[ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. 2020/05/02 06:13:29 parsed 1 programs 2020/05/02 06:13:30 executed programs: 0 syzkaller login: [ 65.405910][ T7223] IPVS: ftp: loaded support on port[0] = 21 [ 65.500696][ T7223] chnl_net:caif_netlink_parms(): no params data found [ 65.551590][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.559794][ T7223] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.568812][ T7223] device bridge_slave_0 entered promiscuous mode [ 65.578017][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.585931][ T7223] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.594450][ T7223] device bridge_slave_1 entered promiscuous mode [ 65.615271][ T7223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.629251][ T7223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.651771][ T7223] team0: Port device team_slave_0 added [ 65.659220][ T7223] team0: Port device team_slave_1 added [ 65.677837][ T7223] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.684905][ T7223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.711043][ T7223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.724275][ T7223] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.731219][ T7223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.757389][ T7223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.838219][ T7223] device hsr_slave_0 entered promiscuous mode [ 65.893683][ T7223] device hsr_slave_1 entered promiscuous mode [ 66.024548][ T7223] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.056012][ T7223] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.106725][ T7223] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.155576][ T7223] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.209205][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.216438][ T7223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.224361][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.231530][ T7223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.278651][ T7223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.292638][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.302700][ T2712] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.311463][ T2712] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.320320][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 66.335117][ T7223] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.346962][ T3167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.355593][ T3167] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.362649][ T3167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.376464][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.385342][ T2712] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.392435][ T2712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.414289][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.422810][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.433570][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.445273][ T3167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.459218][ T7223] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.471074][ T7223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.480272][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.504203][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.511626][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.522727][ T7223] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.542926][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.552130][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.573819][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.582949][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.592572][ T7223] device veth0_vlan entered promiscuous mode [ 66.601522][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.609913][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.621426][ T7223] device veth1_vlan entered promiscuous mode [ 66.647564][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.656186][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.666683][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.675791][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.686607][ T7223] device veth0_macvtap entered promiscuous mode [ 66.698754][ T7223] device veth1_macvtap entered promiscuous mode [ 66.717231][ T7223] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.725723][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.734971][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.742820][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.752660][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.766009][ T7223] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.774394][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.784176][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.004784][ T7432] hugetlbfs: syz-executor.0 (7432): Using mlock ulimits for SHM_HUGETLB is deprecated [ 67.095143][ T7433] [ 67.097515][ T7433] ===================================================== [ 67.104428][ T7433] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 67.111857][ T7433] 5.7.0-rc1-next-20200415-syzkaller #0 Not tainted [ 67.118323][ T7433] ----------------------------------------------------- [ 67.125271][ T7433] syz-executor.0/7433 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 67.133253][ T7433] ffff888092ddc938 (&info->lock){....}-{2:2}, at: shmem_uncharge+0x24/0x270 [ 67.141980][ T7433] [ 67.141980][ T7433] and this task is already holding: [ 67.149338][ T7433] ffff888092ddcc88 (&xa->xa_lock#4){..-.}-{2:2}, at: split_huge_page_to_list+0xad0/0x33b0 [ 67.159225][ T7433] which would create a new lock dependency: [ 67.165089][ T7433] (&xa->xa_lock#4){..-.}-{2:2} -> (&info->lock){....}-{2:2} [ 67.172445][ T7433] [ 67.172445][ T7433] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 67.181878][ T7433] (&xa->xa_lock#4){..-.}-{2:2} [ 67.181887][ T7433] [ 67.181887][ T7433] ... which became SOFTIRQ-irq-safe at: [ 67.194413][ T7433] lock_acquire+0x1f2/0x8f0 [ 67.198976][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf [ 67.204235][ T7433] test_clear_page_writeback+0x1d7/0x11e0 [ 67.210014][ T7433] end_page_writeback+0x239/0x520 [ 67.215110][ T7433] end_buffer_async_write+0x442/0x5c0 [ 67.220542][ T7433] end_bio_bh_io_sync+0xe2/0x140 [ 67.225537][ T7433] bio_endio+0x46a/0x820 [ 67.229851][ T7433] blk_update_request+0x3e1/0xdc0 [ 67.234954][ T7433] scsi_end_request+0x80/0x7b0 [ 67.239790][ T7433] scsi_io_completion+0x1e7/0x1300 [ 67.244991][ T7433] scsi_softirq_done+0x31e/0x3b0 [ 67.249990][ T7433] blk_done_softirq+0x2db/0x440 [ 67.255021][ T7433] __do_softirq+0x26c/0x9f7 [ 67.259591][ T7433] irq_exit+0x192/0x1d0 [ 67.263812][ T7433] do_IRQ+0xda/0x270 [ 67.267766][ T7433] ret_from_intr+0x0/0x2b [ 67.272195][ T7433] check_memory_region+0xdf/0x190 [ 67.277285][ T7433] rcu_dynticks_curr_cpu_in_eqs+0x4f/0xb0 [ 67.283094][ T7433] rcu_is_watching+0xc/0x20 [ 67.287703][ T7433] rcu_read_lock_held_common+0xaf/0x130 [ 67.293310][ T7433] rcu_read_lock_held+0x5a/0xb0 [ 67.298220][ T7433] __d_lookup_rcu+0x53a/0x6c0 [ 67.302955][ T7433] lookup_fast+0xe0/0x6d0 [ 67.307389][ T7433] walk_component+0xc6/0x6a0 [ 67.312598][ T7433] path_lookupat.isra.0+0x180/0x530 [ 67.317855][ T7433] filename_lookup+0x1a3/0x3e0 [ 67.322679][ T7433] vfs_statx+0x119/0x1e0 [ 67.326991][ T7433] __do_sys_newlstat+0x96/0x120 [ 67.331901][ T7433] do_syscall_64+0xf6/0x7d0 [ 67.336462][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.342408][ T7433] [ 67.342408][ T7433] to a SOFTIRQ-irq-unsafe lock: [ 67.349404][ T7433] (shmlock_user_lock){+.+.}-{2:2} [ 67.349415][ T7433] [ 67.349415][ T7433] ... which became SOFTIRQ-irq-unsafe at: [ 67.362467][ T7433] ... [ 67.362481][ T7433] lock_acquire+0x1f2/0x8f0 [ 67.369653][ T7433] _raw_spin_lock+0x2a/0x40 [ 67.374220][ T7433] user_shm_lock+0xab/0x230 [ 67.378789][ T7433] hugetlb_file_setup+0x4e1/0x677 [ 67.383965][ T7433] newseg+0x460/0xe60 [ 67.388013][ T7433] ipcget+0xf0/0xcb0 [ 67.391973][ T7433] __x64_sys_shmget+0x139/0x1a0 [ 67.396885][ T7433] do_syscall_64+0xf6/0x7d0 [ 67.401449][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.407394][ T7433] [ 67.407394][ T7433] other info that might help us debug this: [ 67.407394][ T7433] [ 67.417597][ T7433] Chain exists of: [ 67.417597][ T7433] &xa->xa_lock#4 --> &info->lock --> shmlock_user_lock [ 67.417597][ T7433] [ 67.430324][ T7433] Possible interrupt unsafe locking scenario: [ 67.430324][ T7433] [ 67.438612][ T7433] CPU0 CPU1 [ 67.443950][ T7433] ---- ---- [ 67.449295][ T7433] lock(shmlock_user_lock); [ 67.453891][ T7433] local_irq_disable(); [ 67.460631][ T7433] lock(&xa->xa_lock#4); [ 67.467456][ T7433] lock(&info->lock); [ 67.474061][ T7433] [ 67.477492][ T7433] lock(&xa->xa_lock#4); [ 67.482004][ T7433] [ 67.482004][ T7433] *** DEADLOCK *** [ 67.482004][ T7433] [ 67.490126][ T7433] 5 locks held by syz-executor.0/7433: [ 67.495551][ T7433] #0: ffff8880a926a450 (sb_writers#7){.+.+}-{0:0}, at: do_sys_ftruncate+0x29f/0x570 [ 67.504992][ T7433] #1: ffff888092ddcb90 (&sb->s_type->i_mutex_key#16){+.+.}-{3:3}, at: do_truncate+0x125/0x1f0 [ 67.515296][ T7433] #2: ffff888092ddcd50 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: split_huge_page_to_list+0x4c3/0x33b0 [ 67.526342][ T7433] #3: ffff88812ffffcd8 (&pgdat->lru_lock){....}-{2:2}, at: split_huge_page_to_list+0x8da/0x33b0 [ 67.537001][ T7433] #4: ffff888092ddcc88 (&xa->xa_lock#4){..-.}-{2:2}, at: split_huge_page_to_list+0xad0/0x33b0 [ 67.547401][ T7433] [ 67.547401][ T7433] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 67.557845][ T7433] -> (&xa->xa_lock#4){..-.