===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
2 locks held by syz-executor.2/22476:
 #0:  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000cea978f1>] inode_lock include/linux/fs.h:771 [inline]
 #0:  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<00000000cea978f1>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] spin_lock_irq include/linux/spinlock.h:332 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] shmem_tag_pins mm/shmem.c:2465 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<000000007e6b7db9>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622

stack backtrace:
CPU: 1 PID: 22476 Comm: syz-executor.2 Not tainted 4.9.202+ #0
 ffff8801a8dd7ca0 ffffffff81b55d2b ffff8801a90e0790 0000000000000000
 0000000000000002 00000000000000c7 ffff8801cace5f00 ffff8801a8dd7cd0
 ffffffff81406867 ffffea00061d7680 dffffc0000000000 ffff8801a8dd7d78
Call Trace:
 [<0000000052fb5b52>] __dump_stack lib/dump_stack.c:15 [inline]
 [<0000000052fb5b52>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
 [<000000002ce79966>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458
 [<00000000305cabe3>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline]
 [<00000000305cabe3>] shmem_tag_pins mm/shmem.c:2467 [inline]
 [<00000000305cabe3>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
 [<00000000305cabe3>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
 [<00000000ed77ca35>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657
 [<000000008062ac7e>] do_fcntl fs/fcntl.c:340 [inline]
 [<000000008062ac7e>] SYSC_fcntl fs/fcntl.c:376 [inline]
 [<000000008062ac7e>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361
 [<000000003386ffae>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000c86d1275>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
audit: type=1400 audit(1574601132.852:2753): avc:  denied  { create } for  pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601132.852:2754): avc:  denied  { write } for  pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
F2FS-fs (loop3): Fix alignment : done, start(5120) end(12288) block(6656)
attempt to access beyond end of device
audit: type=1400 audit(1574601133.112:2755): avc:  denied  { read } for  pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601133.152:2756): avc:  denied  { create } for  pid=22470 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
loop3: rw=48, want=8200, limit=20
attempt to access beyond end of device
loop3: rw=48, want=12296, limit=20
F2FS-fs (loop3): Failed to get valid F2FS checkpoint
audit: type=1400 audit(1574601133.392:2757): avc:  denied  { map_create } for  pid=22508 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
audit: type=1400 audit(1574601133.482:2758): avc:  denied  { map_create } for  pid=22512 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
audit: type=1400 audit(1574601134.302:2759): avc:  denied  { map_create } for  pid=22538 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1574601134.392:2760): avc:  denied  { create } for  pid=22526 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601134.432:2761): avc:  denied  { associate } for  pid=20 comm="kdevtmpfs" name="loop0p207" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1
audit: type=1400 audit(1574601134.432:2762): avc:  denied  { prog_load } for  pid=22538 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1574601134.482:2763): avc:  denied  { write } for  pid=22526 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601134.572:2764): avc:  denied  { prog_run } for  pid=22538 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1574601134.872:2765): avc:  denied  { read } for  pid=22526 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601134.942:2766): avc:  denied  { create } for  pid=22555 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601134.942:2767): avc:  denied  { write } for  pid=22555 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574601134.962:2768): avc:  denied  { create } for  pid=22556 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
devpts: called with bogus options
EXT4-fs (loop1): bad geometry: block count 580964351930795064 exceeds size of device (54272 blocks)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22871 comm=syz-executor.5
netlink: 2220 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22871 comm=syz-executor.5
audit_printk_skb: 54 callbacks suppressed
audit: type=1400 audit(1574601141.082:2787): avc:  denied  { set_context_mgr } for  pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601141.112:2788): avc:  denied  { call } for  pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601141.112:2789): avc:  denied  { transfer } for  pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601141.122:2790): avc:  denied  { transfer } for  pid=22873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 22873:22875 got transaction with invalid parent offset or type
binder: 22873:22875 transaction failed 29201/-22, size 80-24 line 3454
binder: undelivered TRANSACTION_ERROR: 29201
audit: type=1400 audit(1574601141.552:2791): avc:  denied  { set_context_mgr } for  pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601141.582:2792): avc:  denied  { call } for  pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601141.582:2793): avc:  denied  { transfer } for  pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601141.592:2794): avc:  denied  { transfer } for  pid=22883 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 22883:22884 got transaction with invalid parent offset or type
binder: 22883:22884 transaction failed 29201/-22, size 80-24 line 3454
binder: undelivered TRANSACTION_ERROR: 29201
audit: type=1400 audit(1574601142.072:2795): avc:  denied  { set_context_mgr } for  pid=22893 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1574601142.102:2796): avc:  denied  { call } for  pid=22893 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1