============================= WARNING: suspicious RCU usage 4.14.154 #0 Not tainted ----------------------------- include/linux/radix-tree.h:238 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.2/14613: #0: (&sb->s_type->i_mutex_key#12){+.+.}, at: [] inode_lock include/linux/fs.h:718 [inline] #0: (&sb->s_type->i_mutex_key#12){+.+.}, at: [] shmem_add_seals+0x15e/0x1060 mm/shmem.c:2810 #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] spin_lock_irq include/linux/spinlock.h:342 [inline] #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] shmem_tag_pins mm/shmem.c:2665 [inline] #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] shmem_wait_for_pins mm/shmem.c:2706 [inline] #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] shmem_add_seals+0x334/0x1060 mm/shmem.c:2822 stack backtrace: CPU: 1 PID: 14613 Comm: syz-executor.2 Not tainted 4.14.154 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4665 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] radix_tree_deref_slot include/linux/radix-tree.h:236 [inline] shmem_tag_pins mm/shmem.c:2667 [inline] shmem_wait_for_pins mm/shmem.c:2706 [inline] shmem_add_seals+0x9e0/0x1060 mm/shmem.c:2822 shmem_fcntl+0xf7/0x130 mm/shmem.c:2857 do_fcntl+0x190/0xe10 fs/fcntl.c:421 SYSC_fcntl fs/fcntl.c:463 [inline] SyS_fcntl+0xd5/0x110 fs/fcntl.c:448 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a639 RSP: 002b:00007ff4a1bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff4a1bdf6d4 R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. selinux_nlmsg_perm: 50 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14713 comm=syz-executor.0 netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. net_ratelimit: 14 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 dccp_close: ABORT with 1061 bytes unread dccp_close: ABORT with 1062 bytes unread net_ratelimit: 19 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1