=============================
WARNING: suspicious RCU usage
4.19.84 #0 Not tainted
-----------------------------
include/linux/radix-tree.h:241 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.2/13307:
 #0: 0000000060c064ff (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:747 [inline]
 #0: 0000000060c064ff (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_add_seals mm/memfd.c:199 [inline]
 #0: 0000000060c064ff (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_fcntl+0x235/0x1750 mm/memfd.c:249
 #1: 00000000bafd6640 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline]
 #1: 00000000bafd6640 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_tag_pins mm/memfd.c:42 [inline]
 #1: 00000000bafd6640 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_wait_for_pins mm/memfd.c:83 [inline]
 #1: 00000000bafd6640 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_add_seals mm/memfd.c:217 [inline]
 #1: 00000000bafd6640 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_fcntl+0x4bc/0x1750 mm/memfd.c:249

stack backtrace:
CPU: 1 PID: 13307 Comm: syz-executor.2 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4539
 radix_tree_deref_slot include/linux/radix-tree.h:241 [inline]
 radix_tree_deref_slot include/linux/radix-tree.h:239 [inline]
 memfd_tag_pins mm/memfd.c:44 [inline]
 memfd_wait_for_pins mm/memfd.c:83 [inline]
 memfd_add_seals mm/memfd.c:217 [inline]
 memfd_fcntl+0xfdf/0x1750 mm/memfd.c:249
 do_fcntl+0x200/0x1020 fs/fcntl.c:421
 __do_sys_fcntl fs/fcntl.c:463 [inline]
 __se_sys_fcntl fs/fcntl.c:448 [inline]
 __x64_sys_fcntl+0x16d/0x1e0 fs/fcntl.c:448
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f92e252ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639
RDX: 000000000000000d RSI: 0000000000000409 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92e252f6d4
R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.3': attribute type 9 has an invalid length.
netlink: 'syz-executor.3': attribute type 9 has an invalid length.
netlink: 'syz-executor.3': attribute type 9 has an invalid length.
netlink: 'syz-executor.3': attribute type 9 has an invalid length.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
The task syz-executor.4 (13867) triggered the difference, watch for misbehavior.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
hid-generic 0000:0000:0000.0001: item fetching failed at offset 10/11
devpts: called with bogus options
hid-generic: probe of 0000:0000:0000.0001 failed with error -22
validate_nla: 9 callbacks suppressed
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
nla_parse: 5 callbacks suppressed
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
validate_nla: 24 callbacks suppressed
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
nla_parse: 24 callbacks suppressed
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.