ci starts bisection 2024-10-11 06:37:33.785832539 +0000 UTC m=+108.647427567 bisecting cause commit starting from b983b271662bd6104d429b0fd97af3333ba760bf building syzkaller on 0278d00484bfe8f49aa9a7ae5ef4c3bc5cc40cd4 ensuring issue is reproducible on original commit b983b271662bd6104d429b0fd97af3333ba760bf testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8fb218459fbe4f00246b10aae34186e6369e5f5b06dcff7c41d6d44704af5a0f run #0: crashed: INFO: task hung in hugetlb_wp run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_wp run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_wp run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_wp run #7: crashed: INFO: task hung in remove_inode_hugepages run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault run #10: crashed: INFO: task hung in hugetlb_wp run #11: crashed: INFO: task hung in hugetlb_wp run #12: crashed: INFO: task hung in hugetlb_wp run #13: crashed: INFO: task hung in hugetlb_wp run #14: crashed: INFO: task hung in hugetlb_fault run #15: crashed: INFO: task hung in hugetlb_fault run #16: crashed: INFO: task hung in remove_inode_hugepages run #17: crashed: INFO: task hung in hugetlb_fault run #18: crashed: INFO: task hung in hugetlb_fault run #19: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_wp, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 09cb14d87f7edd49fa88eea5516aaf42a65b73e952f363eaacfc47fe5ff32d7e run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_wp run #2: crashed: INFO: task hung in hugetlb_wp run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_wp run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] the bug reproduces without the instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed kconfig minimization: base=4046 full=8192 leaves diff=2108 split chunks (needed=false): <2108> split chunk #0 of len 2108 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a593f520ea0bc3f412699d74bf14d503db7eca4646fe016955c80c52fd360567 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_wp run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2982adc42c336a54a19efd6921b71ef33909da674b23065cfd04c3907bcb0415 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_wp run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in remove_inode_hugepages representative crash: INFO: task hung in hugetlb_fault, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 35dfe6c17ef33a693733f2f31729832c983e0e4ee57258612dfb439bc40fea62 run #0: crashed: INFO: task hung in hugetlb_wp run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_wp run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in remove_inode_hugepages run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_wp, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b326eaf0c332466373b43287ff590d7207fab43657f40595c7fa7244e7fbf81f run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in remove_inode_hugepages representative crash: INFO: task hung in hugetlb_fault, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit b983b271662bd6104d429b0fd97af3333ba760bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ef367200a92f86f77476fea99b8f8fa9350e87cb3340b2c8a1603c53097223fa run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in do_exit run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in remove_inode_hugepages run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] the chunk can be dropped disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed picked [v6.11 v6.10 v6.9 v6.7 v6.5 v6.3 v6.1 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 34 release tags testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 28f51fe851dc9dd3fb22f78b6b02b6625e96889993b5e77448630e559825cc44 run #0: crashed: INFO: task hung in hugetlb_wp run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in remove_inode_hugepages run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_wp run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in remove_inode_hugepages run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_wp representative crash: INFO: task hung in hugetlb_wp, types: [HANG] testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a3b3a06b547ec2d0dcb64457b04b110ba7de2cd01f155df327735332ff796a62 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_wp run #2: crashed: INFO: task hung in hugetlb_wp run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_wp run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f68d529a1b726cf49544b8cdae90e8beb8cbb8452934d943efeb0cb50d7cba11 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_wp run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 567532f624fb6b4b9cc53b2f2fc347bcbcfce06bf915ef55f9e198d11768e39c run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_wp run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in remove_inode_hugepages run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 15fc0838ccd21835a89e3f57e8372f905f41b860d600de62c42d2bfdda12924e all runs: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3adccfcb16f5ed334d904bd56e1138b4e30cb74b7425d4fdd6013e5f7a1ebe9f run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in remove_inode_hugepages