INFO: task syz.3.73:4433 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.73 D14600 4433 2561 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7fddb4822a98 Code: Bad RIP value. RSP: 002b:00007ffd81f64228 EFLAGS: 00010246 RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564 RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640 RBP: 00007fddb4a14a80 R08: 00007fddb46dd000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000d2e4 R13: 00007ffd81f64330 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.3.73:4435 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.73 D14400 4435 2561 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001a17e70 EFLAGS: 00050202 RAX: 000000002002bb18 RBX: 0000000000012490 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001a17e88 RDI: 000000002002bb10 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222dd2040 R10: 0000000000000001 R11: ffff888222dd17c0 R12: 000000002002bb10 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001a17e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fddb485aff9 Code: Bad RIP value. RSP: 002b:00007fddb42dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007fddb4a12f80 RCX: 00007fddb485aff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007fddb48cd296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fddb4a12f80 R15: 00007ffd81f640c8 INFO: task syz.3.73:4452 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.73 D15032 4452 4433 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fddb485aff9 Code: Bad RIP value. RSP: 002b:00007fddb42bafe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007fddb4a13058 RCX: 00007fddb485aff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fddb48cd296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fddb4a13058 R15: 00007ffd81f640c8 INFO: task syz.4.79:4589 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.79 D13696 4589 2562 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7fc2188eca98 Code: Bad RIP value. RSP: 002b:00007ffc0763b378 EFLAGS: 00010246 RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564 RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640 RBP: 00007fc218adea80 R08: 00007fc2187a7000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000d447 R13: 00007ffc0763b480 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.4.79:4590 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.79 D14560 4590 2562 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001aafe70 EFLAGS: 00050202 RAX: 000000002001d818 RBX: 0000000000004190 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001aafe88 RDI: 000000002001d810 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222de0880 R10: 0000000000000001 R11: ffff888222de0000 R12: 000000002001d810 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001aafe8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fc218924ff9 Code: Bad RIP value. RSP: 002b:00007fc2183a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007fc218adcf80 RCX: 00007fc218924ff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007fc218997296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fc218adcf80 R15: 00007ffc0763b218 INFO: task syz.4.79:4608 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.79 D15032 4608 4589 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fc218924ff9 Code: Bad RIP value. RSP: 002b:00007fc218384fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007fc218add058 RCX: 00007fc218924ff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fc218997296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fc218add058 R15: 00007ffc0763b218 INFO: task syz.1.83:4650 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.83 D14600 4650 2079 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7f7e8a4faa98 Code: Bad RIP value. RSP: 002b:00007ffc183a6598 EFLAGS: 00010246 RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564 RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640 RBP: 00007f7e8a6eca80 R08: 00007f7e8a3b5000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000d573 R13: 00007ffc183a66a0 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.1.83:4653 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.83 D14568 4653 2079 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001adfe70 EFLAGS: 00050202 RAX: 0000000020020290 RBX: 0000000000006c08 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001adfe88 RDI: 0000000020020288 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222c56780 R10: 0000000000000001 R11: ffff888222c55f00 R12: 0000000020020288 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001adfe8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f7e8a532ff9 Code: Bad RIP value. RSP: 002b:00007f7e89fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f7e8a6eaf80 RCX: 00007f7e8a532ff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007f7e8a5a5296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7e8a6eaf80 R15: 00007ffc183a6438 INFO: task syz.1.83:4657 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.83 D15032 4657 4650 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f7e8a532ff9 Code: Bad RIP value. RSP: 002b:00007f7e89f92fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007f7e8a6eb058 RCX: 00007f7e8a532ff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f7e8a5a5296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7e8a6eb058 R15: 00007ffc183a6438 INFO: task syz.0.84:4666 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.84 D14584 4666 2553 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001ae7e70 EFLAGS: 00050202 RAX: 000000002001fcc8 RBX: 0000000000006640 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001ae7e88 RDI: 000000002001fcc0 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222db4fc0 R10: 0000000000000001 R11: ffff888222db4740 R12: 000000002001fcc0 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001ae7e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f9276e64ff9 Code: Bad RIP value. RSP: 002b:00007f92768e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f927701cf80 RCX: 00007f9276e64ff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007f9276ed7296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f927701cf80 R15: 00007fff79880d48 Showing all locks held in the system: 2 locks held by kworker/u4:0/7: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 2 locks held by kworker/u4:1/21: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 1 lock held by khungtaskd/217: #0: ffffffff8226cd60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0xfc kernel/locking/lockdep.c:5780 1 lock held by klogd/887: #0: ffff888237c2b3d8 (&rq->lock){....}-{2:2}, at: rq_lock kernel/sched/sched.h:1261 [inline] #0: ffff888237c2b3d8 (&rq->lock){....}-{2:2}, at: __schedule+0xa5/0x650 kernel/sched/core.c:4102 2 locks held by getty/959: #0: ffff8882315a0098 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x50 drivers/tty/tty_ldisc.c:267 #1: ffffc900015672e8 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0xd4/0x9c0 drivers/tty/n_tty.c:2156 2 locks held by kworker/u4:3/1018: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc90000177e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc90000177e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 2 locks held by kworker/u4:5/1028: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc90000217e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc90000217e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 2 locks held by syz.3.73/4433: #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.3.73/4435: #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 1 lock held by syz.3.73/4452: #0: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 2 locks held by syz.4.79/4589: #0: ffff888226740128 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888226740128 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.4.79/4590: #0: ffff888226740128 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888226740128 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 1 lock held by syz.4.79/4608: #0: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 2 locks held by syz.1.83/4650: #0: ffff888222c4b328 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c4b328 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.1.83/4653: #0: ffff888222c4b328 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222c4b328 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 1 lock held by syz.1.83/4657: #0: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.0.84/4666: #0: ffff888222df8da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222df8da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222e08350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222e08350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.0.84/4673: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e08198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e08198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 2 locks held by syz.2.93/4714: #0: ffff8882267e2068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882267e2068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.2.93/4715: #0: ffff8882267e2068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882267e2068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 1 lock held by syz.2.93/4717: #0: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.3.102/5967: #0: ffff888226600da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888226600da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222dc0bd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222dc0bd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.3.102/6000: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222dc0a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222dc0a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.104/6005: #0: ffff888222d40da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222d40da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d74790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d74790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.4.104/6030: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d745d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d745d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz.3.102/6025: #0: ffff888222dc0bd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222dc0bd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.1.97/6971: #0: ffff888222c4cc28 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c4cc28 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222c26dd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222c26dd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.1.97/6972: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c26c18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c26c18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz.1.97/7026: #0: ffff888222c26dd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222c26dd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.2.98/7029: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ea4a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ea4a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.108/7047: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e096d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e096d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.114/8212: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c7d298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c7d298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.121/8365: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222dc2398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222dc2398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.113/9367: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ea4e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ea4e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.126/9383: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222f145d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222f145d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.136/9420: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c27058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c27058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.140/10341: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222dc2c18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222dc2c18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.150/10450: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c7ec18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c7ec18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.155/11356: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e72398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e72398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.147/11392: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222f14a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222f14a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.157/11766: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c25b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c25b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.162/12701: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d90e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d90e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.167/12782: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c7f058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c7f058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.170/13631: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e09b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e09b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.173/13763: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e73058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e73058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.176/14105: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c256d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c256d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.181/15135: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d91298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d91298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.184/15181: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d75298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d75298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.186/15858: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e09f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e09f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.189/16121: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ea5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ea5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.252/16650: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c3e7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c3e7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.259/17172: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222dc3d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222dc3d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.268/18196: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d756d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d756d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.271/18241: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e0ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e0ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.284/18583: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e738d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e738d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.314/19140: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c3f8d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c3f8d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.320/19714: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d916d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d916d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.342/21644: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222f15b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222f15b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.345/21776: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c7fd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c7fd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.367/22389: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222e70e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222e70e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.492/24892: #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c3c5d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c3c5d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz-executor/5841: #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x2c4/0x360 kernel/rcu/tree_exp.h:838 1 lock held by kworker/u4:1/7688: ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 217 Comm: khungtaskd Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x50/0x70 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x13/0x50 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x9b/0x9d lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x327/0x4b0 kernel/hung_task.c:289 kthread+0x10e/0x130 kernel/kthread.c:268 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:351 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 7869 Comm: modprobe Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:page_remove_file_rmap mm/rmap.c:1260 [inline] RIP: 0010:page_remove_rmap+0x105/0x2a0 mm/rmap.c:1331 Code: 89 df e8 7e 3e ff ff e9 4e ff ff ff 40 84 ed 0f 85 e5 00 00 00 48 89 df e8 f8 a9 01 00 85 c0 0f 85 50 01 00 00 f0 83 43 30 ff <0f> 89 2a ff ff ff 48 8b 53 08 48 8d 42 ff 83 e2 01 48 0f 44 c3 48 RSP: 0018:ffffc9000535fcd0 EFLAGS: 00000213 RAX: 0000000000000000 RBX: ffffea0008df2c00 RCX: 0000000082092f8a RDX: 0000000000000000 RSI: 0000000052133621 RDI: ffffea0008df2c00 RBP: 0000000000000000 R08: 0000000000000002 R09: ffff88821db7cfc0 R10: 0000000000000001 R11: ffff88821db7c740 R12: ffffea0008df2c00 R13: 0000000237cb0025 R14: 00007f7289e65000 R15: ffffc9000535fde0 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7289ed6440 CR3: 000000021db82000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: zap_pte_range mm/memory.c:1090 [inline] zap_pmd_range mm/memory.c:1194 [inline] zap_pud_range mm/memory.c:1223 [inline] zap_p4d_range mm/memory.c:1244 [inline] unmap_page_range+0x51e/0x9a0 mm/memory.c:1265 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 do_group_exit+0x42/0xb0 kernel/exit.c:904 __do_sys_exit_group kernel/exit.c:915 [inline] __se_sys_exit_group kernel/exit.c:913 [inline] __x64_sys_exit_group+0xf/0x10 kernel/exit.c:913 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f7289f94a90 Code: 0f 05 57 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 ba e7 00 00 00 be 3c 00 00 00 89 d0 0f 05 <48> 3d 00 f0 ff ff 76 0c 48 8b 0d 69 43 0f 00 f7 d8 64 89 01 89 f0 RSP: 002b:00007ffe7963f4a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f728a085860 RCX: 00007f7289f94a90 RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001 RBP: 00007f728a085860 R08: 0000000000000000 R09: 8ada9396961be19c R10: 00007ffe7963f360 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000001 R14: 00007f728a089658 R15: 0000000000000001