INFO: suspicious RCU usage in shmem_add_seals
11 views
Skip to first unread message
syzbot
Nov 16, 2019, 9:10:09 AM11/16/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 258971b8 Merge 4.9.202 into android-4.9-q
git tree: https://android.googlesource.com/kernel/common android-4.9-q
console output: https://syzkaller.appspot.com/x/log.txt?x=128ee416e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9bd17d9821ccee4f
dashboard link: https://syzkaller.appspot.com/bug?extid=ef0659e5f6443a1c0e26
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ef0659...@syzkaller.appspotmail.com
===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 0
2 locks held by syz-executor.2/3566:
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000029c1934e>]
inode_lock include/linux/fs.h:771 [inline]
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000029c1934e>]
shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
spin_lock_irq include/linux/spinlock.h:332 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
shmem_tag_pins mm/shmem.c:2465 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
shmem_wait_for_pins mm/shmem.c:2506 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
shmem_add_seals+0x342/0x1020 mm/shmem.c:2622
stack backtrace:
CPU: 0 PID: 3566 Comm: syz-executor.2 Not tainted 4.9.202+ #0
ffff8801b21b7ca0 ffffffff81b55d2b ffff8801ab70e908 0000000000000000
0000000000000002 00000000000000c7 ffff8801c93f97c0 ffff8801b21b7cd0
ffffffff81406867 ffffea00067a50c0 dffffc0000000000 ffff8801b21b7d78
Call Trace:
[<00000000aa184809>] __dump_stack lib/dump_stack.c:15 [inline]
[<00000000aa184809>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
[<000000004e4491ce>] lockdep_rcu_suspicious.cold+0x10a/0x149
kernel/locking/lockdep.c:4458
[<00000000afd49bae>] radix_tree_deref_slot include/linux/radix-tree.h:199
[inline]
[<00000000afd49bae>] shmem_tag_pins mm/shmem.c:2467 [inline]
[<00000000afd49bae>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
[<00000000afd49bae>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
[<00000000602571de>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657
[<00000000a53cd101>] do_fcntl fs/fcntl.c:340 [inline]
[<00000000a53cd101>] SYSC_fcntl fs/fcntl.c:376 [inline]
[<00000000a53cd101>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361
[<000000001907845e>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
[<00000000f59f0609>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
A link change request failed with some changes committed already. Interface
lo may have been left with an inconsistent configuration, please check.
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
selinux_nlmsg_perm: 306 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=327
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 258971b8 Merge 4.9.202 into android-4.9-q
git tree: https://android.googlesource.com/kernel/common android-4.9-q
console output: https://syzkaller.appspot.com/x/log.txt?x=128ee416e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9bd17d9821ccee4f
dashboard link: https://syzkaller.appspot.com/bug?extid=ef0659e5f6443a1c0e26
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ef0659...@syzkaller.appspotmail.com
===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 0
2 locks held by syz-executor.2/3566:
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000029c1934e>]
inode_lock include/linux/fs.h:771 [inline]
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000029c1934e>]
shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
spin_lock_irq include/linux/spinlock.h:332 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
shmem_tag_pins mm/shmem.c:2465 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
shmem_wait_for_pins mm/shmem.c:2506 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000035498ce9>]
shmem_add_seals+0x342/0x1020 mm/shmem.c:2622
stack backtrace:
CPU: 0 PID: 3566 Comm: syz-executor.2 Not tainted 4.9.202+ #0
ffff8801b21b7ca0 ffffffff81b55d2b ffff8801ab70e908 0000000000000000
0000000000000002 00000000000000c7 ffff8801c93f97c0 ffff8801b21b7cd0
ffffffff81406867 ffffea00067a50c0 dffffc0000000000 ffff8801b21b7d78
Call Trace:
[<00000000aa184809>] __dump_stack lib/dump_stack.c:15 [inline]
[<00000000aa184809>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
[<000000004e4491ce>] lockdep_rcu_suspicious.cold+0x10a/0x149
kernel/locking/lockdep.c:4458
[<00000000afd49bae>] radix_tree_deref_slot include/linux/radix-tree.h:199
[inline]
[<00000000afd49bae>] shmem_tag_pins mm/shmem.c:2467 [inline]
[<00000000afd49bae>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
[<00000000afd49bae>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
[<00000000602571de>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657
[<00000000a53cd101>] do_fcntl fs/fcntl.c:340 [inline]
[<00000000a53cd101>] SYSC_fcntl fs/fcntl.c:376 [inline]
[<00000000a53cd101>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361
[<000000001907845e>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
[<00000000f59f0609>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
A link change request failed with some changes committed already. Interface
lo may have been left with an inconsistent configuration, please check.