run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 19b5e8642b640a544bd7a3a6777254669be6e8ea587597fb42ac104816daa9b6 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in remove_inode_hugepages run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f6a97b6509b69d33b75ed2f1064e888d91370bc0f6061f3c3ea79d976de3bfbb run #0: crashed: INFO: task hung in hugetlb_wp run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_wp run #4: crashed: INFO: task hung in hugetlb_wp run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_wp run #7: crashed: INFO: task hung in hugetlb_wp run #8: crashed: INFO: task hung in hugetlb_wp run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_wp, types: [HANG] testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a3869ce50e9345e22ad664978cc2b15bbe235917016255aa92d185062748429f run #0: crashed: INFO: task hung in hugetlb_cow run #1: crashed: INFO: task hung in hugetlb_cow run #2: crashed: INFO: task hung in hugetlb_cow run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_cow run #5: crashed: INFO: task hung in hugetlb_cow run #6: OK run #7: OK run #8: OK run #9: OK representative crash: INFO: task hung in hugetlb_cow, types: [HANG] testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: df4734e516647615c4deb13ab9f8ce7d278653c5db0aa5d8d05a27fedfb6103d run #0: crashed: lost connection to test machine run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_cow run #3: crashed: INFO: task hung in hugetlb_cow run #4: crashed: INFO: task hung in hugetlb_cow run #5: crashed: INFO: task hung in hugetlb_cow run #6: crashed: INFO: task hung in hugetlb_cow run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_cow run #9: crashed: INFO: task hung in hugetlb_cow representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e3b62a10fb5f943778cc6f8554f64edb383a81003ce63a72b4ddbd17ca68cec0 run #0: crashed: lost connection to test machine run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_cow run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_cow run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_cow representative crash: INFO: task hung in hugetlb_fault, types: [HANG] testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 548b4ba1d00fc839d199fe1f553e14a4b033be426f35383b47e513f7b96f660c run #0: crashed: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: lost connection to test machine, types: [UNKNOWN] unable to determine the verdict: 9 good runs (wanted 5), for bad wanted 5 in total, got 10 testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: d037241bcc793de9d1a8bd0ae61c29f29e3cde981b153e4c764704568033b42a all runs: OK false negative chance: 0.000 # git bisect start 2c85ebc57b3e1817b6ce1a6b703928e113a90442 219d54332a09e8d8741c1e1982f5eae56099de85 Bisecting: 47630 revisions left to test after this (roughly 16 steps) [bce159d734091fe31340976081577333f52a85e4] Merge tag 'for-5.8/drivers-2020-06-01' of git://git.kernel.dk/linux-block testing commit bce159d734091fe31340976081577333f52a85e4 gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a7316c3edb9cf0a4534d5e2246f793e6e69b23437decd2ef038d11298fd4c425 all runs: OK false negative chance: 0.000 # git bisect good bce159d734091fe31340976081577333f52a85e4 Bisecting: 23837 revisions left to test after this (roughly 15 steps) [10befea91b61c4e2c2d1df06a2e978d182fcf792] mm: memcg/slab: use a single set of kmem_caches for all allocations testing commit 10befea91b61c4e2c2d1df06a2e978d182fcf792 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bb1726519fbf4fa0e59c7a0120c3c346392f71c06278e65053e8b8a3eeb16074 run #0: crashed: lost connection to test machine run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_cow run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_cow run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_fault run #9: crashed: INFO: task hung in hugetlb_cow representative crash: INFO: task hung in hugetlb_fault, types: [HANG] # git bisect bad 10befea91b61c4e2c2d1df06a2e978d182fcf792 Bisecting: 11902 revisions left to test after this (roughly 14 steps) [a5c6a1f0fe1d182489864b708fa472d0333b39d4] Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux testing commit a5c6a1f0fe1d182489864b708fa472d0333b39d4 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 63e46a00459b0909c3877a284a019887a9cdbf8e8622401bb364c775562f6384 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_cow run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_cow run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_cow run #8: crashed: INFO: task hung in hugetlb_cow run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] # git bisect bad a5c6a1f0fe1d182489864b708fa472d0333b39d4 Bisecting: 5709 revisions left to test after this (roughly 13 steps) [9d71d3cd9ef040c284506648285915e9ba4d08c4] Merge tag 'arm-dt-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 9d71d3cd9ef040c284506648285915e9ba4d08c4 gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 82ec46072cbe712586c5118f8eb34ba3e982d195241f491ca56ab1356883da26 all runs: OK false negative chance: 0.000 # git bisect good 9d71d3cd9ef040c284506648285915e9ba4d08c4 Bisecting: 2856 revisions left to test after this (roughly 12 steps) [2d49d89c73fe9b76b02799a71e768b312ad65039] c6x: