<ffffffff82319123>] dev_change_flags+0xf3/0x140 net/core/dev.c:6572
 [<ffffffff8258e871>] devinet_ioctl+0x9d1/0x15d0 net/ipv4/devinet.c:1052
 [<ffffffff82596cbe>] inet_ioctl+0x11e/0x1d0 net/ipv4/af_inet.c:908
 [<ffffffff8229c00a>] sock_do_ioctl+0x6a/0xb0 net/socket.c:905
 [<ffffffff8229cabd>] sock_ioctl+0x32d/0x3c0 net/socket.c:991
 [<ffffffff81546dec>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff81546dec>] file_ioctl fs/ioctl.c:493 [inline]
 [<ffffffff81546dec>] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677
 [<ffffffff81547e6f>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<ffffffff81547e6f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
device lo entered promiscuous mode
device lo left promiscuous mode
audit_printk_skb: 1320 callbacks suppressed
audit: type=1400 audit(1554645145.073:38246): avc:  denied  { dac_override } for  pid=20656 comm="syz-executor.5" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.073:38247): avc:  denied  { dac_override } for  pid=20676 comm="syz-executor.1" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.083:38248): avc:  denied  { sys_admin } for  pid=13924 comm="syz-executor.0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.083:38249): avc:  denied  { net_admin } for  pid=13924 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.093:38250): avc:  denied  { dac_override } for  pid=20674 comm="syz-executor.4" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.103:38252): avc:  denied  { net_admin } for  pid=20676 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex
PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex
audit: type=1400 audit(1554645145.103:38251): avc:  denied  { dac_override } for  pid=20674 comm="syz-executor.4" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.123:38253): avc:  denied  { sys_admin } for  pid=2110 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.123:38254): avc:  denied  { dac_override } for  pid=2110 comm="syz-executor.1" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645145.123:38255): avc:  denied  { dac_override } for  pid=2110 comm="syz-executor.1" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
binder: 20704:20705 unknown command 2054482427
binder: 20704:20705 ioctl c0306201 20008fd0 returned -22
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
binder: 20723:20730 ioctl c018620c 200000c0 returned -1
binder: 20723:20736 ioctl c018620c 200000c0 returned -1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=20842 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14392 sclass=netlink_route_socket pig=20858 comm=syz-executor.1
input: syz1 as /devices/virtual/input/input75
input: syz1 as /devices/virtual/input/input76
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
audit_printk_skb: 1800 callbacks suppressed
audit: type=1400 audit(1554645150.313:38856): avc:  denied  { sys_admin } for  pid=13924 comm="syz-executor.0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645150.323:38857): avc:  denied  { dac_override } for  pid=20979 comm="syz-executor.1" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645150.323:38858): avc:  denied  { dac_override } for  pid=20979 comm="syz-executor.1" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645150.363:38859): avc:  denied  { dac_override } for  pid=20979 comm="syz-executor.1" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645150.363:38860): avc:  denied  { create } for  pid=20976 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1554645150.363:38861): avc:  denied  { write } for  pid=20976 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1554645150.363:38862): avc:  denied  { create } for  pid=20977 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1554645150.363:38863): avc:  denied  { net_admin } for  pid=20979 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645150.373:38864): avc:  denied  { net_admin } for  pid=20979 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1554645150.383:38865): avc:  denied  { sys_admin } for  pid=2119 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21039 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21051 comm=syz-executor.0
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
binder: BINDER_SET_CONTEXT_MGR already set
binder: 21121:21122 ioctl 40046207 0 returned -16
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
binder: 21130:21137 unknown command 11532
binder: 21130:21137 ioctl c0306201 200001c0 returned -22
binder: 21130:21137 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 21130:21137 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: 21130:21137 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
binder: 21130:21137 ioctl c0306201 20008fd0 returned -14
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1