=============================== [ INFO: suspicious RCU usage. ] 4.9.202+ #0 Not tainted ------------------------------- include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor.1/14364: #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000d0af9814>] inode_lock include/linux/fs.h:771 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000d0af9814>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610 #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000009a729acc>] spin_lock_irq include/linux/spinlock.h:332 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000009a729acc>] shmem_tag_pins mm/shmem.c:2465 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000009a729acc>] shmem_wait_for_pins mm/shmem.c:2506 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000009a729acc>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622 stack backtrace: CPU: 1 PID: 14364 Comm: syz-executor.1 Not tainted 4.9.202+ #0 ffff8801a000fca0 ffffffff81b55d2b ffff8801a720e440 0000000000000000 0000000000000002 00000000000000c7 ffff88019c134740 ffff8801a000fcd0 ffffffff81406867 ffffea00066e6d80 dffffc0000000000 ffff8801a000fd78 Call Trace: [<000000001c52ad36>] __dump_stack lib/dump_stack.c:15 [inline] [<000000001c52ad36>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<00000000be8cb8af>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<00000000e87b398d>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline] [<00000000e87b398d>] shmem_tag_pins mm/shmem.c:2467 [inline] [<00000000e87b398d>] shmem_wait_for_pins mm/shmem.c:2506 [inline] [<00000000e87b398d>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622 [<00000000df912cf2>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657 [<000000000cbfd1a2>] do_fcntl fs/fcntl.c:340 [inline] [<000000000cbfd1a2>] SYSC_fcntl fs/fcntl.c:376 [inline] [<000000000cbfd1a2>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361 [<000000001733cb62>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000e2091398>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb audit: type=1400 audit(1574646231.395:136): avc: denied { create } for pid=14355 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646231.395:137): avc: denied { write } for pid=14355 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646231.715:138): avc: denied { read } for pid=14355 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue audit: type=1400 audit(1574646232.255:139): avc: denied { create } for pid=14355 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646232.275:140): avc: denied { create } for pid=14408 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1574646232.275:141): avc: denied { write } for pid=14408 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1574646232.325:142): avc: denied { create } for pid=14414 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1574646232.325:143): avc: denied { write } for pid=14414 comm="syz-executor.1" path="socket:[29376]" dev="sockfs" ino=29376 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1574646232.405:144): avc: denied { create } for pid=14408 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1574646232.415:145): avc: denied { write } for pid=14408 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 14537:14552 got reply transaction with no transaction stack SELinux: unrecognized netlink message: protocol=0 nlmsg_type=379 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14512 comm=syz-executor.1 binder: 14537:14552 transaction failed 29201/-71, size 0-0 line 3046 EXT4-fs (loop4): VFS: Can't find ext4 filesystem audit_printk_skb: 75 callbacks suppressed audit: type=1400 audit(1574646237.315:171): avc: denied { create } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646237.425:172): avc: denied { create } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646237.435:173): avc: denied { write } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646237.535:174): avc: denied { read } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 input: syz1 as /devices/virtual/input/input20 audit: type=1400 audit(1574646237.945:175): avc: denied { write } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 input: syz1 as /devices/virtual/input/input21 audit: type=1400 audit(1574646238.125:176): avc: denied { create } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646238.135:177): avc: denied { write } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646238.155:178): avc: denied { create } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646238.155:179): avc: denied { write } for pid=14631 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574646239.485:180): avc: denied { create } for pid=14694 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1