input: syz1 as /devices/virtual/input/input53
===============================
[ INFO: suspicious RCU usage. ]
4.4.174+ #4 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1465 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
4 locks held by syz-executor.1/13125:
 #0:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff8125822e>] lockdep_copy_map include/linux/lockdep.h:165 [inline]
 #0:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff8125822e>] call_timer_fn+0xde/0x850 kernel/time/timer.c:1175
 #1:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa33a>] spin_lock_bh include/linux/spinlock.h:307 [inline]
 #1:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa33a>] fib6_run_gc+0x3a/0x230 net/ipv6/ip6_fib.c:1811
 #2:  (rcu_read_lock){......}, at: [<ffffffff825f1ee0>] __fib6_clean_all+0x0/0x240 net/ipv6/ip6_fib.c:1698
 #3:  (&tb->tb6_lock){++--..}, at: [<ffffffff825f1fc8>] __fib6_clean_all+0xe8/0x240 net/ipv6/ip6_fib.c:1712

stack backtrace:
CPU: 1 PID: 13125 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 e36ebe0803ebef16 ffff8801db707940 ffffffff81aad1a1
 ffff8801d1a95180 0000000000000000 0000000000000001 00000000000005b9
 ffff8800a2cb2f80 ffff8801db707970 ffffffff813ab7d6 ffff8801db707b90
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ab7d6>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305
 [<ffffffff825f9ada>] fib6_del+0x7ea/0xae0 net/ipv6/ip6_fib.c:1465
 [<ffffffff825fa06c>] fib6_clean_node+0x29c/0x500 net/ipv6/ip6_fib.c:1652
 [<ffffffff825f1830>] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1578
 [<ffffffff825f1d71>] fib6_walk+0x91/0xe0 net/ipv6/ip6_fib.c:1623
 [<ffffffff825f1ea8>] fib6_clean_tree+0xe8/0x120 net/ipv6/ip6_fib.c:1697
 [<ffffffff825f1fe0>] __fib6_clean_all+0x100/0x240 net/ipv6/ip6_fib.c:1713
 [<ffffffff825fa3af>] fib6_clean_all net/ipv6/ip6_fib.c:1724 [inline]
 [<ffffffff825fa3af>] fib6_run_gc+0xaf/0x230 net/ipv6/ip6_fib.c:1821
 [<ffffffff825fa54d>] fib6_gc_timer_cb+0x1d/0x30 net/ipv6/ip6_fib.c:1836
 [<ffffffff812582dd>] call_timer_fn+0x18d/0x850 kernel/time/timer.c:1185
 [<ffffffff81258ebf>] __run_timers kernel/time/timer.c:1261 [inline]
 [<ffffffff81258ebf>] run_timer_softirq+0x51f/0xb70 kernel/time/timer.c:1444
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b24e>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b24e>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:926
 [<ffffffff8271a59d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:768
 <EOI>  [<ffffffff8271806f>] ? arch_local_irq_enable arch/x86/include/asm/paravirt.h:822 [inline]
 <EOI>  [<ffffffff8271806f>] ? __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:170 [inline]
 <EOI>  [<ffffffff8271806f>] ? _raw_spin_unlock_irq+0x2f/0x60 kernel/locking/spinlock.c:199
 [<ffffffff81159431>] finish_lock_switch kernel/sched/sched.h:1179 [inline]
 [<ffffffff81159431>] finish_task_switch+0x1e1/0x660 kernel/sched/core.c:2678
 [<ffffffff82708233>] context_switch kernel/sched/core.c:2807 [inline]
 [<ffffffff82708233>] __schedule+0x7e3/0x1ee0 kernel/sched/core.c:3326
 [<ffffffff82709971>] preempt_schedule_common+0x41/0x70 kernel/sched/core.c:3396
 [<ffffffff827099c4>] preempt_schedule+0x24/0x30 kernel/sched/core.c:3421
 [<ffffffff810021b8>] ___preempt_schedule+0x12/0x14
 [<ffffffff823c545a>] local_bh_enable include/linux/bottom_half.h:31 [inline]
 [<ffffffff823c545a>] rcu_read_unlock_bh include/linux/rcupdate.h:957 [inline]
 [<ffffffff823c545a>] ip_finish_output2+0x6ea/0x1280 net/ipv4/ip_output.c:215
 [<ffffffff823cc6e2>] ip_finish_output+0x8b2/0xc60 net/ipv4/ip_output.c:288
 [<ffffffff823d04a7>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
 [<ffffffff823d04a7>] ip_output+0x227/0x4c0 net/ipv4/ip_output.c:362
 [<ffffffff823cd21c>] dst_output include/net/dst.h:498 [inline]
 [<ffffffff823cd21c>] ip_local_out+0x9c/0x180 net/ipv4/ip_output.c:119
 [<ffffffff823d300e>] ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1453
 [<ffffffff82478ded>] udp_send_skb+0x4fd/0xc70 net/ipv4/udp.c:842
 [<ffffffff8247fb9f>] udp_sendmsg+0x16cf/0x1c60 net/ipv4/udp.c:1072
 [<ffffffff826137a2>] udpv6_sendmsg+0x12f2/0x24f0 net/ipv6/udp.c:1173
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d9e69>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975
 [<ffffffff821dd2e0>] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060
 [<ffffffff821dd4c5>] SYSC_sendmmsg net/socket.c:2090 [inline]
 [<ffffffff821dd4c5>] SyS_sendmmsg+0x35/0x60 net/socket.c:2085
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
netlink: 57 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 57 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 57 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 57 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 57 bytes leftover after parsing attributes in process `syz-executor.4'.