=============================== [ INFO: suspicious RCU usage. ] 4.9.202+ #0 Not tainted ------------------------------- include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor.5/4199: #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<000000001fcda344>] inode_lock include/linux/fs.h:771 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<000000001fcda344>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610 #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007c53e3de>] spin_lock_irq include/linux/spinlock.h:332 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007c53e3de>] shmem_tag_pins mm/shmem.c:2465 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007c53e3de>] shmem_wait_for_pins mm/shmem.c:2506 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007c53e3de>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622 stack backtrace: CPU: 1 PID: 4199 Comm: syz-executor.5 Not tainted 4.9.202+ #0 ffff88019e0ffca0 ffffffff81b55d2b ffff8801d4744868 0000000000000000 0000000000000002 00000000000000c7 ffff88019e738000 ffff88019e0ffcd0 ffffffff81406867 ffffea0006622280 dffffc0000000000 ffff88019e0ffd78 Call Trace: [<000000000599c224>] __dump_stack lib/dump_stack.c:15 [inline] [<000000000599c224>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<00000000da3db305>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<0000000098d970e4>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline] [<0000000098d970e4>] shmem_tag_pins mm/shmem.c:2467 [inline] [<0000000098d970e4>] shmem_wait_for_pins mm/shmem.c:2506 [inline] [<0000000098d970e4>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622 [<00000000bc42c014>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657 [<00000000e21c9ac7>] do_fcntl fs/fcntl.c:340 [inline] [<00000000e21c9ac7>] SYSC_fcntl fs/fcntl.c:376 [inline] [<00000000e21c9ac7>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361 [<0000000082447c07>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<000000008ca23a8d>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb binder: 4195:4203 unknown command 971791 binder: 4195:4203 ioctl c0306201 200000c0 returned -22 audit: type=1400 audit(1574629194.802:23): avc: denied { execmod } for pid=4215 comm="syz-executor.1" path="/root/syzkaller-testdir388068268/syzkaller.UamhlP/20/bus" dev="sda1" ino=16610 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. EXT4-fs (loop4): bad geometry: block count 17587891078200 exceeds size of device (28672 blocks) netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. audit: type=1400 audit(1574629198.502:24): avc: denied { block_suspend } for pid=4757 comm="syz-executor.0" capability=36 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 IPv6: sit1: Disabled Multicast RS device lo entered promiscuous mode IPv6: sit2: Disabled Multicast RS IPv6: sit3: Disabled Multicast RS IPv6: sit4: Disabled Multicast RS device lo left promiscuous mode EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1400 audit(1574629200.432:25): avc: denied { mac_admin } for pid=4858 comm="syz-executor.3" capability=33 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 SELinux: Context 000795b5 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a688 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). mmap: syz-executor.2 (4863) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. SELinux: Context 000795b9 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a688 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). SELinux: Context 000795ba 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a689 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). SELinux: Context 000795c7 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a692 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). EXT4-fs (loop1): fragment/cluster size (2048) != block size (4096) IPv6: sit5: Disabled Multicast RS SELinux: Context 000795ea 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a6b0 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31447 sclass=netlink_route_socket pig=5031 comm=syz-executor.5 SELinux: Context 000795ee 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a6fb 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31447 sclass=netlink_route_socket pig=5043 comm=syz-executor.5 SELinux: Context 000795f0 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a6fb 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). SELinux: Context 000795f4 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a6fc 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). SELinux: Context 000795f6 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0007a6fd 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 is not valid (left unmapped). EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs error (device loop4): ext4_iget:4769: inode #2: comm syz-executor.4: bogus i_mode (164270) EXT4-fs (loop4): get root inode failed EXT4-fs (loop4): mount failed