=============================== [ INFO: suspicious RCU usage. ] 4.9.202+ #0 Not tainted ------------------------------- include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor.5/4053: #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000f5127166>] inode_lock include/linux/fs.h:771 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000f5127166>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610 #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000008c83c588>] spin_lock_irq include/linux/spinlock.h:332 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000008c83c588>] shmem_tag_pins mm/shmem.c:2465 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000008c83c588>] shmem_wait_for_pins mm/shmem.c:2506 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000008c83c588>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622 stack backtrace: CPU: 0 PID: 4053 Comm: syz-executor.5 Not tainted 4.9.202+ #0 ffff8801cc1efca0 ffffffff81b55d2b ffff8801d6c9add0 0000000000000000 0000000000000002 00000000000000c7 ffff88019ef817c0 ffff8801cc1efcd0 ffffffff81406867 ffffea0006ef42c0 dffffc0000000000 ffff8801cc1efd78 Call Trace: [<00000000e91ba184>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000e91ba184>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<00000000292f662b>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<00000000cb32a4b8>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline] [<00000000cb32a4b8>] shmem_tag_pins mm/shmem.c:2467 [inline] [<00000000cb32a4b8>] shmem_wait_for_pins mm/shmem.c:2506 [inline] [<00000000cb32a4b8>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622 [<0000000002878182>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657 [<0000000029036652>] do_fcntl fs/fcntl.c:340 [inline] [<0000000029036652>] SYSC_fcntl fs/fcntl.c:376 [inline] [<0000000029036652>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361 [<00000000289fd848>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000031e3e278>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs error (device loop0): ext4_iget:4769: inode #2: comm syz-executor.0: bogus i_mode (0) EXT4-fs (loop0): get root inode failed EXT4-fs (loop0): mount failed EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs: failed to create workqueue EXT4-fs (loop0): mount failed FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem loop3: p1 < > p4 loop3: p1 size 2 extends beyond EOD, truncated loop3: p4 start 1854537728 is beyond EOD, truncated EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock audit: type=1400 audit(1574605003.073:11): avc: denied { set_context_mgr } for pid=4543 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574605003.113:12): avc: denied { call } for pid=4543 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: release 4543:4554 transaction 2 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4543:4546 transaction 2 in, still active binder: send failed reply for transaction 2, target dead EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): bad geometry: block count 1080 exceeds size of device (1 blocks) binder: release 4656:4689 transaction 5 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4656:4665 transaction 5 in, still active binder: send failed reply for transaction 5, target dead binder: release 4706:4732 transaction 7 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4706:4709 transaction 7 in, still active binder: send failed reply for transaction 7, target dead binder: release 4740:4746 transaction 9 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4740:4741 transaction 9 in, still active binder: send failed reply for transaction 9, target dead binder: release 4754:4769 transaction 11 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4754:4756 transaction 11 in, still active binder: send failed reply for transaction 11, target dead binder: release 4785:4807 transaction 13 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4785:4787 transaction 13 in, still active binder: send failed reply for transaction 13, target dead binder: release 4815:4833 transaction 15 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4815:4819 transaction 15 in, still active binder: send failed reply for transaction 15, target dead binder: release 4848:4857 transaction 17 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4848:4852 transaction 17 in, still active binder: send failed reply for transaction 17, target dead binder: release 4866:4880 transaction 19 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4866:4870 transaction 19 in, still active binder: send failed reply for transaction 19, target dead binder: release 4893:4910 transaction 21 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4893:4901 transaction 21 in, still active binder: send failed reply for transaction 21, target dead binder: release 4923:4930 transaction 23 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 4923:4924 transaction 23 in, still active binder: send failed reply for transaction 23, target dead