use asm-generic/cacheflush.h testing commit 2d49d89c73fe9b76b02799a71e768b312ad65039 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f6e8db1ddd795ccc7e8762aad8706cca2d54a58c5f957c273fa00fd4be34d634 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_cow run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_cow run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_cow run #9: crashed: INFO: task hung in hugetlb_cow representative crash: INFO: task hung in hugetlb_fault, types: [HANG] # git bisect bad 2d49d89c73fe9b76b02799a71e768b312ad65039 Bisecting: 1383 revisions left to test after this (roughly 11 steps) [3925c3bbdf886f1ddf64461b9b380e1bb36f90c1] Merge tag 'pci-v5.8-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci testing commit 3925c3bbdf886f1ddf64461b9b380e1bb36f90c1 gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a627ba69e3a0dc1a8eef11f9af08cb7f3aad0b4ed64af703c9432477fda35049 all runs: OK false negative chance: 0.000 # git bisect good 3925c3bbdf886f1ddf64461b9b380e1bb36f90c1 Bisecting: 759 revisions left to test after this (roughly 10 steps) [77f55d1305c11fb729b88f2c3f7881ba0831fa6f] staging: rtl8723bs: Use common packet header constants testing commit 77f55d1305c11fb729b88f2c3f7881ba0831fa6f gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c7d85bd929bb8c8cbc5be57bffef25951f0b880c7605704a0fdce9431f9743e7 all runs: OK false negative chance: 0.000 # git bisect good 77f55d1305c11fb729b88f2c3f7881ba0831fa6f Bisecting: 374 revisions left to test after this (roughly 9 steps) [e611c0fe318c6d6827ee2bba660fbc23cf73f7dc] Merge tag 'usb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit e611c0fe318c6d6827ee2bba660fbc23cf73f7dc gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7ef5ceabab0f635beedba51727ee91fc39a7c7cbdf8ac3dfcd28fb17c7fcb733 all runs: OK false negative chance: 0.000 # git bisect good e611c0fe318c6d6827ee2bba660fbc23cf73f7dc Bisecting: 177 revisions left to test after this (roughly 8 steps) [ddc0aef01a90ee8431f1a47f7b35e84d36ab8913] Merge tag 'soundwire-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire into char-misc-next testing commit ddc0aef01a90ee8431f1a47f7b35e84d36ab8913 gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: af65e135cbface20f3dd400d86a2a49af5d627a0080a66aaa2ae5e99fe184f8d all runs: OK false negative chance: 0.000 # git bisect good ddc0aef01a90ee8431f1a47f7b35e84d36ab8913 Bisecting: 78 revisions left to test after this (roughly 7 steps) [f558b8364e19f9222e7976c64e9367f66bab02cc] Merge tag 'driver-core-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit f558b8364e19f9222e7976c64e9367f66bab02cc gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7c6d140a52730968377b118d883a7a7ea7410561210a555cfc7bb82d303b208e all runs: OK false negative chance: 0.000 # git bisect good f558b8364e19f9222e7976c64e9367f66bab02cc Bisecting: 37 revisions left to test after this (roughly 5 steps) [d4014a6b46a52a999cd8e06958d207c8fb9504b6] Merge tag 'extcon-next-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon into char-misc-next testing commit d4014a6b46a52a999cd8e06958d207c8fb9504b6 gcc compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d6564031938db570745ec94385d6ed455b3a9f73d5b8cd00f3200dc7bac9d7df all runs: OK false negative chance: 0.000 # git bisect good d4014a6b46a52a999cd8e06958d207c8fb9504b6 Bisecting: 18 revisions left to test after this (roughly 4 steps) [0ec9dc9bcba0a62b0844e54c1caf6b8b0bf6b5b4] kernel/hung_task.c: introduce sysctl to print all traces when a hung task is detected testing commit 0ec9dc9bcba0a62b0844e54c1caf6b8b0bf6b5b4 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8555fdb08e6bcab103b2c5bffc6c522a002d104ee60b7289ee15102b4765608c run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_cow run #5: crashed: INFO: task hung in hugetlb_fault run #6: crashed: INFO: task hung in hugetlb_cow run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_cow run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_fault, types: [HANG] # git bisect bad 0ec9dc9bcba0a62b0844e54c1caf6b8b0bf6b5b4 Bisecting: 9 revisions left to test after this (roughly 3 steps) [e1eb26fa62d04ec0955432be1aa8722a97cb52e7] ipc/namespace.c: use a work queue to free_ipc testing commit e1eb26fa62d04ec0955432be1aa8722a97cb52e7 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ce5dab00eb83b0f206b74012e6f06ec07510dab3bc5d8788716957ad4d401a46 all runs: OK false negative chance: 0.000 # git bisect good e1eb26fa62d04ec0955432be1aa8722a97cb52e7 Bisecting: 4 revisions left to test after this (roughly 2 steps) [0a477e1ae21b28267b9bd8599f75c115291b1666] kernel/sysctl: support handling command line aliases testing commit 0a477e1ae21b28267b9bd8599f75c115291b1666 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b7d8684eb4dfbc80c9bbbb55a5061f24cc776d5b5549488155b67c12d2988db2 run #0: crashed: INFO: task hung in hugetlb_cow run #1: crashed: INFO: task hung in hugetlb_cow run #2: crashed: INFO: task hung in hugetlb_cow run #3: crashed: INFO: task hung in hugetlb_cow run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_cow run #6: crashed: INFO: task hung in hugetlb_fault run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_cow