=============================
WARNING: suspicious RCU usage
4.14.151+ #0 Not tainted
-----------------------------
./include/linux/radix-tree.h:238 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.4/10372:
 #0:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<00000000f69e9044>] inode_lock include/linux/fs.h:724 [inline]
 #0:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<00000000f69e9044>] shmem_add_seals+0x12b/0xf80 mm/shmem.c:2831
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<000000009d187b4f>] spin_lock_irq include/linux/spinlock.h:342 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<000000009d187b4f>] shmem_tag_pins mm/shmem.c:2685 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<000000009d187b4f>] shmem_wait_for_pins mm/shmem.c:2726 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<000000009d187b4f>] shmem_add_seals+0x2e1/0xf80 mm/shmem.c:2843
syz-executor.1: 

stack backtrace:
CPU: 1 PID: 10372 Comm: syz-executor.4 Not tainted 4.14.151+ #0
vmalloc: allocation failure: 0 bytes
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline]
 shmem_tag_pins mm/shmem.c:2687 [inline]
 shmem_wait_for_pins mm/shmem.c:2726 [inline]
 shmem_add_seals+0x9d2/0xf80 mm/shmem.c:2843
 shmem_fcntl+0xea/0x120 mm/shmem.c:2878
, mode:0x14000c0(GFP_KERNEL), nodemask=
 do_fcntl+0x5c8/0xd20 fs/fcntl.c:421
 SYSC_fcntl fs/fcntl.c:463 [inline]
 SyS_fcntl+0xc6/0x100 fs/fcntl.c:448
(null)
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f51368d8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 000000000000000d RSI: 0000000000000409 RDI: 0000000000000009
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51368d96d4
R13: 00000000004c0c5a R14: 00000000004d3840 R15: 00000000ffffffff
CPU: 0 PID: 10374 Comm: syz-executor.1 Not tainted 4.14.151+ #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f923eb1dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f923eb1e6d4
R13: 00000000004cac6d R14: 00000000004e31a0 R15: 00000000ffffffff
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:101142 inactive_anon:348 isolated_anon:0
 active_file:9385 inactive_file:11561 isolated_file:0
 unevictable:0 dirty:304 writeback:0 unstable:0
 slab_reclaimable:5399 slab_unreclaimable:60555
 mapped:59324 shmem:53 pagetables:2972 bounce:0
 free:1390614 free_pcp:211 free_cma:0
Node 0 active_anon:404468kB inactive_anon:1392kB active_file:37540kB inactive_file:46244kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:237396kB dirty:1216kB writeback:0kB shmem:212kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
DMA32 free:3079672kB min:4792kB low:7868kB high:10944kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3079672kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 3437 3437
Normal free:2483264kB min:5480kB low:9000kB high:12520kB active_anon:404468kB inactive_anon:1392kB active_file:37540kB inactive_file:46244kB unevictable:0kB writepending:1216kB present:4718592kB managed:3521556kB mlocked:0kB kernel_stack:6240kB pagetables:11888kB bounce:0kB free_pcp:860kB local_pcp:420kB free_cma:0kB
lowmem_reserve[]: 0 0 0
DMA32: 2*4kB (UM) 0*8kB 1*16kB (M) 1*32kB (U) 3*64kB (UM) 2*128kB (UM) 2*256kB (UM) 1*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 750*4096kB (M) = 3079672kB
Normal: 109*4kB (UME) 109*8kB (UME) 131*16kB (UME) 195*32kB (UME) 152*64kB (UME) 62*128kB (UME) 32*256kB (UME) 45*512kB (UME) 18*1024kB (UE) 1*2048kB (M) 587*4096kB (M) = 2483372kB
20980 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
315672 pages reserved
syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
CPU: 1 PID: 10377 Comm: syz-executor.3 Not tainted 4.14.151+ #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f5b80a96c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b80a976d4
R13: 00000000004cac6d R14: 00000000004e31a0 R15: 00000000ffffffff
syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
selinux_nlmsg_perm: 23 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
CPU: 0 PID: 10408 Comm: syz-executor.1 Not tainted 4.14.151+ #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f923eb3ec78 EFLAGS: 00000246
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10417 comm=syz-executor.5
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f923eb3f6d4
R13: 00000000004cac6d R14: 00000000004e31a0 R15: 00000000ffffffff
input: syz1 as /devices/virtual/input/input20
syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
CPU: 1 PID: 10469 Comm: syz-executor.3 Not tainted 4.14.151+ #0
input: syz1 as /devices/virtual/input/input21
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f5b80a96c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b80a976d4
R13: 00000000004cac6d R14: 00000000004e31a0 R15: 00000000ffffffff
warn_alloc_show_mem: 2 callbacks suppressed
Mem-Info:
active_anon:101548 inactive_anon:351 isolated_anon:0
 active_file:9390 inactive_file:11574 isolated_file:0
 unevictable:0 dirty:338 writeback:0 unstable:0
 slab_reclaimable:5494 slab_unreclaimable:60565
 mapped:59324 shmem:55 pagetables:2965 bounce:0
 free:1390003 free_pcp:239 free_cma:0
Node 0 active_anon:406292kB inactive_anon:1404kB active_file:37560kB inactive_file:46296kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:237396kB dirty:1352kB writeback:0kB shmem:220kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
DMA32 free:3079672kB min:4792kB low:7868kB high:10944kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3079672kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 3437 3437
Normal free:2480920kB min:5480kB low:9000kB high:12520kB active_anon:406092kB inactive_anon:1404kB active_file:37560kB inactive_file:46296kB unevictable:0kB writepending:1352kB present:4718592kB managed:3521556kB mlocked:0kB kernel_stack:6048kB pagetables:11712kB bounce:0kB free_pcp:1212kB local_pcp:552kB free_cma:0kB
lowmem_reserve[]: 0 0 0
DMA32: 2*4kB (UM) 0*8kB 1*16kB (M) 1*32kB (U) 3*64kB (UM) 2*128kB (UM) 2*256kB (UM) 1*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 750*4096kB (M) = 3079672kB
Normal: 246*4kB (UME) 164*8kB (UME) 23*16kB (UE) 154*32kB (UME) 154*64kB (UME) 63*128kB (UME) 33*256kB (UME) 45*512kB (UME) 18*1024kB (UE) 1*2048kB (M) 587*4096kB (M) = 2481832kB
21003 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
315672 pages reserved
input: syz1 as /devices/virtual/input/input22
input: syz1 as /devices/virtual/input/input23
syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
input: syz1 as /devices/virtual/input/input24
CPU: 0 PID: 10515 Comm: syz-executor.1 Not tainted 4.14.151+ #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f923eb3ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
input: syz1 as /devices/virtual/input/input25
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f923eb3f6d4
R13: 00000000004cac6d R14: 00000000004e31a0 R15: 00000000ffffffff
input: syz1 as /devices/virtual/input/input26
SELinux: failed to load policy
input: syz1 as /devices/virtual/input/input27
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux:  Context a is not valid (left unmapped).
audit: type=1400 audit(1572874272.234:45): avc:  denied  { dyntransition } for  pid=10597 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0 tclass=process permissive=1