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
EXT4-fs warning (device loop0): ext4_fill_super:3459: metadata_csum and
uninit_bg are redundant flags; please run fsck.
EXT4-fs (loop0): VFS: Found ext4 filesystem with unknown checksum algorithm.
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
selinux_nlmsg_perm: 306 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=327
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3760 comm=syz-executor.2
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: � xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
ip6_tunnel: keyring xmit: Local address not yet configured!
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 20, 2019, 5:35:09 PM11/20/19
to syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 258971b8 Merge 4.9.202 into android-4.9-q
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=112dd686e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1215a5ace00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ef0659...@syzkaller.appspotmail.com
===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 0
2 locks held by syz-executor681/2046:
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000861d9546>]
inode_lock include/linux/fs.h:771 [inline]
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000861d9546>]
shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
spin_lock_irq include/linux/spinlock.h:332 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
shmem_tag_pins mm/shmem.c:2465 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
shmem_wait_for_pins mm/shmem.c:2506 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
ffff8801d10bfca0 ffffffff81b55d2b ffff8801c4860b28 0000000000000000
0000000000000002 00000000000000c7 ffff8801d23c5f00 ffff8801d10bfcd0
ffffffff81406867 ffffea00073c9540 dffffc0000000000 ffff8801d10bfd78
Call Trace:
[<000000004a3ab2bb>] __dump_stack lib/dump_stack.c:15 [inline]
[<000000004a3ab2bb>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
[<000000000012a340>] lockdep_rcu_suspicious.cold+0x10a/0x149
kernel/locking/lockdep.c:4458
[<000000005977f61d>] radix_tree_deref_slot include/linux/radix-tree.h:199
[inline]
[<000000005977f61d>] shmem_tag_pins mm/shmem.c:2467 [inline]
[<000000005977f61d>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
[<000000005977f61d>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
HEAD commit: 258971b8 Merge 4.9.202 into android-4.9-q
console output: https://syzkaller.appspot.com/x/log.txt?x=112dd686e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9bd17d9821ccee4f
dashboard link: https://syzkaller.appspot.com/bug?extid=ef0659e5f6443a1c0e26
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=143588eee00000
dashboard link: https://syzkaller.appspot.com/bug?extid=ef0659e5f6443a1c0e26
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1215a5ace00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ef0659...@syzkaller.appspotmail.com
===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 0
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000861d9546>]
inode_lock include/linux/fs.h:771 [inline]
#0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000861d9546>]
shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
spin_lock_irq include/linux/spinlock.h:332 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
shmem_tag_pins mm/shmem.c:2465 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
shmem_wait_for_pins mm/shmem.c:2506 [inline]
#1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000004ebe6aa1>]
shmem_add_seals+0x342/0x1020 mm/shmem.c:2622
stack backtrace:
CPU: 0 PID: 2046 Comm: syz-executor681 Not tainted 4.9.202+ #0
stack backtrace:
ffff8801d10bfca0 ffffffff81b55d2b ffff8801c4860b28 0000000000000000
0000000000000002 00000000000000c7 ffff8801d23c5f00 ffff8801d10bfcd0
ffffffff81406867 ffffea00073c9540 dffffc0000000000 ffff8801d10bfd78
Call Trace:
[<000000004a3ab2bb>] __dump_stack lib/dump_stack.c:15 [inline]
[<000000004a3ab2bb>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
[<000000000012a340>] lockdep_rcu_suspicious.cold+0x10a/0x149
kernel/locking/lockdep.c:4458
[<000000005977f61d>] radix_tree_deref_slot include/linux/radix-tree.h:199
[inline]
[<000000005977f61d>] shmem_tag_pins mm/shmem.c:2467 [inline]
[<000000005977f61d>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
[<000000005977f61d>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
Reply all
Reply to author
Forward
0 new messages