[�[0;32m OK �[0m] Started Getty on tty2.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
2020/05/02 06:13:29 parsed 1 programs
2020/05/02 06:13:30 executed programs: 0
syzkaller login: [ 65.405910][ T7223] IPVS: ftp: loaded support on port[0] = 21
[ 65.500696][ T7223] chnl_net:caif_netlink_parms(): no params data found
[ 65.551590][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.559794][ T7223] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.568812][ T7223] device bridge_slave_0 entered promiscuous mode
[ 65.578017][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.585931][ T7223] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.594450][ T7223] device bridge_slave_1 entered promiscuous mode
[ 65.615271][ T7223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.629251][ T7223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.651771][ T7223] team0: Port device team_slave_0 added
[ 65.659220][ T7223] team0: Port device team_slave_1 added
[ 65.677837][ T7223] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.684905][ T7223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.711043][ T7223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.724275][ T7223] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.731219][ T7223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.757389][ T7223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.838219][ T7223] device hsr_slave_0 entered promiscuous mode
[ 65.893683][ T7223] device hsr_slave_1 entered promiscuous mode
[ 66.024548][ T7223] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.056012][ T7223] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.106725][ T7223] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.155576][ T7223] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.209205][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.216438][ T7223] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.224361][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.231530][ T7223] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.278651][ T7223] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.292638][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 66.302700][ T2712] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.311463][ T2712] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.320320][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 66.335117][ T7223] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.346962][ T3167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 66.355593][ T3167] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.362649][ T3167] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.376464][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 66.385342][ T2712] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.392435][ T2712] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.414289][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 66.422810][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 66.433570][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 66.445273][ T3167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 66.459218][ T7223] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 66.471074][ T7223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 66.480272][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 