}-{2:2} { [ 67.563036][ T7433] IN-SOFTIRQ-W at: [ 67.566997][ T7433] lock_acquire+0x1f2/0x8f0 [ 67.573282][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf [ 67.580159][ T7433] test_clear_page_writeback+0x1d7/0x11e0 [ 67.587509][ T7433] end_page_writeback+0x239/0x520 [ 67.594164][ T7433] end_buffer_async_write+0x442/0x5c0 [ 67.601169][ T7433] end_bio_bh_io_sync+0xe2/0x140 [ 67.607735][ T7433] bio_endio+0x46a/0x820 [ 67.613615][ T7433] blk_update_request+0x3e1/0xdc0 [ 67.620274][ T7433] scsi_end_request+0x80/0x7b0 [ 67.626663][ T7433] scsi_io_completion+0x1e7/0x1300 [ 67.633438][ T7433] scsi_softirq_done+0x31e/0x3b0 [ 67.640008][ T7433] blk_done_softirq+0x2db/0x440 [ 67.646520][ T7433] __do_softirq+0x26c/0x9f7 [ 67.652648][ T7433] irq_exit+0x192/0x1d0 [ 67.658425][ T7433] do_IRQ+0xda/0x270 [ 67.663950][ T7433] ret_from_intr+0x0/0x2b [ 67.669937][ T7433] check_memory_region+0xdf/0x190 [ 67.676595][ T7433] rcu_dynticks_curr_cpu_in_eqs+0x4f/0xb0 [ 67.683939][ T7433] rcu_is_watching+0xc/0x20 [ 67.690155][ T7433] rcu_read_lock_held_common+0xaf/0x130 [ 67.697326][ T7433] rcu_read_lock_held+0x5a/0xb0 [ 67.703808][ T7433] __d_lookup_rcu+0x53a/0x6c0 [ 67.710106][ T7433] lookup_fast+0xe0/0x6d0 [ 67.716056][ T7433] walk_component+0xc6/0x6a0 [ 67.722278][ T7433] path_lookupat.isra.0+0x180/0x530 [ 67.729107][ T7433] filename_lookup+0x1a3/0x3e0 [ 67.735496][ T7433] vfs_statx+0x119/0x1e0 [ 67.741364][ T7433] __do_sys_newlstat+0x96/0x120 [ 67.747853][ T7433] do_syscall_64+0xf6/0x7d0 [ 67.753992][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.761507][ T7433] INITIAL USE at: [ 67.765386][ T7433] lock_acquire+0x1f2/0x8f0 [ 67.771436][ T7433] _raw_spin_lock_irq+0x5b/0x80 [ 67.777840][ T7433] __add_to_page_cache_locked+0x607/0xe00 [ 67.785106][ T7433] add_to_page_cache_lru+0x1aa/0x700 [ 67.791942][ T7433] do_read_cache_page+0x9ab/0x1810 [ 67.798596][ T7433] read_part_sector+0xf6/0x600 [ 67.804898][ T7433] adfspart_check_ICS+0x9d/0xc80 [ 67.811377][ T7433] blk_add_partitions+0x474/0xe50 [ 67.817950][ T7433] bdev_disk_changed+0x1fb/0x380 [ 67.824422][ T7433] __blkdev_get+0xb15/0x1530 [ 67.830548][ T7433] blkdev_get+0x41/0x2b0 [ 67.836326][ T7433] __device_add_disk+0xa4f/0x1170 [ 67.842900][ T7433] brd_init+0x297/0x463 [ 67.848592][ T7433] do_one_initcall+0x10a/0x7d0 [ 67.854906][ T7433] kernel_init_freeable+0x501/0x5ae [ 67.861639][ T7433] kernel_init+0xd/0x1bb [ 67.867435][ T7433] ret_from_fork+0x24/0x30 [ 67.873382][ T7433] } [ 67.875866][ T7433] ... key at: [] __key.18068+0x0/0x40 [ 67.883288][ T7433] ... acquired at: [ 67.887069][ T7433] lock_acquire+0x1f2/0x8f0 [ 67.891717][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf [ 67.897071][ T7433] shmem_uncharge+0x24/0x270 [ 67.901808][ T7433] split_huge_page_to_list+0x274b/0x33b0 [ 67.907586][ T7433] shmem_punch_compound+0x13e/0x1e0 [ 67.912940][ T7433] shmem_undo_range+0x5f1/0x1b80 [ 67.918046][ T7433] shmem_truncate_range+0x27/0xa0 [ 67.923229][ T7433] shmem_setattr+0x8b6/0xc80 [ 67.928504][ T7433] notify_change+0xb6d/0x1020 [ 67.933345][ T7433] do_truncate+0x134/0x1f0 [ 67.937909][ T7433] do_sys_ftruncate+0x4a5/0x570 [ 67.942911][ T7433] do_syscall_64+0xf6/0x7d0 [ 67.947606][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.953692][ T7433] [ 67.955997][ T7433] [ 67.955997][ T7433] the dependencies between the lock to be acquired [ 67.956000][ T7433] and SOFTIRQ-irq-unsafe lock: [ 67.969537][ T7433] -> (shmlock_user_lock){+.+.