=============================== [ INFO: suspicious RCU usage. ] 4.9.202+ #0 Not tainted ------------------------------- include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor.1/1396: #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000079601b0b>] inode_lock include/linux/fs.h:771 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000079601b0b>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610 #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000055d63d75>] spin_lock_irq include/linux/spinlock.h:332 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000055d63d75>] shmem_tag_pins mm/shmem.c:2465 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000055d63d75>] shmem_wait_for_pins mm/shmem.c:2506 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000055d63d75>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622 stack backtrace: CPU: 1 PID: 1396 Comm: syz-executor.1 Not tainted 4.9.202+ #0 ffff88019b8c7ca0 ffffffff81b55d2b ffff8801cb111ab0[ 1004.670510] audit: type=1400 audit(1574664923.592:1842): avc: denied { set_context_mgr } for pid=1373 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 1373:1382 ERROR: BC_REGISTER_LOOPER called without request binder: 1373:1382 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1373:1382 got reply transaction with no transaction stack binder: 1373:1382 transaction failed 29201/-71, size 734122174678459764-8247340102182532430 line 3046 binder: 1373:1382 ioctl c0306201 20000080 returned -14 binder: 1373:1382 ioctl 6612 0 returned -22 0000000000000000 0000000000000002 00000000000000c7 ffff8801cafa2f80 ffff88019b8c7cd0 ffffffff81406867 ffffea0006694b40 dffffc0000000000 ffff88019b8c7d78 Call Trace: [<0000000063081834>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000063081834>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<00000000896c664a>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<000000001a90737b>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline] [<000000001a90737b>] shmem_tag_pins mm/shmem.c:2467 [inline] [<000000001a90737b>] shmem_wait_for_pins mm/shmem.c:2506 [inline] [<000000001a90737b>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622 [<00000000b8422459>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657 [<00000000161d8bf4>] do_fcntl fs/fcntl.c:340 [inline] [<00000000161d8bf4>] SYSC_fcntl fs/fcntl.c:376 [inline] [<00000000161d8bf4>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361 [<000000009a41ed61>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000039f565c7>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1574664925.972:1843): avc: denied { set_context_mgr } for pid=1442 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 1442:1454 ERROR: BC_REGISTER_LOOPER called without request binder: 1442:1454 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1442:1454 got reply transaction with no transaction stack binder: 1442:1450 ioctl 6612 0 returned -22 binder: 1442:1454 transaction failed 29201/-71, size 734122174678459764-8247340102182532430 line 3046 binder: 1442:1454 ioctl c0306201 20000080 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: 1466:1471 IncRefs 0 refcount change on invalid ref 0 ret -22 audit: type=1400 audit(1574664926.732:1844): avc: denied { set_context_mgr } for pid=1472 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 1472:1475 ERROR: BC_REGISTER_LOOPER called without request binder: 1472:1475 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1472:1475 unknown command 0 binder: 1472:1475 ioctl c0306201 20000080 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 1472:1475 ioctl 40046207 0 returned -16 binder: 1472:1475 ERROR: BC_REGISTER_LOOPER called without request binder: 1472:1475 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1472:1475 got reply transaction with no transaction stack binder: 1472:1475 transaction failed 29201/-71, size 0-0 line 3046 binder: 1472:1475 ioctl c0306201 20000080 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1574664926.942:1845): avc: denied { set_context_mgr } for pid=1472 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 1472:1475 ERROR: BC_REGISTER_LOOPER called without request binder: 1472:1475 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1472:1475 got reply transaction with no transaction stack binder: 1472:1475 transaction failed 29201/-71, size 0-0 line 3046 binder: 1472:1475 ioctl c0306201 20000080 returned -14 binder: 1472:1481 unknown command 0 binder: 1472:1481 ioctl c0306201 20000080 returned -22 binder: undelivered TRANSACTION_ERROR: 29201 binder: 1466:1471 unknown command 1885692960 audit: type=1400 audit(1574664927.932:1846): avc: denied { create } for pid=1506 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664927.932:1847): avc: denied { write } for pid=1506 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664928.272:1848): avc: denied { read } for pid=1506 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664928.312:1849): avc: denied { create } for pid=1506 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664928.312:1850): avc: denied { write } for pid=1506 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 1466:1471 ioctl c0306201 20000080 returned -22 audit: type=1400 audit(1574664929.732:1851): avc: denied { create } for pid=1569 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664929.812:1852): avc: denied { create } for pid=1569 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 1619:1623 ioctl 40046207 0 returned -16 binder: 1619:1626 unknown command 1060725518 binder: 1619:1626 ioctl c0306201 20000080 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 1619:1626 ioctl 40046207 0 returned -16 binder: 1619:1626 unknown command 1074029312 binder: 1619:1626 ioctl c0306201 20000080 returned -22 audit_printk_skb: 30 callbacks suppressed audit: type=1400 audit(1574664931.102:1863): avc: denied { create } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1400 audit(1574664931.402:1864): avc: denied { create } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664931.492:1866): avc: denied { set_context_mgr } for pid=1635 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1574664931.482:1865): avc: denied { write } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 1635:1641 ERROR: BC_REGISTER_LOOPER called without request binder: 1635:1641 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1635:1641 got reply transaction with no transaction stack binder: 1635:1641 transaction failed 29201/-71, size 0-17 line 3046 binder: BINDER_SET_CONTEXT_MGR already set binder: 1619:1651 ioctl 40046207 0 returned -16 binder: 1619:1626 unknown command 1060725518 binder: 1619:1626 ioctl c0306201 20000080 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 1619:1626 ioctl 40046207 0 returned -16 binder: 1619:1651 unknown command 1074029312 binder: 1619:1651 ioctl c0306201 20000080 returned -22 audit: type=1400 audit(1574664931.772:1867): avc: denied { read } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664931.822:1868): avc: denied { create } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1574664931.872:1869): avc: denied { create } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664931.872:1870): avc: denied { write } for pid=1627 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574664932.122:1871): avc: denied { write } for pid=1664 comm="syz-executor.0" name="net" dev="proc" ino=76676 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1574664932.122:1872): avc: denied { add_name } for pid=1664 comm="syz-executor.0" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 binder: undelivered death notification, 0000000000000000 binder: undelivered TRANSACTION_ERROR: 29201 binder: 1635:1666 ERROR: BC_REGISTER_LOOPER called without request binder: 1635:1666 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 1635:1666 got reply transaction with no transaction stack binder: 1635:1666 transaction failed 29201/-71, size 0-17 line 3046 binder: undelivered death notification, 0000000000000000 binder: undelivered TRANSACTION_ERROR: 29201 EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs (loop3): corrupt root inode, run e2fsck EXT4-fs (loop3): mount failed netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.