============================================
WARNING: possible recursive locking detected
5.10.0-rc6-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.0/8715 is trying to acquire lock:
ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:493 [inline]
ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4019 [inline]
ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: hugetlb_cow+0x751/0x1bc0 mm/hugetlb.c:4110

but task is already holding lock:
ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:508 [inline]
ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: hugetlb_fault+0x31e/0x1280 mm/hugetlb.c:4485

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hugetlbfs_i_mmap_rwsem_key);
  lock(&hugetlbfs_i_mmap_rwsem_key);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.0/8715:
 #0: ffff888018f51568 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:56 [inline]
 #0: ffff888018f51568 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x2a8/0xa40 arch/x86/mm/fault.c:1313
 #1: ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:508 [inline]
 #1: ffff888142089b68 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: hugetlb_fault+0x31e/0x1280 mm/hugetlb.c:4485
 #2: ffff888014d1a0f8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x4a6/0x1280 mm/hugetlb.c:4499

stack backtrace:
CPU: 1 PID: 8715 Comm: syz-executor.0 Not tainted 5.10.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x137/0x1be lib/dump_stack.c:118
 __lock_acquire+0x2333/0x5e90 kernel/locking/lockdep.c:4670
 lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
 down_write+0x55/0x130 kernel/locking/rwsem.c:1531
 i_mmap_lock_write include/linux/fs.h:493 [inline]
 unmap_ref_private mm/hugetlb.c:4019 [inline]
 hugetlb_cow+0x751/0x1bc0 mm/hugetlb.c:4110
 hugetlb_fault+0xa4c/0x1280 mm/hugetlb.c:4562
 handle_mm_fault+0x223c/0x25a0 mm/memory.c:4605
 do_user_addr_fault+0x4ca/0xa40 arch/x86/mm/fault.c:1372
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0xa1/0x1e0 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x4451d1
Code: 2e 0f 1f 84 00 00 00 00 00 48 81 fa 00 04 00 00 77 77 89 d1 c1 e9 05 74 60 ff c9 48 8b 06 4c 8b 46 08 4c 8b 4e 10 4c 8b 56 18 <48> 89 07 4c 89 47 08 4c 89 4f 10 4c 89 57 18 48 8d 76 20 48 8d 7f
RSP: 002b:00007fff5049d418 EFLAGS: 00010203
RAX: 87d8195ce8261103 RBX: 00000000011a0000 RCX: 000000000000001a
RDX: 0000000000000372 RSI: 00000000011a0020 RDI: 0000000020000f00
RBP: 00000000011a0008 R08: 055ee48822f48f6f R09: bf2d7b319aa8d7d2
R10: 599cd685cefed921 R11: 0000000000000000 R12: fffffffffffffffe
R13: 000000000000bdd8 R14: 00000000000003e8 R15: 000000000119bf2c