run #9: crashed: INFO: task hung in hugetlb_fault representative crash: INFO: task hung in hugetlb_cow, types: [HANG] # git bisect bad 0a477e1ae21b28267b9bd8599f75c115291b1666 Bisecting: 2 revisions left to test after this (roughly 1 step) [db38d5c106dfdd7cb7207c83267d82fdf4950b61] kernel: add panic_on_taint testing commit db38d5c106dfdd7cb7207c83267d82fdf4950b61 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ec96f125de6ba868f4b272443fd21f3e1d3a75589ecaaa50b1d0e767e20c6edb all runs: OK false negative chance: 0.000 # git bisect good db38d5c106dfdd7cb7207c83267d82fdf4950b61 Bisecting: 0 revisions left to test after this (roughly 1 step) [3db978d480e2843979a2b56f2f7da726f2b295b2] kernel/sysctl: support setting sysctl parameters from kernel command line testing commit 3db978d480e2843979a2b56f2f7da726f2b295b2 gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e546849bd5187a5c5fbd59c59dbaecdcac239b7f0a2d73cab758e41d3ba4e5e4 run #0: crashed: INFO: task hung in hugetlb_fault run #1: crashed: INFO: task hung in hugetlb_fault run #2: crashed: INFO: task hung in hugetlb_fault run #3: crashed: INFO: task hung in hugetlb_fault run #4: crashed: INFO: task hung in hugetlb_fault run #5: crashed: INFO: task hung in hugetlb_cow run #6: crashed: INFO: task hung in hugetlb_cow run #7: crashed: INFO: task hung in hugetlb_fault run #8: crashed: INFO: task hung in hugetlb_cow run #9: crashed: INFO: task hung in hugetlb_cow representative crash: INFO: task hung in hugetlb_fault, types: [HANG] # git bisect bad 3db978d480e2843979a2b56f2f7da726f2b295b2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [01f39c1c11ee5bf44a1df49e47eb53a86515b9dc] xarray.h: correct return code documentation for xa_store_{bh,irq}() testing commit 01f39c1c11ee5bf44a1df49e47eb53a86515b9dc gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ec96f125de6ba868f4b272443fd21f3e1d3a75589ecaaa50b1d0e767e20c6edb all runs: OK false negative chance: 0.000 # git bisect good 01f39c1c11ee5bf44a1df49e47eb53a86515b9dc 3db978d480e2843979a2b56f2f7da726f2b295b2 is the first bad commit commit 3db978d480e2843979a2b56f2f7da726f2b295b2 Author: Vlastimil Babka Date: Sun Jun 7 21:40:24 2020 -0700 kernel/sysctl: support setting sysctl parameters from kernel command line Patch series "support setting sysctl parameters from kernel command line", v3. This series adds support for something that seems like many people always wanted but nobody added it yet, so here's the ability to set sysctl parameters via kernel command line options in the form of sysctl.vm.something=1 The important part is Patch 1. The second, not so important part is an attempt to clean up legacy one-off parameters that do the same thing as a sysctl. I don't want to remove them completely for compatibility reasons, but with generic sysctl support the idea is to remove the one-off param handlers and treat the parameters as aliases for the sysctl variants. I have identified several parameters that mention sysctl counterparts in Documentation/admin-guide/kernel-parameters.txt but there might be more. The conversion also has varying level of success: - numa_zonelist_order is converted in Patch 2 together with adding the necessary infrastructure. It's easy as it doesn't really do anything but warn on deprecated value these days. - hung_task_panic is converted in Patch 3, but there's a downside that now it only accepts 0 and 1, while previously it was any integer value - nmi_watchdog maps to two sysctls nmi_watchdog and hardlockup_panic, so there's no straighforward conversion possible - traceoff_on_warning is a flag without value and it would be required to handle that somehow in the conversion infractructure, which seems pointless for a single flag This patch (of 5): A recently proposed patch to add vm_swappiness command line parameter in addition to existing sysctl [1] made me wonder why we don't have a general support for passing sysctl parameters via command line. Googling found only somebody else wondering the same [2], but I haven't found any prior discussion with reasons why not to do this. Settings the vm_swappiness issue aside (the underlying issue might be solved in a different way), quick search of kernel-parameters.txt shows there are already some that exist as both sysctl and kernel parameter - hung_task_panic, nmi_watchdog, numa_zonelist_order, traceoff_on_warning. A general mechanism would remove the need to add more of those one-offs and might be handy in situations where configuration by e.g. /etc/sysctl.d/ is impractical. Hence, this patch adds a new parse_args() pass that looks for parameters prefixed by 'sysctl.' and tries to interpret them as writes to the corresponding sys/ files using an temporary in-kernel procfs mount. This mechanism was suggested by Eric W. Biederman [3], as it handles all dynamically registered sysctl tables, even though we don't handle modular sysctls. Errors due to e.g. invalid parameter name or value are reported in the kernel log. The processing is hooked right before the init process is loaded, as some handlers might be more complicated than simple setters and might need some subsystems to be initialized. At the moment the init process can be started