66.504203][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 66.511626][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 66.522727][ T7223] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.542926][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 66.552130][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 66.573819][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 66.582949][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 66.592572][ T7223] device veth0_vlan entered promiscuous mode
[ 66.601522][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 66.609913][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 66.621426][ T7223] device veth1_vlan entered promiscuous mode
[ 66.647564][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 66.656186][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 66.666683][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 66.675791][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 66.686607][ T7223] device veth0_macvtap entered promiscuous mode
[ 66.698754][ T7223] device veth1_macvtap entered promiscuous mode
[ 66.717231][ T7223] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.725723][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 66.734971][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 66.742820][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 66.752660][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 66.766009][ T7223] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.774394][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 66.784176][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 67.004784][ T7432] hugetlbfs: syz-executor.0 (7432): Using mlock ulimits for SHM_HUGETLB is deprecated
[ 67.095143][ T7433]
[ 67.097515][ T7433] =====================================================
[ 67.104428][ T7433] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 67.111857][ T7433] 5.7.0-rc1-next-20200415-syzkaller #0 Not tainted
[ 67.118323][ T7433] -----------------------------------------------------
[ 67.125271][ T7433] syz-executor.0/7433 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 67.133253][ T7433] ffff888092ddc938 (&info->lock){....}-{2:2}, at: shmem_uncharge+0x24/0x270
[ 67.141980][ T7433]
[ 67.141980][ T7433] and this task is already holding:
[ 67.149338][ T7433] ffff888092ddcc88 (&xa->xa_lock#4){..-.}-{2:2}, at: split_huge_page_to_list+0xad0/0x33b0
[ 67.159225][ T7433] which would create a new lock dependency:
[ 67.165089][ T7433] (&xa->xa_lock#4){..-.}-{2:2} -> (&info->lock){....}-{2:2}
[ 67.172445][ T7433]
[ 67.172445][ T7433] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 67.181878][ T7433] (&xa->xa_lock#4){..-.}-{2:2}
[ 67.181887][ T7433]
[ 67.181887][ T7433] ... which became SOFTIRQ-irq-safe at:
[ 67.194413][ T7433] lock_acquire+0x1f2/0x8f0
[ 67.198976][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf
[ 67.204235][ T7433] test_clear_page_writeback+0x1d7/0x11e0
[ 67.210014][ T7433] end_page_writeback+0x239/0x520
[ 67.215110][ T7433] end_buffer_async_write+0x442/0x5c0
[ 67.220542][ T7433] end_bio_bh_io_sync+0xe2/0x140
[ 67.225537][ T7433] bio_endio+0x46a/0x820
[ 67.229851][ T7433] blk_update_request+0x3e1/0xdc0
[ 67.234954][ T7433] scsi_end_request+0x80/0x7b0
[ 67.239790][ T7433] scsi_io_completion+0x1e7/0x1300
[ 67.244991][ T7433] scsi_softirq_done+0x31e/0x3b0
