./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3387447950
<...>
Warning: Permanently added '10.128.1.9' (ED25519) to the list of known hosts.
execve("./syz-executor3387447950", ["./syz-executor3387447950"], 0x7fff55bf7f40 /* 10 vars */) = 0
brk(NULL) = 0x5555555e2000
brk(0x5555555e2d00) = 0x5555555e2d00
arch_prctl(ARCH_SET_FS, 0x5555555e2380) = 0
set_tid_address(0x5555555e2650) = 5065
set_robust_list(0x5555555e2660, 24) = 0
rseq(0x5555555e2ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3387447950", 4096) = 28
getrandom("\x85\x2e\xa8\x55\xca\x1a\x5d\xb1", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555555e2d00
brk(0x555555603d00) = 0x555555603d00
brk(0x555555604000) = 0x555555604000
mprotect(0x7f39d1c17000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("\x01\xfd\xae\x2e\x2b\xa6\x8c\xb6\x3f\x32\x19\x39\x94\x53\x2c\x7c\x78\x3f\x55\x65\x5b\xbd\xe1\x21\x03\x33\xbc\x27\x23\xff\x17\x9b\x25\xf3\x5b\x64\x20\x20\x97\xf5\x47\x97\x41\xc2\xd8\xf0\x55\x71\xe6\x2b\xa5\x6c\x94\x0b\xb6\x07\x17\x5c\xfb\x04\x21\xe4\xc4\xb1\xa2\x1c\xff\x43\x3b\x94\x51\x0d\xb6\x7d\x9c\xec\x43\x0b\xcf\xeb\xe4\x9a\x52\xe5\x2c\x82\x03", MFD_ALLOW_SEALING|MFD_HUGETLB) = 3
fallocate(3, 0, 0, 8576) = 0
mmap(0x20000000, 16384, PROT_READ|PROT_WRITE|PROT_GROWSDOWN, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x20000000
fcntl(3, F_GETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0, l_pid=0}) = 0
exit_group(0) = ?
[ 73.475174][ T5065]
[ 73.477532][ T5065] ======================================================
[ 73.484523][ T5065] WARNING: possible circular locking dependency detected
[ 73.491516][ T5065] 6.8.0-rc1-next-20240124-syzkaller #0 Not tainted
[ 73.497992][ T5065] ------------------------------------------------------
[ 73.504995][ T5065] syz-executor338/5065 is trying to acquire lock:
[ 73.511382][ T5065] ffffffff8d925b00 (fs_reclaim){+.+.}-{0:0}, at: kmalloc_trace+0x51/0x330
[ 73.519901][ T5065]
[ 73.519901][ T5065] but task is already holding lock:
[ 73.527247][ T5065] ffff888024054e28 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: __unmap_hugepage_range+0x4e5/0x1bf0
[ 73.537410][ T5065]
[ 73.537410][ T5065] which lock already depends on the new lock.