}-{2:2} { [ 67.975075][ T7433] HARDIRQ-ON-W at: [ 67.979137][ T7433] lock_acquire+0x1f2/0x8f0 [ 67.985461][ T7433] _raw_spin_lock+0x2a/0x40 [ 67.991773][ T7433] user_shm_lock+0xab/0x230 [ 67.998784][ T7433] hugetlb_file_setup+0x4e1/0x677 [ 68.005612][ T7433] newseg+0x460/0xe60 [ 68.011402][ T7433] ipcget+0xf0/0xcb0 [ 68.017367][ T7433] __x64_sys_shmget+0x139/0x1a0 [ 68.024028][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.030367][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.038061][ T7433] SOFTIRQ-ON-W at: [ 68.042225][ T7433] lock_acquire+0x1f2/0x8f0 [ 68.048536][ T7433] _raw_spin_lock+0x2a/0x40 [ 68.054841][ T7433] user_shm_lock+0xab/0x230 [ 68.061185][ T7433] hugetlb_file_setup+0x4e1/0x677 [ 68.068011][ T7433] newseg+0x460/0xe60 [ 68.073804][ T7433] ipcget+0xf0/0xcb0 [ 68.079589][ T7433] __x64_sys_shmget+0x139/0x1a0 [ 68.086252][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.092666][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.100362][ T7433] INITIAL USE at: [ 68.104446][ T7433] lock_acquire+0x1f2/0x8f0 [ 68.110661][ T7433] _raw_spin_lock+0x2a/0x40 [ 68.116880][ T7433] user_shm_lock+0xab/0x230 [ 68.123099][ T7433] shmem_lock+0x1dd/0x2d0 [ 68.129146][ T7433] shmctl_do_lock+0x73f/0x8f0 [ 68.135576][ T7433] ksys_shmctl.constprop.0+0x203/0x350 [ 68.143439][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.149657][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.157256][ T7433] } [ 68.159824][ T7433] ... key at: [] shmlock_user_lock+0x18/0x5c0 [ 68.168027][ T7433] ... acquired at: [ 68.171897][ T7433] _raw_spin_lock+0x2a/0x40 [ 68.176547][ T7433] user_shm_lock+0xab/0x230 [ 68.181195][ T7433] shmem_lock+0x1dd/0x2d0 [ 68.185681][ T7433] shmctl_do_lock+0x73f/0x8f0 [ 68.190503][ T7433] ksys_shmctl.constprop.0+0x203/0x350 [ 68.196119][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.200770][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.206813][ T7433] [ 68.209114][ T7433] -> (&info->lock){....}-{2:2} { [ 68.214656][ T7433] INITIAL USE at: [ 68.218532][ T7433] lock_acquire+0x1f2/0x8f0 [ 68.224569][ T7433] _raw_spin_lock_irq+0x5b/0x80 [ 68.230965][ T7433] shmem_getpage_gfp+0x937/0x2a10 [ 68.237593][ T7433] shmem_write_begin+0x102/0x1e0 [ 68.244072][ T7433] generic_perform_write+0x20a/0x4e0 [ 68.250898][ T7433] __generic_file_write_iter+0x24c/0x610 [ 68.258071][ T7433] generic_file_write_iter+0x3f3/0x630 [ 68.265071][ T7433] new_sync_write+0x4a2/0x700 [ 68.271284][ T7433] __vfs_write+0xc9/0x100 [ 68.277152][ T7433] vfs_write+0x268/0x5d0 [ 68.282933][ T7433] ksys_write+0x12d/0x250 [ 68.288802][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.294896][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.302379][ T7433] } [ 68.304866][ T7433] ... key at: [] __key.56628+0x0/0x40 [ 68.312292][ T7433] ... acquired at: [ 68.316082][ T7433] lock_acquire+0x1f2/0x8f0 [ 68.320807][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf [ 68.326168][ T7433] shmem_uncharge+0x24/0x270 [ 68.330944][ T7433] split_huge_page_to_list+0x274b/0x33b0 [ 68.336725][ T7433] shmem_punch_compound+0x13e/0x1e0 [ 68.342113][ T7433] shmem_undo_range+0x5f1/0x1b80 [ 68.347204][ T7433] shmem_truncate_range+0x27/0xa0 [ 68.352379][ T7433] shmem_setattr+0x8b6/0xc80 [ 68.357130][ T7433] notify_change+0xb6d/0x1020 [ 68.361953][ T7433] do_truncate+0x134/0x1f0 [ 68.366526][ T7433] do_sys_ftruncate+0x4a5/0x570 [ 68.371536][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.376199][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.382231][ T7433] [ 68.384541][ T7433] [ 