[ 67.249990][ T7433] blk_done_softirq+0x2db/0x440
[ 67.255021][ T7433] __do_softirq+0x26c/0x9f7
[ 67.259591][ T7433] irq_exit+0x192/0x1d0
[ 67.263812][ T7433] do_IRQ+0xda/0x270
[ 67.267766][ T7433] ret_from_intr+0x0/0x2b
[ 67.272195][ T7433] check_memory_region+0xdf/0x190
[ 67.277285][ T7433] rcu_dynticks_curr_cpu_in_eqs+0x4f/0xb0
[ 67.283094][ T7433] rcu_is_watching+0xc/0x20
[ 67.287703][ T7433] rcu_read_lock_held_common+0xaf/0x130
[ 67.293310][ T7433] rcu_read_lock_held+0x5a/0xb0
[ 67.298220][ T7433] __d_lookup_rcu+0x53a/0x6c0
[ 67.302955][ T7433] lookup_fast+0xe0/0x6d0
[ 67.307389][ T7433] walk_component+0xc6/0x6a0
[ 67.312598][ T7433] path_lookupat.isra.0+0x180/0x530
[ 67.317855][ T7433] filename_lookup+0x1a3/0x3e0
[ 67.322679][ T7433] vfs_statx+0x119/0x1e0
[ 67.326991][ T7433] __do_sys_newlstat+0x96/0x120
[ 67.331901][ T7433] do_syscall_64+0xf6/0x7d0
[ 67.336462][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 67.342408][ T7433]
[ 67.342408][ T7433] to a SOFTIRQ-irq-unsafe lock:
[ 67.349404][ T7433] (shmlock_user_lock){+.+.}-{2:2}
[ 67.349415][ T7433]
[ 67.349415][ T7433] ... which became SOFTIRQ-irq-unsafe at:
[ 67.362467][ T7433] ...
[ 67.362481][ T7433] lock_acquire+0x1f2/0x8f0
[ 67.369653][ T7433] _raw_spin_lock+0x2a/0x40
[ 67.374220][ T7433] user_shm_lock+0xab/0x230
[ 67.378789][ T7433] hugetlb_file_setup+0x4e1/0x677
[ 67.383965][ T7433] newseg+0x460/0xe60
[ 67.388013][ T7433] ipcget+0xf0/0xcb0
[ 67.391973][ T7433] __x64_sys_shmget+0x139/0x1a0
[ 67.396885][ T7433] do_syscall_64+0xf6/0x7d0
[ 67.401449][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 67.407394][ T7433]
[ 67.407394][ T7433] other info that might help us debug this:
[ 67.407394][ T7433]
[ 67.417597][ T7433] Chain exists of:
[ 67.417597][ T7433] &xa->xa_lock#4 --> &info->lock --> shmlock_user_lock
[ 67.417597][ T7433]
[ 67.430324][ T7433] Possible interrupt unsafe locking scenario:
[ 67.430324][ T7433]
[ 67.438612][ T7433] CPU0 CPU1
[ 67.443950][ T7433] ---- ----
[ 67.449295][ T7433] lock(shmlock_user_lock);
[ 67.453891][ T7433] local_irq_disable();
[ 67.460631][ T7433] lock(&xa->xa_lock#4);
[ 67.467456][ T7433] lock(&info->lock);
[ 67.474061][ T7433] <Interrupt>
[ 67.477492][ T7433] lock(&xa->xa_lock#4);
[ 67.482004][ T7433]
[ 67.482004][ T7433] *** DEADLOCK ***
[ 67.482004][ T7433]
[ 67.490126][ T7433] 5 locks held by syz-executor.0/7433:
[ 67.495551][ T7433] #0: ffff8880a926a450 (sb_writers#7){.+.+}-{0:0}, at: do_sys_ftruncate+0x29f/0x570
[ 67.504992][ T7433] #1: ffff888092ddcb90 (&sb->s_type->i_mutex_key#16){+.+.}-{3:3}, at: do_truncate+0x125/0x1f0
[ 67.515296][ T7433] #2: ffff888092ddcd50 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: split_huge_page_to_list+0x4c3/0x33b0
[ 67.526342][ T7433] #3: ffff88812ffffcd8 (&pgdat->lru_lock){....}-{2:2}, at: split_huge_page_to_list+0x8da/0x33b0
[ 67.537001][ T7433] #4: ffff888092ddcc88 (&xa->xa_lock#4){..-.}-{2:2}, at: split_huge_page_to_list+0xad0/0x33b0
[ 67.547401][ T7433]
[ 67.547401][ T7433] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 67.557845][ T7433] -> (&xa->xa_lock#4){..-.}-{2:2} {
[ 67.563036][ T7433] IN-SOFTIRQ-W at:
[ 67.566997][ T7433] lock_acquire+0x1f2/0x8f0
[ 67.573282][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf
[ 67.580159][ T7433] test_clear_page_writeback+0x1d7/0x11e0
[ 67.587509][ T7433] end_page_writeback+0x239/0x520
