=============================== [ INFO: suspicious RCU usage. ] 4.9.202+ #0 Not tainted ------------------------------- include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor.2/22476: #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000cea978f1>] inode_lock include/linux/fs.h:771 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000cea978f1>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610 #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] spin_lock_irq include/linux/spinlock.h:332 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] shmem_tag_pins mm/shmem.c:2465 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] shmem_wait_for_pins mm/shmem.c:2506 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622 stack backtrace: CPU: 1 PID: 22476 Comm: syz-executor.2 Not tainted 4.9.202+ #0 ffff8801a8dd7ca0 ffffffff81b55d2b ffff8801a90e0790 0000000000000000 0000000000000002 00000000000000c7 ffff8801cace5f00 ffff8801a8dd7cd0 ffffffff81406867 ffffea00061d7680 dffffc0000000000 ffff8801a8dd7d78 Call Trace: [<0000000052fb5b52>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000052fb5b52>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<000000002ce79966>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<00000000305cabe3>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline] [<00000000305cabe3>] shmem_tag_pins mm/shmem.c:2467 [inline] [<00000000305cabe3>] shmem_wait_for_pins mm/shmem.c:2506 [inline] [<00000000305cabe3>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622 [<00000000ed77ca35>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657 [<000000008062ac7e>] do_fcntl fs/fcntl.c:340 [inline] [<000000008062ac7e>] SYSC_fcntl fs/fcntl.c:376 [inline] [<000000008062ac7e>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361 [<000000003386ffae>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000c86d1275>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock audit: type=1400 audit(1574601132.852:2753): avc: denied { create } for pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601132.852:2754): avc: denied { write } for pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 F2FS-fs (loop3): Fix alignment : done, start(5120) end(12288) block(6656) attempt to access beyond end of device audit: type=1400 audit(1574601133.112:2755): avc: denied { read } for pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601133.152:2756): avc: denied { create } for pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 loop3: rw=48, want=8200, limit=20 attempt to access beyond end of device loop3: rw=48, want=12296, limit=20 F2FS-fs (loop3): Failed to get valid F2FS checkpoint audit: type=1400 audit(1574601133.392:2757): avc: denied { map_create } for pid=22508 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock audit: type=1400 audit(1574601133.482:2758): avc: denied { map_create } for pid=22512 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock audit: type=1400 audit(1574601134.302:2759): avc: denied { map_create } for pid=22538 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1574601134.392:2760): avc: denied { create } for pid=22526 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601134.432:2761): avc: denied { associate } for pid=20 comm="kdevtmpfs" name="loop0p207" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1 audit: type=1400 audit(1574601134.432:2762): avc: denied { prog_load } for pid=22538 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1574601134.482:2763): avc: denied { write } for pid=22526 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601134.572:2764): avc: denied { prog_run } for pid=22538 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1574601134.872:2765): avc: denied { read } for pid=22526 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601134.942:2766): avc: denied { create } for pid=22555 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601134.942:2767): avc: denied { write } for pid=22555 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574601134.962:2768): avc: denied { create } for pid=22556 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 devpts: called with bogus options EXT4-fs (loop1): bad geometry: block count 580964351930795064 exceeds size of device (54272 blocks) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22871 comm=syz-executor.5 netlink: 2220 bytes leftover after parsing attributes in process `syz-executor.5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22871 comm=syz-executor.5 audit_printk_skb: 54 callbacks suppressed audit: type=1400 audit(1574601141.082:2787): avc: denied { set_context_mgr } for pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601141.112:2788): avc: denied { call } for pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601141.112:2789): avc: denied { transfer } for pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601141.122:2790): avc: denied { transfer } for pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 22873:22875 got transaction with invalid parent offset or type binder: 22873:22875 transaction failed 29201/-22, size 80-24 line 3454 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1574601141.552:2791): avc: denied { set_context_mgr } for pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601141.582:2792): avc: denied { call } for pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601141.582:2793): avc: denied { transfer } for pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601141.592:2794): avc: denied { transfer } for pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 22883:22884 got transaction with invalid parent offset or type binder: 22883:22884 transaction failed 29201/-22, size 80-24 line 3454 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1574601142.072:2795): avc: denied { set_context_mgr } for pid=22893 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574601142.102:2796): avc: denied { call } for pid=22893 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1