===============================
[ INFO: suspicious RCU usage. ]
4.9.202+ #0 Not tainted
-------------------------------
include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
2 locks held by syz-executor.2/16818:
 #0:  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<000000008904f0a0>] inode_lock include/linux/fs.h:771 [inline]
 #0:  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<000000008904f0a0>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000cccdcf79>] spin_lock_irq include/linux/spinlock.h:332 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000cccdcf79>] shmem_tag_pins mm/shmem.c:2465 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000cccdcf79>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
 #1:  (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000cccdcf79>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622

stack backtrace:
CPU: 0 PID: 16818 Comm: syz-executor.2 Not tainted 4.9.202+ #0
 ffff8801aa6d7ca0 ffffffff81b55d2b ffff880192289e68 0000000000000000
 0000000000000002 00000000000000c7 ffff8801c64a5f00 ffff8801aa6d7cd0
 ffffffff81406867 ffffea0006359c40 dffffc0000000000 ffff8801aa6d7d78
Call Trace:
 [<000000000a086356>] __dump_stack lib/dump_stack.c:15 [inline]
 [<000000000a086356>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
 [<0000000096d6caf7>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458
 [<00000000d2a993ee>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline]
 [<00000000d2a993ee>] shmem_tag_pins mm/shmem.c:2467 [inline]
 [<00000000d2a993ee>] shmem_wait_for_pins mm/shmem.c:2506 [inline]
 [<00000000d2a993ee>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622
 [<0000000008b949e5>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657
 [<000000007bf96a14>] do_fcntl fs/fcntl.c:340 [inline]
 [<000000007bf96a14>] SYSC_fcntl fs/fcntl.c:376 [inline]
 [<000000007bf96a14>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361
 [<00000000ad7da0d0>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<000000003f3a8298>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
binder: release 16791:16795 transaction 39 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 39, target dead
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=16847 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15090 sclass=netlink_route_socket pig=16883 comm=syz-executor.0
capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use)
EXT4-fs error (device loop1): ext4_iget:4556: inode #2: comm syz-executor.1: root inode unallocated
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
netlink: 17 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor.2'.
audit: type=1400 audit(1574676970.350:75): avc:  denied  { write } for  pid=17645 comm="syz-executor.2" path="socket:[36824]" dev="sockfs" ino=36824 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1