INFO: task syz-executor.3:7313 blocked for more than 143 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D23960 7313 7312 0x00000000 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 i_mmap_lock_write include/linux/fs.h:526 [inline] dup_mmap kernel/fork.c:574 [inline] dup_mm+0x6d2/0x1300 kernel/fork.c:1363 copy_mm kernel/fork.c:1419 [inline] copy_process+0x29cc/0x7110 kernel/fork.c:2085 _do_fork+0x12d/0x1010 kernel/fork.c:2430 __do_sys_clone+0xec/0x140 kernel/fork.c:2585 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45ae5a Code: Bad RIP value. RSP: 002b:00007fff7ec93d20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fff7ec93d20 RCX: 000000000045ae5a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007fff7ec93d60 R08: 0000000000000001 R09: 0000000001c1c940 R10: 0000000001c1cc10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff7ec93db0 INFO: task syz-executor.1:15794 blocked for more than 143 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29072 15794 7176 0x00000004 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 inode_lock include/linux/fs.h:797 [inline] do_truncate+0x125/0x1f0 fs/open.c:62 do_sys_ftruncate+0x4a5/0x570 fs/open.c:195 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: Bad RIP value. RSP: 002b:00007faf5f712c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d RAX: ffffffffffffffda RBX: 00000000004dc620 RCX: 000000000045c829 RDX: 0000000000000000 RSI: 0000000000040001 RDI: 0000000000000000 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000000e9 R14: 00000000004c3701 R15: 00007faf5f7136d4 INFO: task syz-executor.2:15775 blocked for more than 144 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28112 15775 7231 0x80004000 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 i_mmap_lock_write include/linux/fs.h:526 [inline] unlink_file_vma+0x71/0xb0 mm/mmap.c:165 free_pgtables+0xea/0x2f0 mm/memory.c:400 exit_mmap+0x2b9/0x510 mm/mmap.c:3151 __mmput kernel/fork.c:1085 [inline] mmput+0x168/0x4b0 kernel/fork.c:1106 exit_mm kernel/exit.c:480 [inline] do_exit+0xa51/0x2dd0 kernel/exit.c:783 do_group_exit+0x125/0x340 kernel/exit.c:894 __do_sys_exit_group kernel/exit.c:905 [inline] __se_sys_exit_group kernel/exit.c:903 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:903 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: Bad RIP value. RSP: 002b:00007ffcbcf16d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 000000000045c829 RDX: 0000000000416421 RSI: fffffffffffffff7 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000e4b7fe26 R09: 00007ffcbcf16db0 R10: 00000000e4b7fe22 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcbcf16db0 R14: 0000000000000000 R15: 00007ffcbcf16dc0 INFO: task syz-executor.4:15776 blocked for more than 144 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28112 15776 7445 0x00000004 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_read_slowpath+0x4c7/0xfa0 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0x1ed/0x420 kernel/locking/rwsem.c:1494 do_user_addr_fault arch/x86/mm/fault.c:1415 [inline] do_page_fault+0xcc8/0x13da arch/x86/mm/fault.c:1535 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x417f13 Code: Bad RIP value. RSP: 002b:00007fffd6c2fa38 EFLAGS: 00010213 RAX: 000000000000006e RBX: 000000000000002d RCX: 000000000045c829 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000078bf0c RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 00007fffd6c2fb20 R11: 0000000000000246 R12: 00000000000003e8 R13: 00000000000f5efc R14: 00000000000f5ecf R15: 000000000078bf0c INFO: task syz-executor.4:15778 blocked for more than 144 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D26680 15778 7445 0x00004004 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 i_mmap_lock_write include/linux/fs.h:526 [inline] dup_mmap kernel/fork.c:574 [inline] dup_mm+0x6d2/0x1300 kernel/fork.c:1363 copy_mm kernel/fork.c:1419 [inline] copy_process+0x29cc/0x7110 kernel/fork.c:2085 _do_fork+0x12d/0x1010 kernel/fork.c:2430 __do_sys_clone+0xec/0x140 kernel/fork.c:2585 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: Bad RIP value. RSP: 002b:00007fecf0819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00000000004da960 RCX: 000000000045c829 RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 000000000078bf00 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000076 R14: 00000000004c311e R15: 00007fecf081a6d4 INFO: task syz-executor.5:15806 blocked for more than 145 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28128 15806 7536 0x80004000 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 i_mmap_lock_write include/linux/fs.h:526 [inline] unlink_file_vma+0x71/0xb0 mm/mmap.c:165 free_pgtables+0xea/0x2f0 mm/memory.c:400 exit_mmap+0x2b9/0x510 mm/mmap.c:3151 __mmput kernel/fork.c:1085 [inline] mmput+0x168/0x4b0 kernel/fork.c:1106 exit_mm kernel/exit.c:480 [inline] do_exit+0xa51/0x2dd0 kernel/exit.c:783 do_group_exit+0x125/0x340 kernel/exit.c:894 get_signal+0x47b/0x24e0 kernel/signal.c:2739 do_signal+0x81/0x2240 arch/x86/kernel/signal.c:784 exit_to_usermode_loop+0x26c/0x360 arch/x86/entry/common.c:161 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:279 [inline] do_syscall_64+0x6b1/0x7d0 arch/x86/entry/common.c:305 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: Bad RIP value. RSP: 002b:00007f156eb7fcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000001 RBX: 000000000078c048 RCX: 000000000045c829 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000078c04c RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000080 R11: 0000000000000246 R12: 000000000078c04c R13: 00007ffe79ebdcaf R14: 00007f156eb809c0 R15: 000000000078c04c INFO: task syz-executor.0:15787 blocked for more than 145 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28112 15787 7046 0x00000004 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_read_slowpath+0x4c7/0xfa0 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0x1ed/0x420 kernel/locking/rwsem.c:1494 do_user_addr_fault arch/x86/mm/fault.c:1415 [inline] do_page_fault+0xcc8/0x13da arch/x86/mm/fault.c:1535 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x40f467 Code: Bad RIP value. RSP: 002b:00007ffd6facdf90 EFLAGS: 00010202 RAX: 000000000050c660 RBX: 0000000000000000 RCX: 0000000000033a80 RDX: 0000000000000001 RSI: 0000000000790148 RDI: 0000000020000145 RBP: 0000000000790148 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffd6face070 R11: 0000000000000246 R12: 0000000000790150 R13: 00000000000f5fa4 R14: 0000000000000cea R15: 000000000078bf0c INFO: task syz-executor.0:15791 blocked for more than 146 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28400 15791 7046 0x00004004 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] _down_write_nest_lock+0x13a/0x150 kernel/locking/rwsem.c:1612 vm_lock_mapping+0xa4/0xc0 mm/mmap.c:3507 mm_take_all_locks+0x315/0x66a mm/mmap.c:3570 __mmu_notifier_register+0x53a/0x6c0 mm/mmu_notifier.c:641 mmu_notifier_register+0x2a/0x40 mm/mmu_notifier.c:712 kvm_init_mmu_notifier arch/x86/kvm/../../../virt/kvm/kvm_main.c:545 [inline] kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:725 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3817 [inline] kvm_dev_ioctl+0xe97/0x1490 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3869 vfs_ioctl fs/ioctl.c:47 [inline] ksys_ioctl+0x11a/0x180 fs/ioctl.c:771 __do_sys_ioctl fs/ioctl.c:780 [inline] __se_sys_ioctl fs/ioctl.c:778 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:778 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: Bad RIP value. RSP: 002b:00007fc57a462c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000004e71a0 RCX: 000000000045c829 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000397 R14: 00000000004c60dc R15: 00007fc57a4636d4 INFO: task syz-executor.3:15796 blocked for more than 146 seconds. Not tainted 5.7.