bridge0: port 2(bridge_slave_1) entered disabled state ============================= WARNING: suspicious RCU usage 4.14.154 #0 Not tainted ----------------------------- include/linux/radix-tree.h:238 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/9780: #0: (&sb->s_type->i_mutex_key#12){+.+.}, at: [] inode_lock include/linux/fs.h:718 [inline] #0: (&sb->s_type->i_mutex_key#12){+.+.}, at: [] shmem_add_seals+0x15e/0x1060 mm/shmem.c:2810 #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] spin_lock_irq include/linux/spinlock.h:342 [inline] #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] shmem_tag_pins mm/shmem.c:2665 [inline] #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] shmem_wait_for_pins mm/shmem.c:2706 [inline] #1: (&(&mapping->tree_lock)->rlock){-.-.}, at: [] shmem_add_seals+0x334/0x1060 mm/shmem.c:2822 stack backtrace: CPU: 0 PID: 9780 Comm: syz-executor.4 Not tainted 4.14.154 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4665 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] radix_tree_deref_slot include/linux/radix-tree.h:236 [inline] shmem_tag_pins mm/shmem.c:2667 [inline] shmem_wait_for_pins mm/shmem.c:2706 [inline] shmem_add_seals+0x9e0/0x1060 mm/shmem.c:2822 shmem_fcntl+0xf7/0x130 mm/shmem.c:2857 do_fcntl+0x190/0xe10 fs/fcntl.c:421 SYSC_fcntl fs/fcntl.c:463 [inline] SyS_fcntl+0xd5/0x110 fs/fcntl.c:448 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a639 RSP: 002b:00007fa62d251c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000006 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa62d2526d4 R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff device nr0 entered promiscuous mode device nr0 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! audit: type=1400 audit(1574245135.555:109): avc: denied { map } for pid=9982 comm="syz-executor.4" path="/dev/loop0" dev="devtmpfs" ino=35923 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1 IPVS: ftp: loaded support on port[0] = 21 XFS (loop2): unknown mount option [dont_appraise]. IPVS: ftp: loaded support on port[0] = 21 hfsplus: unable to parse mount options bond0: Releasing backup interface bond_slave_1 bond0: Enslaving bond_slave_1 as an active interface with an up link bond0: Releasing backup interface bond_slave_1 kvm: pic: single mode not supported kvm: pic: level sensitive irq not supported kvm: pic: level sensitive irq not supported audit: type=1800 audit(1574245138.545:110): pid=10212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=16824 res=0 audit: type=1804 audit(1574245138.545:111): pid=10212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir069673264/syzkaller.BD1emW/79/file0" dev="sda1" ino=16824 res=1 audit: type=1800 audit(1574245138.545:112): pid=10212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=16824 res=0 dccp_invalid_packet: P.Data Offset(0) too small audit: type=1800 audit(1574245138.555:113): pid=10216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=16824 res=0 dccp_invalid_packet: P.Data Offset(0) too small overlayfs: unrecognized mount option "wor@" or missing value