=============================== [ INFO: suspicious RCU usage. ] 4.9.73-gf3f3457 #1 Not tainted ------------------------------- net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 5 locks held by syzkaller123889/3341: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x12b/0x1b0 mm/util.c:303 #1: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] lockdep_copy_map include/linux/lockdep.h:165 [inline] #1: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] call_timer_fn+0xe4/0x700 kernel/time/timer.c:1311 #2: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [] spin_lock_bh include/linux/spinlock.h:307 [inline] #2: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [] fib6_run_gc+0xa5/0x2c0 net/ipv6/ip6_fib.c:1816 #3: (rcu_read_lock){......}, at: [] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:740 #4: (&tb->tb6_lock){++-...}, at: [] __fib6_clean_all+0xe0/0x230 net/ipv6/ip6_fib.c:1717 stack backtrace: CPU: 0 PID: 3341 Comm: syzkaller123889 Not tainted 4.9.73-gf3f3457 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801db207900 ffffffff81d922b9 ffff8801c8284800 0000000000000000 0000000000000002 ffffffff83f4ae40 ffffed003b640f70 ffff8801db207930 ffffffff81236529 ffff8801d06d0700 ffff8801d06d0700 dffffc0000000000 Call Trace: [ 71.036090] [] __dump_stack lib/dump_stack.c:15 [inline] [ 71.036090] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4455 [] fib6_del+0x6ab/0xa30 net/ipv6/ip6_fib.c:1470 [] fib6_clean_node+0x336/0x4a0 net/ipv6/ip6_fib.c:1657 [] fib6_walk_continue+0x39b/0x620 net/ipv6/ip6_fib.c:1583 [] fib6_walk+0xd9/0x150 net/ipv6/ip6_fib.c:1628 [] fib6_clean_tree+0xe5/0x130 net/ipv6/ip6_fib.c:1702 [] __fib6_clean_all+0xf9/0x230 net/ipv6/ip6_fib.c:1718 [] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline] [] fib6_run_gc+0x117/0x2c0 net/ipv6/ip6_fib.c:1826 [] fib6_gc_timer_cb+0x1c/0x20 net/ipv6/ip6_fib.c:1841 [] call_timer_fn+0x164/0x700 kernel/time/timer.c:1321 [] expire_timers kernel/time/timer.c:1361 [inline] [] __run_timers kernel/time/timer.c:1660 [inline] [] run_timer_softirq+0x6a2/0x1660 kernel/time/timer.c:1686 [] __do_softirq+0x206/0x951 kernel/softirq.c:284 [] invoke_softirq kernel/softirq.c:364 [inline] [] irq_exit+0x165/0x190 kernel/softirq.c:405 [] exiting_irq arch/x86/include/asm/apic.h:659 [inline] [] smp_apic_timer_interrupt+0x7b/0xa0 arch/x86/kernel/apic/apic.c:960 [] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:704 [ 71.271115] [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:767 [inline] [ 71.271115] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [ 71.271115] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] __debug_check_no_obj_freed lib/debugobjects.c:730 [inline] [] debug_check_no_obj_freed+0x2c2/0xa10 lib/debugobjects.c:746 [] free_pages_prepare mm/page_alloc.c:1061 [inline] [] __free_pages_ok+0x1e5/0x16c0 mm/page_alloc.c:1263 [] free_compound_page+0x5e/0x70 mm/page_alloc.c:594 [] free_transhuge_page+0x99/0xc0 mm/huge_memory.c:2228 [] __put_compound_page+0x87/0xb0 mm/swap.c:94 [] release_pages+0x2e4/0x930 mm/swap.c:763 [] free_pages_and_swap_cache+0x113/0x160 mm/swap_state.c:273 [] tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:259 [] tlb_flush_mmu mm/memory.c:268 [inline] [] tlb_finish_mmu+0x23/0xa0 mm/memory.c:279 [] unmap_region+0x29e/0x3a0 mm/mmap.c:2506 [] do_munmap+0x721/0xeb0 mm/mmap.c:2702 [] mmap_region+0x14d/0xfd0 mm/mmap.c:1635 [] do_mmap+0x57b/0xbe0 mm/mmap.c:1473 [] do_mmap_pgoff include/linux/mm.h:2019 [inline] [] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 [] SYSC_mmap_pgoff mm/mmap.c:1523 [inline] [] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [] entry_SYSCALL_64_fastpath+0x23/0xc6