============================================ WARNING: possible recursive locking detected 5.11.0-rc1-syzkaller #0 Not tainted -------------------------------------------- syz-executor.3/10933 is trying to acquire lock: ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:493 [inline] ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4019 [inline] ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: hugetlb_cow+0xedf/0x15f0 mm/hugetlb.c:4110 but task is already holding lock: ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:508 [inline] ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: hugetlb_fault+0x26c/0x2340 mm/hugetlb.c:4485 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&hugetlbfs_i_mmap_rwsem_key); lock(&hugetlbfs_i_mmap_rwsem_key); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.3/10933: #0: ffff8880b3ff2b58 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline] #0: ffff8880b3ff2b58 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x25f/0xc50 arch/x86/mm/fault.c:1334 #1: ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:508 [inline] #1: ffff88802be1f848 (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at: hugetlb_fault+0x26c/0x2340 mm/hugetlb.c:4485 #2: ffff8880148e27b8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x368/0x2340 mm/hugetlb.c:4499 stack backtrace: CPU: 0 PID: 10933 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 print_deadlock_bug kernel/locking/lockdep.c:2761 [inline] check_deadlock kernel/locking/lockdep.c:2804 [inline] validate_chain kernel/locking/lockdep.c:3595 [inline] __lock_acquire.cold+0x15e/0x3b0 kernel/locking/lockdep.c:4832 lock_acquire kernel/locking/lockdep.c:5437 [inline] lock_acquire+0x29d/0x740 kernel/locking/lockdep.c:5402 down_write+0x8d/0x150 kernel/locking/rwsem.c:1406 i_mmap_lock_write include/linux/fs.h:493 [inline] unmap_ref_private mm/hugetlb.c:4019 [inline] hugetlb_cow+0xedf/0x15f0 mm/hugetlb.c:4110 hugetlb_fault+0x1561/0x2340 mm/hugetlb.c:4562 handle_mm_fault+0x11c3/0x5640 mm/memory.c:4616 do_user_addr_fault+0x570/0xc50 arch/x86/mm/fault.c:1393 handle_page_fault arch/x86/mm/fault.c:1450 [inline] exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1506 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:580 RIP: 0010:__put_user_nocheck_8+0x3/0x21 Code: 00 00 48 39 d9 73 34 0f 1f 00 89 01 31 c9 0f 1f 00 c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f 00 00 48 39 d9 73 14 0f 1f 00 <48> 89 01 31 c9 0f 1f 00 c3 0f 1f 44 00 00 0f 1f 00 b9 f2 ff ff ff RSP: 0018:ffffc90012d87e78 EFLAGS: 00010297 RAX: 00000000f5557ba8 RBX: 00007fffffffeff9 RCX: 0000000020000080 RDX: 1ffff1100ee790c6 RSI: ffffffff8148b2cc RDI: ffff8880773c8630 RBP: 1ffff920025b0fd2 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000028 R12: 0000000000000000 R13: 0000000020000080 R14: 0000000000000000 R15: ffffffffffffffda prctl_get_tid_address kernel/sys.c:2244 [inline] __do_sys_prctl+0x8c5/0x1040 kernel/sys.c:2431 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x56/0x80 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f5d549 Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000f55570cc EFLAGS: 00000296 ORIG_RAX: 00000000000000ac RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 0000000020000080 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000