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28864 15796 7313 0x80004000 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 i_mmap_lock_write include/linux/fs.h:526 [inline] unlink_file_vma+0x71/0xb0 mm/mmap.c:165 free_pgtables+0xea/0x2f0 mm/memory.c:400 exit_mmap+0x2b9/0x510 mm/mmap.c:3151 __mmput kernel/fork.c:1085 [inline] mmput+0x168/0x4b0 kernel/fork.c:1106 exit_mm kernel/exit.c:480 [inline] do_exit+0xa51/0x2dd0 kernel/exit.c:783 do_group_exit+0x125/0x340 kernel/exit.c:894 __do_sys_exit_group kernel/exit.c:905 [inline] __se_sys_exit_group kernel/exit.c:903 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:903 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: Bad RIP value. RSP: 002b:00007f3c4d24f688 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000045c829 RDX: 000000000045c829 RSI: 00007f3c4d24f6c0 RDI: 000000000000000b RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000076 R14: 00000000004c311e R15: 00007f3c4d2506d4 Showing all locks held in the system: 5 locks held by kworker/u4:2/42: #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880a68af138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 kernel/workqueue.c:2239 #1: ffffc90000e57dc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 kernel/workqueue.c:2243 #2: ffff88821446a0e0 (&type->s_umount_key#51){++++}-{3:3}, at: trylock_super+0x1d/0x100 fs/super.c:418 #3: ffff888099262a30 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344 #4: ffff888085c51a88 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:541 [inline] #4: ffff888085c51a88 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: rmap_walk_file+0x714/0xcf0 mm/rmap.c:1907 1 lock held by khungtaskd/1137: #0: ffffffff899beb00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5754 1 lock held by in:imklog/6930: #0: ffff8880a62cc630 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826 1 lock held by syz-executor.0/7045: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 1 lock held by syz-executor.1/7141: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 1 lock held by syz-executor.2/7225: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 1 lock held by syz-executor.3/7312: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 4 locks held by syz-executor.3/7313: #0: ffffffff89a34bd0 (dup_mmap_sem){++++}-{0:0}, at: dup_mmap kernel/fork.c:492 [inline] #0: ffffffff89a34bd0 (dup_mmap_sem){++++}-{0:0}, at: dup_mm+0x10e/0x1300 kernel/fork.c:1363 #1: ffff888096106468 (&mm->mmap_sem#2){++++}-{3:3}, at: dup_mmap kernel/fork.c:493 [inline] #1: ffff888096106468 (&mm->mmap_sem#2){++++}-{3:3}, at: dup_mm+0x125/0x1300 kernel/fork.c:1363 #2: ffff8880a91b2368 (&mm->mmap_sem/1){+.+.}-{3:3}, at: dup_mmap kernel/fork.c:502 [inline] #2: ffff8880a91b2368 (&mm->mmap_sem/1){+.+.}-{3:3}, at: dup_mm+0x166/0x1300 kernel/fork.c:1363 #3: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #3: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: dup_mmap kernel/fork.c:574 [inline] #3: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: dup_mm+0x6d2/0x1300 kernel/fork.c:1363 1 lock held by syz-executor.4/7419: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 1 lock held by syz-executor.5/7521: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 2 locks held by syz-executor.1/15794: #0: ffff8880a9056450 (sb_writers#13){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff8880a9056450 (sb_writers#13){.+.+}-{0:0}, at: do_sys_ftruncate+0x29f/0x570 fs/open.c:190 #1: ffff8880a9d4bc50 (&sb->s_type->i_mutex_key#3){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff8880a9d4bc50 (&sb->s_type->i_mutex_key#3){+.+.}-{3:3}, at: do_truncate+0x125/0x1f0 fs/open.c:62 1 lock held by syz-executor.2/15775: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 1 lock held by syz-executor.4/15776: #0: ffff8880898681e8 (&mm->mmap_sem#2){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1415 [inline] #0: ffff8880898681e8 (&mm->mmap_sem#2){++++}-{3:3}, at: do_page_fault+0xcc8/0x13da arch/x86/mm/fault.c:1535 4 locks held by syz-executor.4/15778: #0: ffffffff89a34bd0 (dup_mmap_sem){++++}-{0:0}, at: dup_mmap kernel/fork.c:492 [inline] #0: ffffffff89a34bd0 (dup_mmap_sem){++++}-{0:0}, at: dup_mm+0x10e/0x1300 kernel/fork.c:1363 #1: ffff8880898681e8 (&mm->mmap_sem#2){++++}-{3:3}, at: dup_mmap kernel/fork.c:493 [inline] #1: ffff8880898681e8 (&mm->mmap_sem#2){++++}-{3:3}, at: dup_mm+0x125/0x1300 kernel/fork.c:1363 #2: ffff88801add8aa8 (&mm->mmap_sem/1){+.+.}-{3:3}, at: dup_mmap kernel/fork.c:502 [inline] #2: ffff88801add8aa8 (&mm->mmap_sem/1){+.+.