[ 73.537410][ T5065]
[ 73.547799][ T5065]
[ 73.547799][ T5065] the existing dependency chain (in reverse order) is:
[ 73.556796][ T5065]
[ 73.556796][ T5065] -> #2 (ptlock_ptr(ptdesc)){+.+.}-{2:2}:
[ 73.564677][ T5065] _raw_spin_lock+0x2e/0x40
[ 73.569702][ T5065] __split_huge_pmd+0x21f/0x3090
[ 73.575145][ T5065] vma_adjust_trans_huge+0x2da/0x560
[ 73.580937][ T5065] __split_vma+0xcb9/0x1190
[ 73.585949][ T5065] vma_modify+0x261/0x460
[ 73.590795][ T5065] mprotect_fixup+0x228/0xc90
[ 73.595976][ T5065] do_mprotect_pkey+0x8a4/0xdc0
[ 73.601329][ T5065] __x64_sys_mprotect+0x78/0xc0
[ 73.606681][ T5065] do_syscall_64+0xd2/0x260
[ 73.611686][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 73.618088][ T5065]
[ 73.618088][ T5065] -> #1 (&mapping->i_mmap_rwsem){++++}-{3:3}:
[ 73.626315][ T5065] down_write+0x3a/0x50
[ 73.630971][ T5065] dma_resv_lockdep+0x292/0x620
[ 73.636333][ T5065] do_one_initcall+0x128/0x690
[ 73.641604][ T5065] kernel_init_freeable+0x698/0xc30
[ 73.647314][ T5065] kernel_init+0x1c/0x2a0
[ 73.652150][ T5065] ret_from_fork+0x45/0x80
[ 73.657072][ T5065] ret_from_fork_asm+0x1a/0x30
[ 73.662354][ T5065]
[ 73.662354][ T5065] -> #0 (fs_reclaim){+.+.}-{0:0}:
[ 73.669536][ T5065] __lock_acquire+0x2478/0x3b30
[ 73.674909][ T5065] lock_acquire+0x1b1/0x540
[ 73.679919][ T5065] fs_reclaim_acquire+0x102/0x150
[ 73.685459][ T5065] kmalloc_trace+0x51/0x330
[ 73.690474][ T5065] allocate_file_region_entries+0x1a3/0x620
[ 73.696877][ T5065] region_chg+0x85/0x140
[ 73.701639][ T5065] __vma_reservation_common+0x443/0x740
[ 73.707696][ T5065] __unmap_hugepage_range+0xfdb/0x1bf0
[ 73.713655][ T5065] unmap_single_vma+0x24b/0x2b0
[ 73.719015][ T5065] unmap_vmas+0x22f/0x490
[ 73.723856][ T5065] exit_mmap+0x1c1/0xbe0
[ 73.728608][ T5065] __mmput+0x12a/0x4d0
[ 73.733179][ T5065] mmput+0x62/0x70
[ 73.737404][ T5065] do_exit+0x999/0x2ac0
[ 73.742067][ T5065] do_group_exit+0xd3/0x2a0
[ 73.747085][ T5065] __x64_sys_exit_group+0x3e/0x50
[ 73.752611][ T5065] do_syscall_64+0xd2/0x260
[ 73.757623][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 73.764037][ T5065]
[ 73.764037][ T5065] other info that might help us debug this:
[ 73.764037][ T5065]
[ 73.774246][ T5065] Chain exists of:
[ 73.774246][ T5065] fs_reclaim --> &mapping->i_mmap_rwsem --> ptlock_ptr(ptdesc)
[ 73.774246][ T5065]
[ 73.787719][ T5065] Possible unsafe locking scenario:
[ 73.787719][ T5065]
[ 73.795147][ T5065] CPU0 CPU1
[ 73.800491][ T5065] ---- ----
[ 73.805835][ T5065] lock(ptlock_ptr(ptdesc));
[ 73.810490][ T5065] lock(&mapping->i_mmap_rwsem);
[ 73.818010][ T5065] lock(ptlock_ptr(ptdesc));
[ 73.825181][ T5065] lock(fs_reclaim);
[ 73.829138][ T5065]
[ 73.829138][ T5065] *** DEADLOCK ***
[ 73.829138][ T5065]
[ 73.837255][ T5065] 4 locks held by syz-executor338/5065:
[ 73.842776][ T5065] #0: ffff88806c3b27a0 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x107/0xbe0
[ 73.851802][ T5065] #1: ffff88806c0e20e8 (&resv_map->rw_sema){++++}-{3:3}, at: hugetlb_vma_lock_write+0x105/0x140
