IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
=============================
WARNING: suspicious RCU usage
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
4.14.154 #0 Not tainted
-----------------------------
include/linux/radix-tree.h:238 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.0/7127:
 #0:  (&sb->s_type->i_mutex_key#12){+.+.}, at: [<ffffffff8177534e>] inode_lock include/linux/fs.h:718 [inline]
 #0:  (&sb->s_type->i_mutex_key#12){+.+.}, at: [<ffffffff8177534e>] shmem_add_seals+0x15e/0x1060 mm/shmem.c:2810
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<ffffffff81775524>] spin_lock_irq include/linux/spinlock.h:342 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<ffffffff81775524>] shmem_tag_pins mm/shmem.c:2665 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<ffffffff81775524>] shmem_wait_for_pins mm/shmem.c:2706 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){-.-.}, at: [<ffffffff81775524>] shmem_add_seals+0x334/0x1060 mm/shmem.c:2822

stack backtrace:
CPU: 0 PID: 7127 Comm: syz-executor.0 Not tainted 4.14.154 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4665
 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline]
 radix_tree_deref_slot include/linux/radix-tree.h:236 [inline]
 shmem_tag_pins mm/shmem.c:2667 [inline]
 shmem_wait_for_pins mm/shmem.c:2706 [inline]
 shmem_add_seals+0x9e0/0x1060 mm/shmem.c:2822
 shmem_fcntl+0xf7/0x130 mm/shmem.c:2857
 do_fcntl+0x190/0xe10 fs/fcntl.c:421
 SYSC_fcntl fs/fcntl.c:463 [inline]
 SyS_fcntl+0xd5/0x110 fs/fcntl.c:448
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a639
RSP: 002b:00007f4855c8dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639
RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4855c8e6d4
R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
hrtimer: interrupt took 47347 ns
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=38316 sclass=netlink_route_socket pig=7396 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=38316 sclass=netlink_route_socket pig=7399 comm=syz-executor.1
overlayfs: missing 'lowerdir'
IPVS: Unknown mcast interface: syzkaller1
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
kvm: emulating exchange as write
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
overlayfs: missing 'lowerdir'
audit: type=1400 audit(1574009210.151:41): avc:  denied  { create } for  pid=7443 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
bond0: Releasing backup interface bond_slave_1
audit: type=1400 audit(1574009210.151:42): avc:  denied  { ioctl } for  pid=7443 comm="syz-executor.0" path="socket:[28118]" dev="sockfs" ino=28118 ioctlcmd=0x8991 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
IPVS: Unknown mcast interface: syzkaller1
audit: type=1400 audit(1574009210.311:43): avc:  denied  { ioctl } for  pid=7435 comm="syz-executor.3" path="socket:[29112]" dev="sockfs" ino=29112 ioctlcmd=0x8916 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
syz-executor.3 (7436) used greatest stack depth: 23568 bytes left
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
Bluetooth: hci0: Entering manufacturer mode failed (-110)
Bluetooth: hci0 command 0xfc11 tx timeout
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0