======================================================
WARNING: possible circular locking dependency detected
4.14.153 #0 Not tainted
------------------------------------------------------
syz-executor.0/9723 is trying to acquire lock:
 (&rp->fetch_lock){+.+.}, at: [<ffffffff83f7761f>] mon_bin_vma_fault+0x6f/0x280 drivers/usb/mon/mon_bin.c:1236

but task is already holding lock:
 (&mm->mmap_sem){++++}, at: [<ffffffff8129991a>] __do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1349

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&mm->mmap_sem){++++}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __might_fault mm/memory.c:4584 [inline]
       __might_fault+0x143/0x1d0 mm/memory.c:4569
       _copy_to_user+0x2c/0xd0 lib/usercopy.c:25
       copy_to_user include/linux/uaccess.h:155 [inline]
       mon_bin_read+0x2fb/0x5e0 drivers/usb/mon/mon_bin.c:825
       do_loop_readv_writev fs/read_write.c:695 [inline]
       do_loop_readv_writev fs/read_write.c:682 [inline]
       do_iter_read+0x3e2/0x5b0 fs/read_write.c:919
       vfs_readv+0xd3/0x130 fs/read_write.c:981
       do_readv+0x10a/0x2d0 fs/read_write.c:1014
       SYSC_readv fs/read_write.c:1101 [inline]
       SyS_readv+0x28/0x30 fs/read_write.c:1098
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (&rp->fetch_lock){+.+.}:
       check_prev_add kernel/locking/lockdep.c:1901 [inline]
       check_prevs_add kernel/locking/lockdep.c:2018 [inline]
       validate_chain kernel/locking/lockdep.c:2460 [inline]
       __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       mon_bin_vma_fault+0x6f/0x280 drivers/usb/mon/mon_bin.c:1236
       __do_fault+0x104/0x390 mm/memory.c:3223
       do_read_fault mm/memory.c:3633 [inline]
       do_fault mm/memory.c:3759 [inline]
       handle_pte_fault mm/memory.c:3989 [inline]
       __handle_mm_fault+0x2460/0x3470 mm/memory.c:4113
       handle_mm_fault+0x293/0x7c0 mm/memory.c:4150
       __do_page_fault+0x4c1/0xb80 arch/x86/mm/fault.c:1420
       do_page_fault+0x71/0x511 arch/x86/mm/fault.c:1495
       page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1122
       fault_in_pages_readable include/linux/pagemap.h:605 [inline]
       iov_iter_fault_in_readable+0x2f8/0x3c0 lib/iov_iter.c:421
       generic_perform_write+0x171/0x480 mm/filemap.c:3036
       __generic_file_write_iter+0x239/0x5b0 mm/filemap.c:3171
       ext4_file_write_iter+0x2ac/0xe90 fs/ext4/file.c:268
       call_write_iter include/linux/fs.h:1777 [inline]
       new_sync_write fs/read_write.c:469 [inline]
       __vfs_write+0x4a7/0x6b0 fs/read_write.c:482
       vfs_write+0x198/0x500 fs/read_write.c:544
       SYSC_write fs/read_write.c:590 [inline]
       SyS_write+0xfd/0x230 fs/read_write.c:582
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&mm->mmap_sem);
                               lock(&rp->fetch_lock);
                               lock(&mm->mmap_sem);
  lock(&rp->fetch_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.0/9723:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff8194526b>] __fdget_pos+0xab/0xd0 fs/file.c:769
 #1:  (sb_writers#4){.+.+}, at: [<ffffffff818dbf0f>] file_start_write include/linux/fs.h:2707 [inline]
 #1:  (sb_writers#4){.+.+}, at: [<ffffffff818dbf0f>] vfs_write+0x3af/0x500 fs/read_write.c:543
 #2:  (&sb->s_type->i_mutex_key#9){++++}, at: [<ffffffff81bf4a84>] inode_trylock include/linux/fs.h:738 [inline]
 #2:  (&sb->s_type->i_mutex_key#9){++++}, at: [<ffffffff81bf4a84>] ext4_file_write_iter+0x1f4/0xe90 fs/ext4/file.c:234
 #3:  (&mm->mmap_sem){++++}, at: [<ffffffff8129991a>] __do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1349

stack backtrace:
CPU: 0 PID: 9723 Comm: syz-executor.0 Not tainted 4.14.153 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x197 lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1901 [inline]
 check_prevs_add kernel/locking/lockdep.c:2018 [inline]
 validate_chain kernel/locking/lockdep.c:2460 [inline]
 __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 mon_bin_vma_fault+0x6f/0x280 drivers/usb/mon/mon_bin.c:1236
 __do_fault+0x104/0x390 mm/memory.c:3223
 do_read_fault mm/memory.c:3633 [inline]
 do_fault mm/memory.c:3759 [inline]
 handle_pte_fault mm/memory.c:3989 [inline]
 __handle_mm_fault+0x2460/0x3470 mm/memory.c:4113
 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150
 __do_page_fault+0x4c1/0xb80 arch/x86/mm/fault.c:1420
 do_page_fault+0x71/0x511 arch/x86/mm/fault.c:1495
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1122
RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:605 [inline]
RIP: 0010:iov_iter_fault_in_readable+0x2f8/0x3c0 lib/iov_iter.c:421
RSP: 0018:ffff8880551079f0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000ff RCX: 0000000020ffd57f
RDX: 0000000000040000 RSI: ffffffff82d63145 RDI: ffff888055107d30
RBP: ffff888055107a90 R08: ffff888054e08040 R09: 0000000000000003
R10: 0000000000000000 R11: ffff888054e08040 R12: 1ffff1100aa20f41
R13: 0000000000001000 R14: ffff888055107d28 R15: ffff888055107a68
 generic_perform_write+0x171/0x480 mm/filemap.c:3036
 __generic_file_write_iter+0x239/0x5b0 mm/filemap.c:3171
 ext4_file_write_iter+0x2ac/0xe90 fs/ext4/file.c:268
 call_write_iter include/linux/fs.h:1777 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x4a7/0x6b0 fs/read_write.c:482
 vfs_write+0x198/0x500 fs/read_write.c:544
 SYSC_write fs/read_write.c:590 [inline]
 SyS_write+0xfd/0x230 fs/read_write.c:582
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f2e4ed89c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 000000010000005c RSI: 0000000020000580 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e4ed8a6d4
R13: 00000000004caa4a R14: 00000000004e2e98 R15: 00000000ffffffff
kobject: 'loop4' (ffff8880a4ae32a0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4ae32a0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a4a2a920): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a2a920): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4b121e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b121e0): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4ae32a0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4ae32a0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a4a2a920): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a2a920): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4ae32a0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4ae32a0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a4a2a920): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a2a920): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4ae32a0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4ae32a0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4b121e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b121e0): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a4a2a920): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a2a920): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4ae32a0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4ae32a0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop5' (ffff8880a4b121e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b121e0): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop3' (ffff8880a4a649a0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a649a0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop2' (ffff8880a4a2a920): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a2a920): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4ae32a0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4ae32a0): fill_kobj_path: path = '/devices/virtual/block/loop4'