====================================================== WARNING: possible circular locking dependency detected 4.14.0-mm1+ #23 Not tainted ------------------------------------------------------ syz-executor6/6183 is trying to acquire lock: (&pipe->mutex/1){+.+.}, at: [] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 fs/pipe.c:75 but task is already holding lock: (sb_writers){.+.+}, at: [] file_start_write include/linux/fs.h:2715 [inline] (sb_writers){.+.+}, at: [] do_splice fs/splice.c:1146 [inline] (sb_writers){.+.+}, at: [] SYSC_splice fs/splice.c:1402 [inline] (sb_writers){.+.+}, at: [] SyS_splice+0x1117/0x1630 fs/splice.c:1382 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #5 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] __d_lookup+0x289/0x840 fs/dcache.c:2284 -> #4 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_register+0x1d/0x20 drivers/base/core.c:1905 tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2956 tty_port_register_device_attr_serdev+0x100/0x140 drivers/tty/tty_port.c:166 uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2783 serial8250_register_8250_port+0xfac/0x1990 drivers/tty/serial/8250/8250_core.c:1045 serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:480 pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:109 really_probe drivers/base/dd.c:424 [inline] driver_probe_device+0x71b/0xae0 drivers/base/dd.c:566 __driver_attach+0x181/0x1c0 drivers/base/dd.c:800 bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313 driver_attach+0x3d/0x50 drivers/base/dd.c:819 bus_add_driver+0x466/0x620 drivers/base/bus.c:669 driver_register+0x1bf/0x3c0 drivers/base/driver.c:168 pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:272 serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:537 serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1122 do_one_initcall+0x9e/0x330 init/main.c:826 do_initcall_level init/main.c:892 [inline] do_initcalls init/main.c:900 [inline] do_basic_setup init/main.c:918 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1066 kernel_init+0x13/0x172 init/main.c:993 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:437 -> #3 (&port->mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1416 tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:334 set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:414 tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:749 n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2435 tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2638 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #2 (&tty->termios_rwsem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_read+0x96/0x150 kernel/locking/rwsem.c:24 n_tty_write+0x249/0xed0 drivers/tty/n_tty.c:2285 do_tty_write drivers/tty/tty_io.c:949 [inline] tty_write+0x400/0x850 drivers/tty/tty_io.c:1033 redirected_tty_write+0xa1/0xb0 drivers/tty/tty_io.c:1054 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #1 (&tty->ldisc_sem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #0 (&pipe->mutex/1){+.+.}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &pipe->mutex/1 --> (completion)&req.done --> sb_writers Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_writers); lock((completion)&req.done); lock(sb_writers); lock(&pipe->mutex/1); *** DEADLOCK *** 1 lock held by syz-executor6/6183: #0: (sb_writers){.+.+}, at: [] file_start_write include/linux/fs.h:2715 [inline] #0: (sb_writers){.+.+}, at: [] do_splice fs/splice.c:1146 [inline] #0: (sb_writers){.+.+}, at: [] SYSC_splice fs/splice.c:1402 [inline] #0: (sb_writers){.+.+}, at: [] SyS_splice+0x1117/0x1630 fs/splice.c:1382 stack backtrace: CPU: 0 PID: 6183 Comm: syz-executor6 Not tainted 4.14.0-mm1+ #23 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f048b582be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000017 RSI: 0000000000000000 RDI: 0000000000000015 RBP: 0000000000000086 R08: 00000000fffffdf8 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a6f7ff R14: 00007f048b5839c0 R15: 0000000000000000 *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002051, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x000000000000fffa RIP = 0x000000000000c730 RFLAGS=0x00033000 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x2444, attr=0x000f3, limit=0x0000ffff, base=0x0000000000024440 DS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x00002088, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811bcac3 RSP = 0xffff8801c4c174c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f19a5ec2700 GSBase=ffff8801db400000 TRBase=ffff8801db423140 GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c8859000 CR4=00000000001426f0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff8513d730 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=00000042 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=ffffbfff PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff60c2a8b35c EPT pointer = 0x00000001d82d801e RDS: rds_bind could not find a transport for 172.20.4.170, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 172.20.4.170, load rds_tcp or rds_rdma? *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002051, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x000000000000fffa RIP = 0x000000000000c730 RFLAGS=0x00033000 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x2444, attr=0x000f3, limit=0x0000ffff, base=0x0000000000024440 DS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x00002088, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811bcac3 RSP = 0xffff8801d4f2f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f19a5ec2700 GSBase=ffff8801db500000 TRBase=ffff8801db423140 GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c17f0000 CR4=00000000001426e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff8513d730 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=00000042 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=ffffbfff PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000008 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff60721207be EPT pointer = 0x00000001d95e201e QAT: Invalid ioctl device syz6 entered