SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
===============================
[ INFO: suspicious RCU usage. ]
4.4.174+ #4 Not tainted
-------------------------------
net/ipv6/ip6_fib.c:1465 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
4 locks held by syz-executor.1/24940:
 #0:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff8125822e>] lockdep_copy_map include/linux/lockdep.h:165 [inline]
 #0:  (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [<ffffffff8125822e>] call_timer_fn+0xde/0x850 kernel/time/timer.c:1175
 #1:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa33a>] spin_lock_bh include/linux/spinlock.h:307 [inline]
 #1:  (fib6_gc_lock){+.-...}, at: [<ffffffff825fa33a>] fib6_run_gc+0x3a/0x230 net/ipv6/ip6_fib.c:1811
 #2:  (rcu_read_lock){......}, at: [<ffffffff825f1ee0>] __fib6_clean_all+0x0/0x240 net/ipv6/ip6_fib.c:1698
 #3:  (&tb->tb6_lock){++--..}, at: [<ffffffff825f1fc8>] __fib6_clean_all+0xe8/0x240 net/ipv6/ip6_fib.c:1712

stack backtrace:
CPU: 0 PID: 24940 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 5c7ee7dd65cd9607 ffff8801db607940 ffffffff81aad1a1
 ffff880097f55880 0000000000000000 0000000000000001 00000000000005b9
 ffff8800b5cb4740 ffff8801db607970 ffffffff813ab7d6 ffff8801db607b90
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ab7d6>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4305
 [<ffffffff825f9ada>] fib6_del+0x7ea/0xae0 net/ipv6/ip6_fib.c:1465
 [<ffffffff825fa06c>] fib6_clean_node+0x29c/0x500 net/ipv6/ip6_fib.c:1652
 [<ffffffff825f1830>] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1578
 [<ffffffff825f1d71>] fib6_walk+0x91/0xe0 net/ipv6/ip6_fib.c:1623
 [<ffffffff825f1ea8>] fib6_clean_tree+0xe8/0x120 net/ipv6/ip6_fib.c:1697
 [<ffffffff825f1fe0>] __fib6_clean_all+0x100/0x240 net/ipv6/ip6_fib.c:1713
 [<ffffffff825fa3af>] fib6_clean_all net/ipv6/ip6_fib.c:1724 [inline]
 [<ffffffff825fa3af>] fib6_run_gc+0xaf/0x230 net/ipv6/ip6_fib.c:1821
 [<ffffffff825fa54d>] fib6_gc_timer_cb+0x1d/0x30 net/ipv6/ip6_fib.c:1836
 [<ffffffff812582dd>] call_timer_fn+0x18d/0x850 kernel/time/timer.c:1185
 [<ffffffff81258ebf>] __run_timers kernel/time/timer.c:1261 [inline]
 [<ffffffff81258ebf>] run_timer_softirq+0x51f/0xb70 kernel/time/timer.c:1444
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b24e>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b24e>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:926
 [<ffffffff8271a59d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:768
 <EOI>  [<ffffffff8112f548>] ? __kernel_text_address+0x68/0xa0 kernel/extable.c:103
 [<ffffffff81013549>] print_context_stack+0x59/0xd0 arch/x86/kernel/dumpstack.c:107
 [<ffffffff81012bb9>] dump_trace+0x179/0x390 arch/x86/kernel/dumpstack_64.c:243
 [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63
 [<ffffffff81483f22>] save_stack mm/kasan/kasan.c:512 [inline]
 [<ffffffff81483f22>] set_track mm/kasan/kasan.c:524 [inline]
 [<ffffffff81483f22>] kasan_kmalloc.part.0+0x62/0xf0 mm/kasan/kasan.c:616
 [<ffffffff81484197>] kasan_kmalloc+0xb7/0xd0 mm/kasan/kasan.c:601
 [<ffffffff8148475f>] kasan_slab_alloc+0xf/0x20 mm/kasan/kasan.c:554
 [<ffffffff81483505>] slab_post_alloc_hook mm/slub.c:1349 [inline]
 [<ffffffff81483505>] slab_alloc_node mm/slub.c:2615 [inline]
 [<ffffffff81483505>] slab_alloc mm/slub.c:2623 [inline]
 [<ffffffff81483505>] __kmalloc_track_caller+0xf5/0x2e0 mm/slub.c:4153
 [<ffffffff821f79a3>] __kmalloc_reserve.isra.0+0x33/0xc0 net/core/skbuff.c:137
 [<ffffffff821f7b50>] __alloc_skb+0x120/0x5d0 net/core/skbuff.c:230
 [<ffffffff821fe090>] alloc_skb include/linux/skbuff.h:820 [inline]
 [<ffffffff821fe090>] alloc_skb_with_frags+0xb0/0x4f0 net/core/skbuff.c:4540
 [<ffffffff821e2dc0>] sock_alloc_send_pskb+0x640/0x7d0 net/core/sock.c:1886
 [<ffffffff821e2f82>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:1903
 [<ffffffff823cabfa>] __ip_append_data.isra.0+0x1b4a/0x2a20 net/ipv4/ip_output.c:996
 [<ffffffff823d32ff>] ip_make_skb+0x1bf/0x210 net/ipv4/ip_output.c:1520
 [<ffffffff8247fb72>] udp_sendmsg+0x16a2/0x1c60 net/ipv4/udp.c:1067
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d9e69>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975
 [<ffffffff821dd2e0>] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060
 [<ffffffff821dd4c5>] SYSC_sendmmsg net/socket.c:2090 [inline]
 [<ffffffff821dd4c5>] SyS_sendmmsg+0x35/0x60 net/socket.c:2085
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
audit_printk_skb: 12 callbacks suppressed
audit: type=1400 audit(1554628129.227:1433): avc:  denied  { create } for  pid=24960 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
uinput: write device info first
uinput: write device info first
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)
SELinux: ebitmap: map size 0 does not match my size 64 (high bit was -570425344)