[ 67.594164][ T7433] end_buffer_async_write+0x442/0x5c0
[ 67.601169][ T7433] end_bio_bh_io_sync+0xe2/0x140
[ 67.607735][ T7433] bio_endio+0x46a/0x820
[ 67.613615][ T7433] blk_update_request+0x3e1/0xdc0
[ 67.620274][ T7433] scsi_end_request+0x80/0x7b0
[ 67.626663][ T7433] scsi_io_completion+0x1e7/0x1300
[ 67.633438][ T7433] scsi_softirq_done+0x31e/0x3b0
[ 67.640008][ T7433] blk_done_softirq+0x2db/0x440
[ 67.646520][ T7433] __do_softirq+0x26c/0x9f7
[ 67.652648][ T7433] irq_exit+0x192/0x1d0
[ 67.658425][ T7433] do_IRQ+0xda/0x270
[ 67.663950][ T7433] ret_from_intr+0x0/0x2b
[ 67.669937][ T7433] check_memory_region+0xdf/0x190
[ 67.676595][ T7433] rcu_dynticks_curr_cpu_in_eqs+0x4f/0xb0
[ 67.683939][ T7433] rcu_is_watching+0xc/0x20
[ 67.690155][ T7433] rcu_read_lock_held_common+0xaf/0x130
[ 67.697326][ T7433] rcu_read_lock_held+0x5a/0xb0
[ 67.703808][ T7433] __d_lookup_rcu+0x53a/0x6c0
[ 67.710106][ T7433] lookup_fast+0xe0/0x6d0
[ 67.716056][ T7433] walk_component+0xc6/0x6a0
[ 67.722278][ T7433] path_lookupat.isra.0+0x180/0x530
[ 67.729107][ T7433] filename_lookup+0x1a3/0x3e0
[ 67.735496][ T7433] vfs_statx+0x119/0x1e0
[ 67.741364][ T7433] __do_sys_newlstat+0x96/0x120
[ 67.747853][ T7433] do_syscall_64+0xf6/0x7d0
[ 67.753992][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 67.761507][ T7433] INITIAL USE at:
[ 67.765386][ T7433] lock_acquire+0x1f2/0x8f0
[ 67.771436][ T7433] _raw_spin_lock_irq+0x5b/0x80
[ 67.777840][ T7433] __add_to_page_cache_locked+0x607/0xe00
[ 67.785106][ T7433] add_to_page_cache_lru+0x1aa/0x700
[ 67.791942][ T7433] do_read_cache_page+0x9ab/0x1810
[ 67.798596][ T7433] read_part_sector+0xf6/0x600
[ 67.804898][ T7433] adfspart_check_ICS+0x9d/0xc80
[ 67.811377][ T7433] blk_add_partitions+0x474/0xe50
[ 67.817950][ T7433] bdev_disk_changed+0x1fb/0x380
[ 67.824422][ T7433] __blkdev_get+0xb15/0x1530
[ 67.830548][ T7433] blkdev_get+0x41/0x2b0
[ 67.836326][ T7433] __device_add_disk+0xa4f/0x1170
[ 67.842900][ T7433] brd_init+0x297/0x463
[ 67.848592][ T7433] do_one_initcall+0x10a/0x7d0
[ 67.854906][ T7433] kernel_init_freeable+0x501/0x5ae
[ 67.861639][ T7433] kernel_init+0xd/0x1bb
[ 67.867435][ T7433] ret_from_fork+0x24/0x30
[ 67.873382][ T7433] }
[ 67.875866][ T7433] ... key at: [<ffffffff8c6b4140>] __key.18068+0x0/0x40
[ 67.883288][ T7433] ... acquired at:
[ 67.887069][ T7433] lock_acquire+0x1f2/0x8f0
[ 67.891717][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf
[ 67.897071][ T7433] shmem_uncharge+0x24/0x270
[ 67.901808][ T7433] split_huge_page_to_list+0x274b/0x33b0
[ 67.907586][ T7433] shmem_punch_compound+0x13e/0x1e0
[ 67.912940][ T7433] shmem_undo_range+0x5f1/0x1b80
[ 67.918046][ T7433] shmem_truncate_range+0x27/0xa0
[ 67.923229][ T7433] shmem_setattr+0x8b6/0xc80
[ 67.928504][ T7433] notify_change+0xb6d/0x1020
[ 67.933345][ T7433] do_truncate+0x134/0x1f0
[ 67.937909][ T7433] do_sys_ftruncate+0x4a5/0x570
[ 67.942911][ T7433] do_syscall_64+0xf6/0x7d0
[ 67.947606][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 67.953692][ T7433]
[ 67.955997][ T7433]
[ 67.955997][ T7433] the dependencies between the lock to be acquired
[ 67.956000][ T7433] and SOFTIRQ-irq-unsafe lock:
[ 67.969537][ T7433] -> (shmlock_user_lock){+.+.}-{2:2} {
[ 67.975075][ T7433] HARDIRQ-ON-W at:
[ 67.979137][ T7433] lock_acquire+0x1f2/0x8f0
[ 67.985461][ T7433] _raw_spin_lock+0x2a/0x40
[ 67.991773][ T7433] user_shm_lock+0xab/0x230