and eventually execute a process writing to /proc/sys/ then it should be also fine to do that from the kernel. Sysctls registered later on module load time are not set by this mechanism - it's expected that in such scenarios, setting sysctl values from userspace is practical enough. [1] https://lore.kernel.org/r/BL0PR02MB560167492CA4094C91589930E9FC0@BL0PR02MB5601.namprd02.prod.outlook.com/ [2] https://unix.stackexchange.com/questions/558802/how-to-set-sysctl-using-kernel-command-line-parameter [3] https://lore.kernel.org/r/87bloj2skm.fsf@x220.int.ebiederm.org/ Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Reviewed-by: Luis Chamberlain Reviewed-by: Masami Hiramatsu Acked-by: Kees Cook Acked-by: Michal Hocko Cc: Iurii Zaikin Cc: Ivan Teterevkov Cc: Michal Hocko Cc: David Rientjes Cc: Matthew Wilcox Cc: "Eric W . Biederman" Cc: "Guilherme G . Piccoli" Cc: Alexey Dobriyan Cc: Thomas Gleixner Cc: Greg Kroah-Hartman Cc: Christian Brauner Link: http://lkml.kernel.org/r/20200427180433.7029-1-vbabka@suse.cz Link: http://lkml.kernel.org/r/20200427180433.7029-2-vbabka@suse.cz Signed-off-by: Linus Torvalds Documentation/admin-guide/kernel-parameters.txt | 9 ++ fs/proc/proc_sysctl.c | 107 ++++++++++++++++++++++++ include/linux/sysctl.h | 4 + init/main.c | 2 + 4 files changed, 122 insertions(+) accumulated error probability: 0.00 culprit signature: e546849bd5187a5c5fbd59c59dbaecdcac239b7f0a2d73cab758e41d3ba4e5e4 parent signature: ec96f125de6ba868f4b272443fd21f3e1d3a75589ecaaa50b1d0e767e20c6edb revisions tested: 37, total time: 8h38m38.233735313s (build: 2h22m50.320731325s, test: 5h45m42.066614198s) first bad commit: 3db978d480e2843979a2b56f2f7da726f2b295b2 kernel/sysctl: support setting sysctl parameters from kernel command line recipients (to): ["akpm@linux-foundation.org" "keescook@chromium.org" "mcgrof@kernel.org" "mhiramat@kernel.org" "mhocko@suse.com" "torvalds@linux-foundation.org" "vbabka@suse.cz"] recipients (cc): [] crash: INFO: task hung in hugetlb_fault INFO: task syz.4.98:4175 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.98 D14648 4175 1569 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7fa68bb1f629 Code: Bad RIP value. RSP: 002b:00007fff6a8816f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffffff7fffff RDX: 781489698450e29c RSI: 0000000020800000 RDI: 00005555575503c8 RBP: 00007fa68be05a80 R08: 00007fa68bace000 R09: 0000000000000008 R10: 0000000000000000 R11: 0000000000000003 R12: 000000000000d07f R13: 00007fff6a8817f0 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.4.98:4176 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.98 D14384 4176 1569 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001937e70 EFLAGS: 00050202 RAX: 0000000020028880 RBX: 000000000000f1f8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001937e88 RDI: 0000000020028878 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888225790880 R10: 0000000000000001 R11: ffff888225790000 R12: 0000000020028878 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001937e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa68bc4bff9 Code: Bad RIP value. RSP: 002b:00007fa68b6cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007fa68be03f80 RCX: 00007fa68bc4bff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007fa68bcbe296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa68be03f80 R15: 00007fff6a881588 INFO: task syz.4.98:4185 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.98 D15032 4185 4175 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa68bc4bff9 Code: Bad RIP value. RSP: 002b:00007fa68b6abfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007fa68be04058 RCX: 00007fa68bc4bff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fa68bcbe296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa68be04058 R15: 00007fff6a881588 INFO: task syz.0.99:4188 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.99 D14656 4188 2095 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7f87b3e50629 Code: Bad RIP value. RSP: 002b:00007fff4105e440 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffffff7fffff RDX: 0a5e629b5b89cc61 RSI: 0000000020800000 RDI: 0000555555d513c8 RBP: 00007f87b4136a80 R08: 00007f87b3dff000 R09: 0000000000000008 R10: 0000000000000000 R11: 0000000000000003 R12: 000000000000d0b8 R13: 00007fff4105e540 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.0.99:4189 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.99 D14584 4189 2095 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0000:ffffc9000191fe70 EFLAGS: 00050202 RAX: 000000002001ee78 RBX: 00000000000057f0 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc9000191fe88 RDI: 000000002001ee70 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222c98880 R10: 0000000000000001 R11: ffff888222c98000 R12: 000000002001ee70 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc9000191fe8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f87b3f7cff9 Code: Bad RIP value. RSP: 002b:00007f87b39fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f87b4134f80 RCX: 00007f87b3f7cff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007f87b3fef296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f87b4134f80 