=============================
WARNING: suspicious RCU usage
4.19.84 #0 Not tainted
-----------------------------
include/linux/radix-tree.h:241 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.3/8514:
 #0: 00000000c822eee2 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:747 [inline]
 #0: 00000000c822eee2 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_add_seals mm/memfd.c:199 [inline]
 #0: 00000000c822eee2 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_fcntl+0x235/0x1750 mm/memfd.c:249
 #1: 00000000c033a567 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline]
 #1: 00000000c033a567 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_tag_pins mm/memfd.c:42 [inline]
 #1: 00000000c033a567 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_wait_for_pins mm/memfd.c:83 [inline]
 #1: 00000000c033a567 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_add_seals mm/memfd.c:217 [inline]
 #1: 00000000c033a567 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_fcntl+0x4bc/0x1750 mm/memfd.c:249

stack backtrace:
CPU: 1 PID: 8514 Comm: syz-executor.3 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4539
 radix_tree_deref_slot include/linux/radix-tree.h:241 [inline]
 radix_tree_deref_slot include/linux/radix-tree.h:239 [inline]
 memfd_tag_pins mm/memfd.c:44 [inline]
 memfd_wait_for_pins mm/memfd.c:83 [inline]
 memfd_add_seals mm/memfd.c:217 [inline]
 memfd_fcntl+0xfdf/0x1750 mm/memfd.c:249
 do_fcntl+0x200/0x1020 fs/fcntl.c:421
 __do_sys_fcntl fs/fcntl.c:463 [inline]
 __se_sys_fcntl fs/fcntl.c:448 [inline]
 __x64_sys_fcntl+0x16d/0x1e0 fs/fcntl.c:448
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4e2159fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639
RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e215a06d4
R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff
EXT4-fs warning (device sda1): verify_group_input:123: Last group not full
XFS (loop3): invalid logbufsize: 5 [not 16k,32k,64k,128k or 256k]
XFS (loop3): invalid logbufsize: 5 [not 16k,32k,64k,128k or 256k]
audit: type=1400 audit(1574101019.273:70): avc:  denied  { setopt } for  pid=8659 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574101019.303:71): avc:  denied  { ioctl } for  pid=8659 comm="syz-executor.3" path="socket:[32222]" dev="sockfs" ino=32222 ioctlcmd=0x89e0 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
net_ratelimit: 12 callbacks suppressed
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
device lo entered promiscuous mode
Y�4��`Ҙ: renamed from lo
validate_nla: 29 callbacks suppressed
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
device nr0
 entered promiscuous mode
EXT4-fs warning (device sda1): ext4_group_add:1644: No reserved GDT blocks, can't resize
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
device nr0
 entered promiscuous mode
audit: type=1400 audit(1574101021.503:72): avc:  denied  { map } for  pid=8783 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
EXT4-fs warning (device sda1): ext4_group_add:1644: No reserved GDT blocks, can't resize
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
selinux_nlmsg_perm: 25 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8872 comm=syz-executor.0
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 184 bytes leftover after parsing attributes in process `syz-executor.0'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
IPVS: ftp: loaded support on port[0] = 21
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8884 comm=syz-executor.0
netlink: 184 bytes leftover after parsing attributes in process `syz-executor.0'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
IPVS: ftp: loaded support on port[0] = 21
usb usb2: usbfs: process 8938 (syz-executor.2) did not claim interface 0 before use
usb usb2: usbfs: process 8945 (syz-executor.2) did not claim interface 0 before use
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
erofs: read_super, device -> /dev/loop1
erofs: options -> 
erofs: cannot find valid erofs superblock
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
net_ratelimit: 11 callbacks suppressed
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
netlink: 96 bytes leftover after parsing attributes in process `syz-executor.2'.
CPU: 0 PID: 9036 Comm: syz-executor.3 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1557
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 __do_kmalloc mm/slab.c:3725 [inline]
 __kmalloc+0x2e2/0x750 mm/slab.c:3736
 kmalloc include/linux/slab.h:520 [inline]
 __do_sys_memfd_create mm/memfd.c:295 [inline]
 __se_sys_memfd_create mm/memfd.c:268 [inline]
 __x64_sys_memfd_create+0x13c/0x470 mm/memfd.c:268
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4e2159fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045a639
RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bf6d2
RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e215a06d4
R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
mmap: syz-executor.1 (9048) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
netlink: 96 bytes leftover after parsing attributes in process `syz-executor.2'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
validate_nla: 32 callbacks suppressed
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
CPU: 0 PID: 9071 Comm: syz-executor.3 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1557
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x2ae/0x700 mm/slab.c:3557
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
 shmem_alloc_inode+0x1c/0x50 mm/shmem.c:3595
 alloc_inode+0x64/0x190 fs/inode.c:210
 new_inode_pseudo+0x19/0xf0 fs/inode.c:903
 new_inode+0x1f/0x40 fs/inode.c:932
 shmem_get_inode+0x84/0x780 mm/shmem.c:2192
 __shmem_file_setup.part.0+0x7e/0x2b0 mm/shmem.c:3951
 __shmem_file_setup mm/shmem.c:3945 [inline]
 shmem_file_setup+0x66/0x90 mm/shmem.c:3992
 __do_sys_memfd_create mm/memfd.c:325 [inline]
 __se_sys_memfd_create mm/memfd.c:268 [inline]
 __x64_sys_memfd_create+0x2a2/0x470 mm/memfd.c:268
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4e2159fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045a639
RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bf6d2
RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e215a06d4
R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
CPU: 1 PID: 9094 Comm: syz-executor.3 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1557
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x2ae/0x700 mm/slab.c:3557
 kmem_cache_zalloc include/linux/slab.h:699 [inline]
 inode_alloc_security security/selinux/hooks.c:255 [inline]
 selinux_inode_alloc_security+0xb6/0x2a0 security/selinux/hooks.c:3007
 security_inode_alloc+0x8a/0xd0 security/security.c:448
 inode_init_always+0x56e/0xb40 fs/inode.c:168
 alloc_inode+0x81/0x190 fs/inode.c:217
 new_inode_pseudo+0x19/0xf0 fs/inode.c:903
 new_inode+0x1f/0x40 fs/inode.c:932
 shmem_get_inode+0x84/0x780 mm/shmem.c:2192
 __shmem_file_setup.part.0+0x7e/0x2b0 mm/shmem.c:3951
 __shmem_file_setup mm/shmem.c:3945 [inline]
 shmem_file_setup+0x66/0x90 mm/shmem.c:3992
 __do_sys_memfd_create mm/memfd.c:325 [inline]
 __se_sys_memfd_create mm/memfd.c:268 [inline]
 __x64_sys_memfd_create+0x2a2/0x470 mm/memfd.c:268
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4e2159fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045a639
RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bf6d2
RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e215a06d4
R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
CPU: 1 PID: 9142 Comm: syz-executor.3 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1557
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x2ae/0x700 mm/slab.c:3557
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
 __d_alloc+0x2e/0x9c0 fs/dcache.c:1610
 d_alloc_pseudo+0x1e/0x70 fs/dcache.c:1741
 alloc_file_pseudo+0xe2/0x280 fs/file_table.c:224
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
 __shmem_file_setup.part.0+0x108/0x2b0 mm/shmem.c:3962
 __shmem_file_setup mm/shmem.c:3945 [inline]
 shmem_file_setup+0x66/0x90 mm/shmem.c:3992
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
 __do_sys_memfd_create mm/memfd.c:325 [inline]
 __se_sys_memfd_create mm/memfd.c:268 [inline]
 __x64_sys_memfd_create+0x2a2/0x470 mm/memfd.c:268
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639