[ 73.862310][ T5065] #2: ffff88802507c3c8 (&hugetlbfs_i_mmap_rwsem_key){+.+.}-{3:3}, at: __hugetlb_zap_begin+0x242/0x2b0
[ 73.873336][ T5065] #3: ffff888024054e28 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: __unmap_hugepage_range+0x4e5/0x1bf0
[ 73.884090][ T5065]
[ 73.884090][ T5065] stack backtrace:
[ 73.889966][ T5065] CPU: 0 PID: 5065 Comm: syz-executor338 Not tainted 6.8.0-rc1-next-20240124-syzkaller #0
[ 73.899836][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 73.909872][ T5065] Call Trace:
[ 73.913134][ T5065]
[ 73.916045][ T5065] dump_stack_lvl+0xd9/0x1b0
[ 73.920637][ T5065] check_noncircular+0x31a/0x400
[ 73.925561][ T5065] ? __pfx_check_noncircular+0x10/0x10
[ 73.931010][ T5065] ? kernel_text_address+0x8d/0x100
[ 73.936190][ T5065] ? lockdep_lock+0xc6/0x200
[ 73.940763][ T5065] ? __pfx_lockdep_lock+0x10/0x10
[ 73.945769][ T5065] __lock_acquire+0x2478/0x3b30
[ 73.950612][ T5065] ? __pfx___lock_acquire+0x10/0x10
[ 73.955798][ T5065] ? save_trace+0x4e/0xb30
[ 73.960218][ T5065] ? _find_first_zero_bit+0x94/0xb0
[ 73.965404][ T5065] lock_acquire+0x1b1/0x540
[ 73.969896][ T5065] ? kmalloc_trace+0x51/0x330
[ 73.974555][ T5065] ? __pfx_lock_acquire+0x10/0x10
[ 73.979565][ T5065] ? find_held_lock+0x2d/0x110
[ 73.984315][ T5065] fs_reclaim_acquire+0x102/0x150
[ 73.989329][ T5065] ? kmalloc_trace+0x51/0x330
[ 73.993986][ T5065] kmalloc_trace+0x51/0x330
[ 73.998474][ T5065] ? allocate_file_region_entries+0x1a3/0x620
[ 74.004524][ T5065] allocate_file_region_entries+0x1a3/0x620
[ 74.010400][ T5065] ? __pfx_allocate_file_region_entries+0x10/0x10
[ 74.016802][ T5065] region_chg+0x85/0x140
[ 74.021048][ T5065] __vma_reservation_common+0x443/0x740
[ 74.026577][ T5065] ? __pfx___vma_reservation_common+0x10/0x10
[ 74.032628][ T5065] ? __pfx___page_table_check_pte_clear+0x10/0x10
[ 74.039042][ T5065] ? folio_flags.constprop.0+0x56/0x150
[ 74.044577][ T5065] __unmap_hugepage_range+0xfdb/0x1bf0
[ 74.050024][ T5065] unmap_single_vma+0x24b/0x2b0
[ 74.054865][ T5065] unmap_vmas+0x22f/0x490
[ 74.059198][ T5065] ? __pfx_unmap_vmas+0x10/0x10
[ 74.064038][ T5065] ? __pfx_lock_release+0x10/0x10
[ 74.069050][ T5065] ? lru_add_drain_cpu+0x454/0x860
[ 74.074148][ T5065] exit_mmap+0x1c1/0xbe0
[ 74.078376][ T5065] ? __pfx_exit_mmap+0x10/0x10
[ 74.083127][ T5065] __mmput+0x12a/0x4d0
[ 74.087181][ T5065] mmput+0x62/0x70
[ 74.090884][ T5065] do_exit+0x999/0x2ac0
[ 74.095025][ T5065] ? do_group_exit+0x1c3/0x2a0
[ 74.099768][ T5065] ? __pfx_lock_release+0x10/0x10
[ 74.104784][ T5065] ? do_raw_spin_lock+0x12d/0x2c0
[ 74.109822][ T5065] ? __pfx_do_exit+0x10/0x10
[ 74.114398][ T5065] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 74.119749][ T5065] do_group_exit+0xd3/0x2a0
[ 74.124233][ T5065] __x64_sys_exit_group+0x3e/0x50
[ 74.129240][ T5065] do_syscall_64+0xd2/0x260
[ 74.133727][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 74.139608][ T5065] RIP: 0033:0x7f39d1ba2c79
[ 74.144002][ T5065] Code: Unable to access opcode bytes at 0x7f39d1ba2c4f.