R15: 00007fff4105e2d8 INFO: task syz.0.99:4191 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.99 D15032 4191 4188 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f87b3f7cff9 Code: Bad RIP value. RSP: 002b:00007f87b39dcfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007f87b4135058 RCX: 00007f87b3f7cff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f87b3fef296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f87b4135058 R15: 00007fff4105e2d8 INFO: task syz.1.101:4197 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.101 D13368 4197 2094 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001997e70 EFLAGS: 00050202 RAX: 000000002001fe70 RBX: 00000000000067e8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001997e88 RDI: 000000002001fe68 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888225788880 R10: 0000000000000001 R11: ffff888225788000 R12: 000000002001fe68 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001997e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f733705bff9 Code: Bad RIP value. RSP: 002b:00007f7336add038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f7337213f80 RCX: 00007f733705bff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007f73370ce296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7337213f80 R15: 00007fffeb23e148 INFO: task syz.1.101:4202 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.101 D14160 4202 2094 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 vfs_fallocate+0x13d/0x270 fs/open.c:309 ksys_fallocate+0x37/0x70 fs/open.c:332 __do_sys_fallocate fs/open.c:340 [inline] __se_sys_fallocate fs/open.c:338 [inline] __x64_sys_fallocate+0x15/0x20 fs/open.c:338 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f733705bff9 Code: Bad RIP value. RSP: 002b:00007f7336abc038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f7337214058 RCX: 00007f733705bff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007f73370ce296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7337214058 R15: 00007fffeb23e148 INFO: task syz.3.105:4229 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.105 D14584 4229 2102 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc900019b7e70 EFLAGS: 00050202 RAX: 000000002001f440 RBX: 0000000000005db8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc900019b7e88 RDI: 000000002001f438 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8882257eb800 R10: 0000000000000001 R11: ffff8882257eaf80 R12: 000000002001f438 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc900019b7e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7ff8dfdbaff9 Code: Bad RIP value. RSP: 002b:00007ff8df83c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007ff8dff72f80 RCX: 00007ff8dfdbaff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007ff8dfe2d296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff8dff72f80 R15: 00007ffda54611d8 INFO: task syz.3.105:4232 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.105 D14328 4232 2102 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 vfs_fallocate+0x13d/0x270 fs/open.c:309 ksys_fallocate+0x37/0x70 fs/open.c:332 __do_sys_fallocate fs/open.c:340 [inline] __se_sys_fallocate fs/open.c:338 [inline] __x64_sys_fallocate+0x15/0x20 fs/open.c:338 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7ff8dfdbaff9 Code: Bad RIP value. RSP: 002b:00007ff8df81b038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007ff8dff73058 RCX: 00007ff8dfdbaff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007ff8dfe2d296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff8dff73058 R15: 00007ffda54611d8 Showing all locks held in the system: 2 locks held by kworker/u4:0/7: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 2 locks held by kworker/u4:1/21: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 1 lock held by khungtaskd/217: #0: ffffffff8226cd60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0xfc kernel/locking/lockdep.c:5780 3 locks held by kworker/u4:2/218: #0: ffff8882333dd538 ((wq_completion)netns){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff8882333dd538 ((wq_completion)netns){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc900000d7e78 (net_cleanup_work){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900000d7e78 (net_cleanup_work){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #2: ffffffff8226d5a8 (rcu_state.barrier_mutex){....}-{3:3}, at: rcu_barrier+0x27/0x1d0 kernel/rcu/tree.c:3578 2 locks held by getty/960: #0: ffff8882358f1898 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x50 drivers/tty/tty_ldisc.c:267 #1: ffffc900015a72e8 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0xd4/0x9c0 drivers/tty/n_tty.c:2156 3 locks held by kworker/1:8/1144: 2 locks held by syz.4.98/4175: #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.4.98/4176: #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 1 lock held by syz.4.98/4185: #0: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 4 locks held by syz.0.99/4188: #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 2 locks held by syz.0.99/4189: #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 1 lock held by syz.0.99/4191: #0: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.1.101/4197: #0: ffff888222c88768 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222c88768 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222c50790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222c50790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.1.101/4202: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c505d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c505d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.105/4229: #0: ffff88822429a068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff88822429a068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cbcbd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cbcbd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.3.105/4232: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cbca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cbca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.104/4231: #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d94790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d94790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.2.104/4233: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d945d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d945d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.111/6507: #0: ffff8882238293e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882238293e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cb8350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cb8350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.0.111/6523: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cb8198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cb8198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.112/6508: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee4198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee4198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.115/6530: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c50a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c50a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 2 locks held by syz.3.116/6536: #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.3.116/6538: #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 3 locks held by syz.4.110/6543: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822575ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822575ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz.3.116/6545: #0: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 4 locks held by syz.0.117/8794: #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 3 locks held by syz.0.117/8795: #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 1 lock held by syz.0.117/8825: #0: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.2.126/8854: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee45d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee45d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.127/8850: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222caca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222caca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.132/8883: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cbdf58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cbdf58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.136/8893: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822575b058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822575b058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.158/11254: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225754a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225754a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.174/11327: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff8882256285d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff8882256285d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.208/11469: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822572b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822572b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.241/11592: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c52398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c52398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.243/11598: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.248/12613: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cb96d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cb96d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.249/12650: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225628e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225628e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.261/13172: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225758a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225758a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.266/13951: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d97498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d97498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.268/13960: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c527d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