[ 67.998784][ T7433] hugetlb_file_setup+0x4e1/0x677
[ 68.005612][ T7433] newseg+0x460/0xe60
[ 68.011402][ T7433] ipcget+0xf0/0xcb0
[ 68.017367][ T7433] __x64_sys_shmget+0x139/0x1a0
[ 68.024028][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.030367][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.038061][ T7433] SOFTIRQ-ON-W at:
[ 68.042225][ T7433] lock_acquire+0x1f2/0x8f0
[ 68.048536][ T7433] _raw_spin_lock+0x2a/0x40
[ 68.054841][ T7433] user_shm_lock+0xab/0x230
[ 68.061185][ T7433] hugetlb_file_setup+0x4e1/0x677
[ 68.068011][ T7433] newseg+0x460/0xe60
[ 68.073804][ T7433] ipcget+0xf0/0xcb0
[ 68.079589][ T7433] __x64_sys_shmget+0x139/0x1a0
[ 68.086252][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.092666][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.100362][ T7433] INITIAL USE at:
[ 68.104446][ T7433] lock_acquire+0x1f2/0x8f0
[ 68.110661][ T7433] _raw_spin_lock+0x2a/0x40
[ 68.116880][ T7433] user_shm_lock+0xab/0x230
[ 68.123099][ T7433] shmem_lock+0x1dd/0x2d0
[ 68.129146][ T7433] shmctl_do_lock+0x73f/0x8f0
[ 68.135576][ T7433] ksys_shmctl.constprop.0+0x203/0x350
[ 68.143439][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.149657][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.157256][ T7433] }
[ 68.159824][ T7433] ... key at: [<ffffffff89a620f8>] shmlock_user_lock+0x18/0x5c0
[ 68.168027][ T7433] ... acquired at:
[ 68.171897][ T7433] _raw_spin_lock+0x2a/0x40
[ 68.176547][ T7433] user_shm_lock+0xab/0x230
[ 68.181195][ T7433] shmem_lock+0x1dd/0x2d0
[ 68.185681][ T7433] shmctl_do_lock+0x73f/0x8f0
[ 68.190503][ T7433] ksys_shmctl.constprop.0+0x203/0x350
[ 68.196119][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.200770][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.206813][ T7433]
[ 68.209114][ T7433] -> (&info->lock){....}-{2:2} {
[ 68.214656][ T7433] INITIAL USE at:
[ 68.218532][ T7433] lock_acquire+0x1f2/0x8f0
[ 68.224569][ T7433] _raw_spin_lock_irq+0x5b/0x80
[ 68.230965][ T7433] shmem_getpage_gfp+0x937/0x2a10
[ 68.237593][ T7433] shmem_write_begin+0x102/0x1e0
[ 68.244072][ T7433] generic_perform_write+0x20a/0x4e0
[ 68.250898][ T7433] __generic_file_write_iter+0x24c/0x610
[ 68.258071][ T7433] generic_file_write_iter+0x3f3/0x630
[ 68.265071][ T7433] new_sync_write+0x4a2/0x700
[ 68.271284][ T7433] __vfs_write+0xc9/0x100
[ 68.277152][ T7433] vfs_write+0x268/0x5d0
[ 68.282933][ T7433] ksys_write+0x12d/0x250
[ 68.288802][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.294896][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.302379][ T7433] }
[ 68.304866][ T7433] ... key at: [<ffffffff8c6a0bc0>] __key.56628+0x0/0x40
[ 68.312292][ T7433] ... acquired at:
[ 68.316082][ T7433] lock_acquire+0x1f2/0x8f0
[ 68.320807][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf
[ 68.326168][ T7433] shmem_uncharge+0x24/0x270
[ 68.330944][ T7433] split_huge_page_to_list+0x274b/0x33b0
[ 68.336725][ T7433] shmem_punch_compound+0x13e/0x1e0
[ 68.342113][ T7433] shmem_undo_range+0x5f1/0x1b80
[ 68.347204][ T7433] shmem_truncate_range+0x27/0xa0
[ 68.352379][ T7433] shmem_setattr+0x8b6/0xc80
[ 68.357130][ T7433] notify_change+0xb6d/0x1020
[ 68.361953][ T7433] do_truncate+0x134/0x1f0
[ 68.366526][ T7433] do_sys_ftruncate+0x4a5/0x570
[ 68.371536][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.376199][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.382231][ T7433]