68.384541][ T7433] stack backtrace: [ 68.390422][ T7433] CPU: 1 PID: 7433 Comm: syz-executor.0 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 68.400202][ T7433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.410233][ T7433] Call Trace: [ 68.413518][ T7433] dump_stack+0x188/0x20d [ 68.417829][ T7433] check_irq_usage.cold+0x566/0x6de [ 68.423008][ T7433] ? check_usage_forwards+0x4e0/0x4e0 [ 68.428370][ T7433] ? kernel_text_address+0x6e/0xe0 [ 68.433459][ T7433] ? arch_stack_walk+0x84/0xd0 [ 68.438212][ T7433] ? check_path+0x22/0x40 [ 68.442524][ T7433] ? check_noncircular+0x16d/0x3e0 [ 68.447614][ T7433] ? print_circular_bug.isra.0+0x3a0/0x3a0 [ 68.453395][ T7433] ? mark_lock+0x12b/0xf10 [ 68.457838][ T7433] ? __lock_acquire+0x2ac9/0x4c50 [ 68.462840][ T7433] __lock_acquire+0x2ac9/0x4c50 [ 68.467670][ T7433] ? mark_held_locks+0xe0/0xe0 [ 68.472406][ T7433] ? xas_load+0x66/0x140 [ 68.476666][ T7433] lock_acquire+0x1f2/0x8f0 [ 68.481161][ T7433] ? shmem_uncharge+0x24/0x270 [ 68.485900][ T7433] ? lock_release+0x800/0x800 [ 68.490555][ T7433] ? __delete_from_page_cache+0x3fc/0xb90 [ 68.496248][ T7433] ? filemap_map_pages+0x1370/0x1370 [ 68.501511][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf [ 68.506693][ T7433] ? shmem_uncharge+0x24/0x270 [ 68.511428][ T7433] shmem_uncharge+0x24/0x270 [ 68.516007][ T7433] split_huge_page_to_list+0x274b/0x33b0 [ 68.521629][ T7433] ? can_split_huge_page+0x480/0x480 [ 68.526896][ T7433] shmem_punch_compound+0x13e/0x1e0 [ 68.532071][ T7433] shmem_undo_range+0x5f1/0x1b80 [ 68.537113][ T7433] ? shmem_file_read_iter+0xd30/0xd30 [ 68.542523][ T7433] ? lockdep_hardirqs_on+0x463/0x620 [ 68.547793][ T7433] ? mark_lock+0x12b/0xf10 [ 68.552194][ T7433] ? current_time+0x6b/0x110 [ 68.556767][ T7433] ? print_usage_bug+0x240/0x240 [ 68.561686][ T7433] ? lock_release+0x800/0x800 [ 68.566356][ T7433] ? rwsem_mark_wake+0x8d0/0x8d0 [ 68.571277][ T7433] ? lock_downgrade+0x840/0x840 [ 68.576104][ T7433] ? timestamp_truncate+0x20f/0x2f0 [ 68.581288][ T7433] ? inode_init_owner+0x330/0x330 [ 68.586300][ T7433] ? ktime_get_coarse_real_ts64+0xe5/0x280 [ 68.592103][ T7433] ? lockdep_hardirqs_on+0x463/0x620 [ 68.597421][ T7433] shmem_truncate_range+0x27/0xa0 [ 68.602435][ T7433] shmem_setattr+0x8b6/0xc80 [ 68.607078][ T7433] ? evm_inode_setattr+0x6a/0x170 [ 68.612090][ T7433] ? shmem_evict_inode+0x9f0/0x9f0 [ 68.617184][ T7433] notify_change+0xb6d/0x1020 [ 68.621855][ T7433] do_truncate+0x134/0x1f0 [ 68.626250][ T7433] ? do_sys_openat2+0x7d0/0x7d0 [ 68.631085][ T7433] ? common_perm_cond+0x187/0x200 [ 68.636097][ T7433] do_sys_ftruncate+0x4a5/0x570 [ 68.640935][ T7433] do_syscall_64+0xf6/0x7d0 [ 68.645419][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.651292][ T7433] RIP: 0033:0x45c829 [ 68.655172][ T7433] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.674816][ T7433] RSP: 002b:00007feebbe5dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 68.683255][ T7433] RAX: ffffffffffffffda RBX: 00000000004dc580 RCX: 000000000045c829 [ 68.691234][ T7433] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000005 [ 68.699189][ T7433] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 68.707149][ T7433] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 68.715098][ T7433] R13: 00000000000000e9 R14: 00000000004c3701 R15: 00007feebbe5e6d4