c527d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.287/15145: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cb9f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cb9f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.296/15344: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225629b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225629b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.325/16366: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822575b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822575b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.364/16578: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c53d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c53d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.368/16595: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee7d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee7d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.380/17204: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cbb058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cbb058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.382/17550: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822562a398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822562a398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.386/18055: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822572bd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822572bd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.448/19175: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c51b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c51b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.652/21353: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822562a7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822562a7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.717/22226: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225757058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225757058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.791/22997: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225729298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225729298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.810/23127: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c50198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c50198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz-executor/18669: #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x2c4/0x360 kernel/rcu/tree_exp.h:838 1 lock held by syz-executor/19170: #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0xe6/0x360 kernel/rcu/tree_exp.h:838 3 locks held by syz.2.1999/20799: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88821e874198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88821e874198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 217 Comm: khungtaskd Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x50/0x70 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x13/0x50 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x9b/0x9d lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x327/0x4b0 kernel/hung_task.c:289 kthread+0x10e/0x130 kernel/kthread.c:268 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:351 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 21284 Comm: modprobe Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__lock_acquire.isra.31+0x12c/0x3e0 kernel/locking/lockdep.c:4318 Code: 24 50 66 41 89 47 20 0f b6 c4 83 e0 7f 44 09 e0 41 88 47 21 41 0f b6 47 22 49 89 57 08 83 e0 fc 09 c1 41 88 4f 22 41 8b 57 20 <81> e2 ff 9f fb ff 89 d0 41 89 57 20 c1 e8 10 83 e0 f3 41 09 c0 45 RSP: 0000:ffffc9000038fce8 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000235 RCX: 0000000000000000 RDX: 0000000000000235 RSI: 0000000000000000 RDI: ffff88821e3f3828 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff88821e3f3800 R10: 0000000000000001 R11: ffff88821e3f2f80 R12: 0000000000000000 R13: ffff88821e3f2f80 R14: ffff888237c286c0 R15: ffff88821e3f3850 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f11c7e0d1b0 CR3: 000000021e3ce000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x93/0x130 kernel/locking/lockdep.c:4959 local_lock_acquire include/linux/local_lock_internal.h:39 [inline] lru_cache_add+0xc0/0x250 mm/swap.c:471 wp_page_copy+0x245/0x710 mm/memory.c:2715 do_wp_page+0x94/0x570 mm/memory.c:2982 handle_pte_fault mm/memory.c:4233 [inline] __handle_mm_fault mm/memory.c:4347 [inline] handle_mm_fault+0x79c/0xe60 mm/memory.c:4384 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7f11c7e182d7 Code: 14 c6 48 83 c2 10 eb 9c 49 8b 04 24 48 85 c0 0f 84 84 00 00 00 41 f6 84 24 1e 03 00 00 20 75 79 49 8b 54 24 60 48 85 d2 74 04 <48> 01 42 08 49 8b 54 24 58 48 85 d2 74 04 48 01 42 08 49 8b 54 24 RSP: 002b:00007ffcb70dd680 EFLAGS: 00010202 RAX: 00007f11c7d4c000 RBX: 0000000000000032 RCX: 0000000000000029 RDX: 00007f11c7e0d1a8 RSI: 00007f11c7e0f100 RDI: 000000006fffffff RBP: 00007ffcb70dd7e0 R08: 000000006ffffdff R09: 000000006ffffeff R10: 000000006fffff41 R11: 000000006ffffe35 R12: 00007f11c7e0f0c0 R13: 00007ffcb70dd868 R14: 0000000070000022 R15: 00000000effffef5