[ 68.384541][ T7433]
[ 68.384541][ T7433] stack backtrace:
[ 68.390422][ T7433] CPU: 1 PID: 7433 Comm: syz-executor.0 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0
[ 68.400202][ T7433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.410233][ T7433] Call Trace:
[ 68.413518][ T7433] dump_stack+0x188/0x20d
[ 68.417829][ T7433] check_irq_usage.cold+0x566/0x6de
[ 68.423008][ T7433] ? check_usage_forwards+0x4e0/0x4e0
[ 68.428370][ T7433] ? kernel_text_address+0x6e/0xe0
[ 68.433459][ T7433] ? arch_stack_walk+0x84/0xd0
[ 68.438212][ T7433] ? check_path+0x22/0x40
[ 68.442524][ T7433] ? check_noncircular+0x16d/0x3e0
[ 68.447614][ T7433] ? print_circular_bug.isra.0+0x3a0/0x3a0
[ 68.453395][ T7433] ? mark_lock+0x12b/0xf10
[ 68.457838][ T7433] ? __lock_acquire+0x2ac9/0x4c50
[ 68.462840][ T7433] __lock_acquire+0x2ac9/0x4c50
[ 68.467670][ T7433] ? mark_held_locks+0xe0/0xe0
[ 68.472406][ T7433] ? xas_load+0x66/0x140
[ 68.476666][ T7433] lock_acquire+0x1f2/0x8f0
[ 68.481161][ T7433] ? shmem_uncharge+0x24/0x270
[ 68.485900][ T7433] ? lock_release+0x800/0x800
[ 68.490555][ T7433] ? __delete_from_page_cache+0x3fc/0xb90
[ 68.496248][ T7433] ? filemap_map_pages+0x1370/0x1370
[ 68.501511][ T7433] _raw_spin_lock_irqsave+0x8c/0xbf
[ 68.506693][ T7433] ? shmem_uncharge+0x24/0x270
[ 68.511428][ T7433] shmem_uncharge+0x24/0x270
[ 68.516007][ T7433] split_huge_page_to_list+0x274b/0x33b0
[ 68.521629][ T7433] ? can_split_huge_page+0x480/0x480
[ 68.526896][ T7433] shmem_punch_compound+0x13e/0x1e0
[ 68.532071][ T7433] shmem_undo_range+0x5f1/0x1b80
[ 68.537113][ T7433] ? shmem_file_read_iter+0xd30/0xd30
[ 68.542523][ T7433] ? lockdep_hardirqs_on+0x463/0x620
[ 68.547793][ T7433] ? mark_lock+0x12b/0xf10
[ 68.552194][ T7433] ? current_time+0x6b/0x110
[ 68.556767][ T7433] ? print_usage_bug+0x240/0x240
[ 68.561686][ T7433] ? lock_release+0x800/0x800
[ 68.566356][ T7433] ? rwsem_mark_wake+0x8d0/0x8d0
[ 68.571277][ T7433] ? lock_downgrade+0x840/0x840
[ 68.576104][ T7433] ? timestamp_truncate+0x20f/0x2f0
[ 68.581288][ T7433] ? inode_init_owner+0x330/0x330
[ 68.586300][ T7433] ? ktime_get_coarse_real_ts64+0xe5/0x280
[ 68.592103][ T7433] ? lockdep_hardirqs_on+0x463/0x620
[ 68.597421][ T7433] shmem_truncate_range+0x27/0xa0
[ 68.602435][ T7433] shmem_setattr+0x8b6/0xc80
[ 68.607078][ T7433] ? evm_inode_setattr+0x6a/0x170
[ 68.612090][ T7433] ? shmem_evict_inode+0x9f0/0x9f0
[ 68.617184][ T7433] notify_change+0xb6d/0x1020
[ 68.621855][ T7433] do_truncate+0x134/0x1f0
[ 68.626250][ T7433] ? do_sys_openat2+0x7d0/0x7d0
[ 68.631085][ T7433] ? common_perm_cond+0x187/0x200
[ 68.636097][ T7433] do_sys_ftruncate+0x4a5/0x570
[ 68.640935][ T7433] do_syscall_64+0xf6/0x7d0
[ 68.645419][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 68.651292][ T7433] RIP: 0033:0x45c829
[ 68.655172][ T7433] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 68.674816][ T7433] RSP: 002b:00007feebbe5dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 68.683255][ T7433] RAX: ffffffffffffffda RBX: 00000000004dc580 RCX: 000000000045c829
[ 68.691234][ T7433] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000005
[ 68.699189][ T7433] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 68.707149][ T7433] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 68.715098][ T7433] R13: 00000000000000e9 R14: 00000000004c3701 R15: 00007feebbe5e6d4