protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 ============================= WARNING: suspicious RCU usage 4.19.84 #0 Not tainted ----------------------------- include/linux/radix-tree.h:241 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.5/31228: #0: 000000008135e015 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:747 [inline] #0: 000000008135e015 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_add_seals mm/memfd.c:199 [inline] #0: 000000008135e015 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_fcntl+0x235/0x1750 mm/memfd.c:249 #1: 00000000cc527ab0 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline] #1: 00000000cc527ab0 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_tag_pins mm/memfd.c:42 [inline] #1: 00000000cc527ab0 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_wait_for_pins mm/memfd.c:83 [inline] #1: 00000000cc527ab0 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_add_seals mm/memfd.c:217 [inline] #1: 00000000cc527ab0 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_fcntl+0x4bc/0x1750 mm/memfd.c:249 stack backtrace: CPU: 0 PID: 31228 Comm: syz-executor.5 Not tainted 4.19.84 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4539 radix_tree_deref_slot include/linux/radix-tree.h:241 [inline] radix_tree_deref_slot include/linux/radix-tree.h:239 [inline] memfd_tag_pins mm/memfd.c:44 [inline] memfd_wait_for_pins mm/memfd.c:83 [inline] memfd_add_seals mm/memfd.c:217 [inline] memfd_fcntl+0xfdf/0x1750 mm/memfd.c:249 do_fcntl+0x200/0x1020 fs/fcntl.c:421 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x16d/0x1e0 fs/fcntl.c:448 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f25e6855c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000005 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f25e68566d4 R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff audit: type=1800 audit(1574133915.900:264): pid=31016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=16987 res=0 SELinux: failed to load policy ptrace attach of "/root/syz-executor.4"[31801] was attempted by "/root/syz-executor.4"[31802] ptrace attach of "/root/syz-executor.0"[31893] was attempted by "/root/syz-executor.0"[31894] netlink: 'syz-executor.4': attribute type 18 has an invalid length. binder: 32191:32209 unknown command -2075172091 binder: 32191:32209 ioctl c0306201 20000bc0 returned -22 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 'syz-executor.0': attribute type 9 has an invalid length. netlink: 'syz-executor.0': attribute type 9 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=32551 comm=syz-executor.3 ptrace attach of "/root/syz-executor.4"[32673] was attempted by "/root/syz-executor.4"[32675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=421 comm=syz-executor.3 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready input: syz1 as /devices/virtual/input/input101 input: syz1 as /devices/virtual/input/input102 ptrace attach of "/root/syz-executor.4"[976] was attempted by "/root/syz-executor.4"[979] SELinux: ebitmap: start bit 0 comes after start bit 1593835392 SELinux: failed to load policy netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=1922 comm=syz-executor.4 net_ratelimit: 27 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 SELinux: failed to load policy SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=1693 comm=syz-executor.4 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 SELinux: failed to load policy protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1