============================= WARNING: suspicious RCU usage 4.19.84 #0 Not tainted ----------------------------- include/linux/radix-tree.h:241 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.1/6783: #0: 000000007b6f01b2 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:747 [inline] #0: 000000007b6f01b2 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_add_seals mm/memfd.c:199 [inline] #0: 000000007b6f01b2 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_fcntl+0x235/0x1750 mm/memfd.c:249 #1: 00000000681b7849 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline] #1: 00000000681b7849 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_tag_pins mm/memfd.c:42 [inline] #1: 00000000681b7849 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_wait_for_pins mm/memfd.c:83 [inline] #1: 00000000681b7849 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_add_seals mm/memfd.c:217 [inline] #1: 00000000681b7849 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_fcntl+0x4bc/0x1750 mm/memfd.c:249 stack backtrace: CPU: 0 PID: 6783 Comm: syz-executor.1 Not tainted 4.19.84 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4539 radix_tree_deref_slot include/linux/radix-tree.h:241 [inline] radix_tree_deref_slot include/linux/radix-tree.h:239 [inline] memfd_tag_pins mm/memfd.c:44 [inline] memfd_wait_for_pins mm/memfd.c:83 [inline] memfd_add_seals mm/memfd.c:217 [inline] memfd_fcntl+0xfdf/0x1750 mm/memfd.c:249 do_fcntl+0x200/0x1020 fs/fcntl.c:421 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x16d/0x1e0 fs/fcntl.c:448 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f01e8c39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 RDX: 000000000000000e RSI: 0000000000000409 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01e8c3a6d4 R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff device ip6gre1 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl net_ratelimit: 490 callbacks suppressed netlink: zone id is out of range device ip6gre1 entered promiscuous mode netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode audit: type=1804 audit(1574265636.034:392): pid=6885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir398791827/syzkaller.7gZ3Ta/310/file0/bus" dev="ramfs" ino=308938 res=1 device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode mmap: syz-executor.4 (7018): VmData 18661376 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. device ip6gre1 entered promiscuous mode capability: warning: `syz-executor.5' uses deprecated v2 capabilities in a way that may be insecure device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode hfs: can't find a HFS filesystem on dev loop5 device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode net_ratelimit: 956 callbacks suppressed netlink: zone id is out of range netlink: zone id is out of range device ip6gre1 entered promiscuous mode netlink: zone id is out of range netlink: zone id is out of range device ip6gre1 entered promiscuous mode netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range device ip6gre1 entered promiscuous mode selinux_nlmsg_perm: 6 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 device ip6gre1 entered promiscuous mode netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 device ip6gre1 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7358 comm=syz-executor.5 device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode audit: type=1804 audit(1574265642.924:393): pid=7435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir398791827/syzkaller.7gZ3Ta/323/bus" dev="sda1" ino=16634 res=1 audit: type=1804 audit(1574265642.954:394): pid=7435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir398791827/syzkaller.7gZ3Ta/323/bus" dev="sda1" ino=16634 res=1 device ip6gre1 entered promiscuous mode audit: type=1804 audit(1574265643.104:395): pid=7435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir398791827/syzkaller.7gZ3Ta/323/bus" dev="sda1" ino=16634 res=1 audit: type=1804 audit(1574265643.104:396): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir398791827/syzkaller.7gZ3Ta/323/bus" dev="sda1" ino=16634 res=1 device ip6gre1 entered promiscuous mode audit: type=1804 audit(1574265643.104:397): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir398791827/syzkaller.7gZ3Ta/323/bus" dev="sda1" ino=16634 res=1 device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7504 Comm: syz-executor.3 Not tainted 4.19.84 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149 __should_failslab+0x121/0x190 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc_trace+0x2cc/0x760 mm/slab.c:3623 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] alloc_pipe_info+0xb9/0x430 fs/pipe.c:647 splice_direct_to_actor+0x6bb/0x890 fs/splice.c:921 do_splice_direct+0x1da/0x2a0 fs/splice.c:1062 do_sendfile+0x597/0xce0 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64 fs/read_write.c:1494 [inline] __x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1494 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f6071908c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f6071908c90 RCX: 000000000045a639 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000024000000 R11: 0000000000000246 R12: 00007f60719096d4 R13: 00000000004c83bf R14: 00000000004de7f0 R15: 0000000000000008 device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode device ip6gre1 entered promiscuous mode