[ 74.150993][ T5065] RSP: 002b:00007ffcc6ad06f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 74.159382][ T5065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f39d1ba2c79
[ 74.167332][ T5065] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 74.175283][ T5065] RBP: 00007f39d1c1d270 R08: ffffffffffffffb8 R09: 0000000000000000
[ 74.183245][ T5065] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f39d1c1d270
[ 74.191195][ T5065] R13: 0000000000000000 R14: 00007f39d1c1dcc0 R15: 00007f39d1b74a60
[ 74.199148][ T5065]
[ 74.202319][ T5065] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:306
[ 74.211814][ T5065] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5065, name: syz-executor338
[ 74.221301][ T5065] preempt_count: 1, expected: 0
[ 74.226152][ T5065] RCU nest depth: 0, expected: 0
[ 74.231283][ T5065] INFO: lockdep is turned off.
[ 74.236034][ T5065] Preemption disabled at:
[ 74.236040][ T5065] [<0000000000000000>] 0x0
[ 74.244788][ T5065] CPU: 0 PID: 5065 Comm: syz-executor338 Not tainted 6.8.0-rc1-next-20240124-syzkaller #0
[ 74.254655][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 74.264685][ T5065] Call Trace:
[ 74.267945][ T5065]
[ 74.270857][ T5065] dump_stack_lvl+0x125/0x1b0
[ 74.275526][ T5065] __might_resched+0x3c0/0x5e0
[ 74.280274][ T5065] ? __pfx___might_resched+0x10/0x10
[ 74.285545][ T5065] kmalloc_trace+0x2a3/0x330
[ 74.290129][ T5065] ? allocate_file_region_entries+0x1a3/0x620
[ 74.296177][ T5065] allocate_file_region_entries+0x1a3/0x620
[ 74.302054][ T5065] ? __pfx_allocate_file_region_entries+0x10/0x10
[ 74.308462][ T5065] region_chg+0x85/0x140
[ 74.312689][ T5065] __vma_reservation_common+0x443/0x740
[ 74.318235][ T5065] ? __pfx___vma_reservation_common+0x10/0x10
[ 74.324309][ T5065] ? __pfx___page_table_check_pte_clear+0x10/0x10
[ 74.330708][ T5065] ? folio_flags.constprop.0+0x56/0x150
[ 74.336241][ T5065] __unmap_hugepage_range+0xfdb/0x1bf0
[ 74.341685][ T5065] unmap_single_vma+0x24b/0x2b0
[ 74.346524][ T5065] unmap_vmas+0x22f/0x490
[ 74.350842][ T5065] ? __pfx_unmap_vmas+0x10/0x10
[ 74.355682][ T5065] ? __pfx_lock_release+0x10/0x10
[ 74.360726][ T5065] ? lru_add_drain_cpu+0x454/0x860
[ 74.365826][ T5065] exit_mmap+0x1c1/0xbe0
[ 74.370065][ T5065] ? __pfx_exit_mmap+0x10/0x10
[ 74.374842][ T5065] __mmput+0x12a/0x4d0
[ 74.378921][ T5065] mmput+0x62/0x70
[ 74.382656][ T5065] do_exit+0x999/0x2ac0
[ 74.386821][ T5065] ? do_group_exit+0x1c3/0x2a0
[ 74.391576][ T5065] ? __pfx_lock_release+0x10/0x10
[ 74.396601][ T5065] ? do_raw_spin_lock+0x12d/0x2c0
[ 74.401618][ T5065] ? __pfx_do_exit+0x10/0x10
[ 74.406214][ T5065] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 74.411586][ T5065] do_group_exit+0xd3/0x2a0
[ 74.416083][ T5065] __x64_sys_exit_group+0x3e/0x50
[ 74.421111][ T5065] do_syscall_64+0xd2/0x260
[ 74.425617][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 74.431525][ T5065] RIP: 0033:0x7f39d1ba2c79
[ 74.435932][ T5065] Code: Unable to access opcode bytes at 0x7f39d1ba2c4f.
[ 74.442937][ T5065] RSP: 002b:00007ffcc6ad06f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 74.451340][ T5065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f39d1ba2c79
[ 74.459302][ T5065] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 74.467265][ T5065] RBP: 00007f39d1c1d270 R08: ffffffffffffffb8 R09: 0000000000000000
+++ exited with 0 +++
[ 74.475230][ T5065] R10: 0000000000000003 R11: 0