promiscuous mode QAT: Invalid ioctl device syz6 left promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode nla_parse: 2 callbacks suppressed netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor2'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. device lo entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 6592) Use of int in maxseg socket option. Use struct sctp_assoc_value instead rfkill: input handler disabled netlink: 12 bytes leftover after parsing attributes in process `syz-executor5'. sctp: [Deprecated]: syz-executor7 (pid 6617) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 12 bytes leftover after parsing attributes in process `syz-executor5'. rfkill: input handler enabled could not allocate digest TFM handle cast6 could not allocate digest TFM handle cast6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6838 comm=syz-executor5 netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. sctp: [Deprecated]: syz-executor4 (pid 6953) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor4 (pid 6953) Use of int in max_burst socket option. Use struct sctp_assoc_value instead rpcbind: RPC call returned error 22 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl dccp_v4_rcv: dropped packet with invalid checksum dccp_v4_rcv: dropped packet with invalid checksum netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. device syz1 left promiscuous mode sctp: [Deprecated]: syz-executor2 (pid 7176) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead kvm_hv_get_msr: 137 callbacks suppressed kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008f kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008e kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008d kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008c kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008b kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008a kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x40000089 kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x40000088 kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x40000087 kvm [7168]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x40000086 kvm [7168]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000023 data 0x66c900003b9a1043 kvm [7168]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000022 data 0x66c9000089171043 kvm [7168]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000020 data 0x66c9000000031043 kvm [7168]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000023 data 0x66c900003b9a1043 kvm [7168]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000022 data 0x66c9000089171043 kvm [7168]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000020 data 0x66c9000000041043 sctp: [Deprecated]: syz-executor2 (pid 7176) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead IPv6: NLM_F_REPLACE set, but no existing node found! SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8960 sclass=netlink_route_socket pig=7296 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8960 sclass=netlink_route_socket pig=7296 comm=syz-executor4 sctp: [Deprecated]: syz-executor7 (pid 7440) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 7445) Use of int in maxseg socket option. Use struct sctp_assoc_value instead IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. device lo left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode picdev_read: 73 callbacks suppressed kvm: pic: non byte read kauditd_printk_skb: 59 callbacks suppressed audit: type=1326 audit(1511256664.699:6858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7655 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x0 kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read kvm: pic: non byte read audit: type=1326 audit(1511256664.846:6859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7655 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x0 QAT: Invalid ioctl sctp: [Deprecated]: syz-executor5 (pid 7794) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl sctp: [Deprecated]: syz-executor5 (pid 7759) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl RDS: rds_bind could not find a transport for 172.20.5.170, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 172.20.5.170, load rds_tcp or rds_rdma? nla_parse: 14 callbacks suppressed netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7927 Comm: syz-executor3 Not tainted 4.14.0-mm1+ #23 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3121 [inline] handle_pte_fault mm/memory.c:3934 [inline] __handle_mm_fault+0x353a/0x3e20 mm/memory.c:4060 handle_mm_fault+0x334/0x8d0 mm/memory.c:4097 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1088 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801d6617928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82509bd1 RDX: 00000000000000c0 RSI: ffffc900031f2000 RDI: ffff8801d6617d28 RBP: ffff8801d6617a08 R08: 1ffff100323c0dca R09: 1ffff1003acc2f1a R10: ffff8801d7b1a4c0 R11: ffff8801d7b1a4c0 R12: 1ffff1003acc2f28 R13: ffff8801d66179e0 R14: 0000000000000000 R15: ffff8801d6617d20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x7a0 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:482 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f94e7101be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 RBP: 0000000000000058 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ed8e0 R13: 00000000ffffffff R14: 00007f94e71026d4 R15: 0000000000000000 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. QAT: Invalid ioctl netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. kvm [8013]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008f data 0x6f kvm [8013]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008e data 0x6f kvm [8013]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008d data 0x6f kvm [8013]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008c data 0x6f QAT: Invalid ioctl IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found Option ' Option ' SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8220 comm=syz-executor7 netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.