}-{3:3}, at: dup_mm+0x166/0x1300 kernel/fork.c:1363 #3: ffff8880a9d4be10 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #3: ffff8880a9d4be10 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: dup_mmap kernel/fork.c:574 [inline] #3: ffff8880a9d4be10 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: dup_mm+0x6d2/0x1300 kernel/fork.c:1363 1 lock held by syz-executor.5/15806: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 1 lock held by syz-executor.0/15787: #0: ffff888086e085a8 (&mm->mmap_sem#2){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1415 [inline] #0: ffff888086e085a8 (&mm->mmap_sem#2){++++}-{3:3}, at: do_page_fault+0xcc8/0x13da arch/x86/mm/fault.c:1535 3 locks held by syz-executor.0/15791: #0: ffff888086e085a8 (&mm->mmap_sem#2){++++}-{3:3}, at: mmu_notifier_register+0x1f/0x40 mm/mmu_notifier.c:711 #1: ffffffff89a61e68 (mm_all_locks_mutex){+.+.}-{3:3}, at: mm_take_all_locks+0x4c/0x66a mm/mmap.c:3555 #2: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: vm_lock_mapping+0xa4/0xc0 mm/mmap.c:3507 4 locks held by syz-executor.1/15788: 1 lock held by syz-executor.3/15796: #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:526 [inline] #0: ffff888085ddc788 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:165 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1137 Comm: khungtaskd Not tainted 5.7.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0xa8c/0x1010 kernel/hung_task.c:289 kthread+0x388/0x470 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 15788 Comm: syz-executor.1 Not tainted 5.7.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_wait_context kernel/locking/lockdep.c:4029 [inline] RIP: 0010:__lock_acquire+0x45a/0x4c50 kernel/locking/lockdep.c:4305 Code: 4d 69 ed b8 00 00 00 49 81 c5 00 7e 2e 8c 49 8d bd b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 <84> c0 74 08 3c 01 0f 8e b4 1b 00 00 48 b8 00 00 00 00 00 fc ff df RSP: 0018:ffffc90000007ca8 EFLAGS: 00000802 RAX: 0000000000000000 RBX: 0000000000000054 RCX: ffffffff81592352 RDX: 1ffffffff185d762 RSI: 0000000000000008 RDI: ffffffff8c2ebb10 RBP: ffff88804685e9e8 R08: 1ffff11008d0bd3c R09: fffffbfff185cf3e R10: ffffffff8c2e79ef R11: fffffbfff185cf3d R12: ffff88804685e080 R13: ffffffff8c2eba60 R14: 0000000000000002 R15: 0000000000000000 FS: 00007faf5f734700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055ccafb9f230 CR3: 0000000013cea000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xbf kernel/locking/spinlock.c:159 hrtimer_interrupt+0xf9/0x770 kernel/time/hrtimer.c:1627 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 [inline] smp_apic_timer_interrupt+0x15b/0x600 arch/x86/kernel/apic/apic.c:1138 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:153 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x9/0x50 kernel/kcov.c:187 Code: cc 65 48 8b 04 25 00 1f 02 00 48 8b 80 f0 13 00 00 c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 00 1f 02 00 <65> 8b 15 e8 ef 8e 7e 81 e2 00 01 1f 00 48 8b 34 24 75 2b 8b 90 d8 RSP: 0018:ffffc90016497920 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffff88804685e080 RBX: 00007f3c4d2e2000 RCX: ffffffff81a0b2d5 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 RBP: ffffea00016aef00 R08: ffff88804685e080 R09: ffffed10089a80e2 R10: ffff888044d4070f R11: ffffed10089a80e1 R12: ffffea00016aef00 R13: dffffc0000000000 R14: ffffea00016aef08 R15: ffff888044d40708 PageAnon include/linux/page-flags.h:480 [inline] mm_counter include/linux/mm.h:1872 [inline] zap_pte_range mm/memory.c:1091 [inline] zap_pmd_range mm/memory.c:1196 [inline] zap_pud_range mm/memory.c:1225 [inline] zap_p4d_range mm/memory.c:1246 [inline] unmap_page_range+0xb88/0x25d0 mm/memory.c:1267 unmap_single_vma+0x196/0x300 mm/memory.c:1312 zap_page_range_single+0x2ce/0x440 mm/memory.c:1395 unmap_mapping_range_vma mm/memory.c:2989 [inline] unmap_mapping_range_tree mm/memory.c:3010 [inline] unmap_mapping_pages+0x232/0x2c0 mm/memory.c:3042 truncate_pagecache+0x51/0x90 mm/truncate.c:816 simple_setattr+0xdf/0x100 fs/libfs.c:503 debugfs_setattr+0x72/0x90 fs/debugfs/inode.c:50 notify_change+0xb6d/0x1020 fs/attr.c:336 do_truncate+0x134/0x1f0 fs/open.c:64 do_sys_ftruncate+0x4a5/0x570 fs/open.c:195 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007faf5f733c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d RAX: ffffffffffffffda RBX: 00000000004dc620 RCX: 000000000045c829 RDX: 0000000000000000 RSI: 0000000000040001 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000000e9 R14: 00000000004c3701 R15: 00007faf5f7346d4