===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
2 locks held by syz-executor.2/12536:
 #0:  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<000000003a6aac2f>] inode_lock include/linux/fs.h:771 [inline]
 #0:  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<000000003a6aac2f>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000077307323>] spin_lock_irq include/linux/spinlock.h:332 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000077307323>] shmem_tag_pins mm/shmem.c:2465 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000077307323>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<0000000077307323>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622

stack backtrace:
CPU: 0 PID: 12536 Comm: syz-executor.2 Not tainted 4.9.202+ #0
 ffff88019c41fca0 ffffffff81b55d2b ffff8801d4748868 0000000000000000
 0000000000000002 00000000000000c7 ffff8801c57e17c0 ffff88019c41fcd0
 ffffffff81406867 ffffea000640b900 dffffc0000000000 ffff88019c41fd78
Call Trace:
 [<000000009c6dd21a>] __dump_stack lib/dump_stack.c:15 [inline]
 [<000000009c6dd21a>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
 [<00000000b66abda6>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458
 [<000000004cd7bf3b>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline]
 [<000000004cd7bf3b>] shmem_tag_pins mm/shmem.c:2467 [inline]
 [<000000004cd7bf3b>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
 [<000000004cd7bf3b>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
 [<00000000327f443b>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657
 [<00000000cdd06967>] do_fcntl fs/fcntl.c:340 [inline]
 [<00000000cdd06967>] SYSC_fcntl fs/fcntl.c:376 [inline]
 [<00000000cdd06967>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361
 [<0000000036489526>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000a324caa5>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
audit: type=1400 audit(1574585952.555:458): avc:  denied  { prog_load } for  pid=12590 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1574585952.755:459): avc:  denied  { prog_run } for  pid=12590 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1574585952.955:460): avc:  denied  { create } for  pid=12605 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585953.115:461): avc:  denied  { write } for  pid=12605 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585953.535:462): avc:  denied  { read } for  pid=12605 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585953.725:463): avc:  denied  { create } for  pid=12631 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585953.905:464): avc:  denied  { write } for  pid=12631 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585954.295:465): avc:  denied  { read } for  pid=12631 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1

€Â: renamed from eql
audit: type=1400 audit(1574585954.425:466): avc:  denied  { create } for  pid=12631 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
binder: 12756:12762 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 12756:12762 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: 12756:12762 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
audit: type=1400 audit(1574585958.095:467): avc:  denied  { create } for  pid=12776 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585958.315:468): avc:  denied  { write } for  pid=12776 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585958.745:469): avc:  denied  { read } for  pid=12776 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585958.855:470): avc:  denied  { create } for  pid=12776 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1574585958.855:471): avc:  denied  { write } for  pid=12776 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
netlink: 96 bytes leftover after parsing attributes in process `syz-executor.4'.