syzbot

INFO: task syz-executor373:6208 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor373 state:D stack:14576 pid:6208  tgid:6207  ppid:5853   task_flags:0x440140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b33/0x51f0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 __bch2_two_state_lock+0x238/0x3f0 fs/bcachefs/two_state_shared_lock.c:7
 bch2_two_state_lock fs/bcachefs/two_state_shared_lock.h:55 [inline]
 bch2_readahead+0x9b9/0x12d0 fs/bcachefs/fs-io-buffered.c:296
 read_pages+0x193/0x590 mm/readahead.c:160
 page_cache_ra_order+0xa37/0xca0 mm/readahead.c:515
 filemap_readahead mm/filemap.c:2560 [inline]
 filemap_get_pages+0x9ec/0x1fc0 mm/filemap.c:2605
 filemap_splice_read+0x690/0xef0 mm/filemap.c:2981
 do_splice_read fs/splice.c:979 [inline]
 splice_direct_to_actor+0x4af/0xc90 fs/splice.c:1083
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x281/0x3d0 fs/splice.c:1227
 do_sendfile+0x582/0x8c0 fs/read_write.c:1368
 __do_sys_sendfile64 fs/read_write.c:1429 [inline]
 __se_sys_sendfile64+0x17e/0x1e0 fs/read_write.c:1415
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f267ea6a2e9
RSP: 002b:00007f267e20e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f267eaf74a8 RCX: 00007f267ea6a2e9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006
RBP: 00007f267eaf74a0 R08: 00007f267e20e6c0 R09: 0000000000000000
R10: 00000000e0000005 R11: 0000000000000246 R12: 00007f267eaf74ac
R13: 000000000000000b R14: 00007ffd0c91fbd0 R15: 00007ffd0c91fcb8
 </TASK>
INFO: task syz-executor373:6246 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor373 state:D stack:25808 pid:6246  tgid:6207  ppid:5853   task_flags:0x400040 flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b33/0x51f0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 io_schedule+0x8d/0x110 kernel/sched/core.c:7742
 folio_wait_bit_common+0x83f/0xf00 mm/filemap.c:1317
 folio_lock include/linux/pagemap.h:1137 [inline]
 bch2_seek_pagecache_data+0x358/0xb80 fs/bcachefs/fs-io-pagecache.c:711
 bch2_clamp_data_hole+0x121/0x180 fs/bcachefs/fs-io-pagecache.c:814
 __bchfs_fallocate+0x118c/0x2820 fs/bcachefs/fs-io.c:671
 bchfs_fallocate+0x31d/0x750 fs/bcachefs/fs-io.c:763
 bch2_fallocate_dispatch+0x3da/0x580 fs/bcachefs/fs-io.c:810
 vfs_fallocate+0x627/0x7a0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xbc/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f267ea6a2e9
RSP: 002b:00007f267e1ed168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f267eaf74b8 RCX: 00007f267ea6a2e9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f267eaf74b0 R08: 00007ffd0c91fcb7 R09: 0000000000000000
R10: 00000000001001f0 R11: 0000000000000246 R12: 00007f267eaf74bc
R13: 000000000000006e R14: 00007ffd0c91fbd0 R15: 00007ffd0c91fcb8
 </TASK>

Showing all locks held in the system:
1 lock held by pool_workqueue_/3:
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: pwq_release_workfn+0x422/0x800 kernel/workqueue.c:5091
1 lock held by khungtaskd/31:
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 kernel/locking/lockdep.c:6764
2 locks held by getty/5588:
 #0: ffff88814d6960a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000364c2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x5bb/0x1700 drivers/tty/n_tty.c:2222
1 lock held by syz-executor373/6208:
 #0: ffff88806e8e2148 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:922 [inline]
 #0: ffff88806e8e2148 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_order+0x45e/0xca0 mm/readahead.c:491
3 locks held by syz-executor373/6246:
 #0: ffff88803163e420 (sb_writers#12){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3041 [inline]
 #0: ffff88803163e420 (sb_writers#12){.+.+}-{0:0}, at: vfs_fallocate+0x5a1/0x7a0 fs/open.c:337
 #1: ffff88806e8e1fa8 (&sb->s_type->i_mutex_key#19){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88806e8e1fa8 (&sb->s_type->i_mutex_key#19){+.+.}-{4:4}, at: bch2_fallocate_dispatch+0x1ea/0x580 fs/bcachefs/fs-io.c:801
 #2: ffff888055f84228 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #2: ffff888055f84228 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #2: ffff888055f84228 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x7ed/0xd40 fs/bcachefs/btree_iter.c:3382
1 lock held by syz-executor373/9071:
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline]
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9f4/0x1bc0 kernel/workqueue.c:5734
1 lock held by syz-executor373/9073:
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline]
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9f4/0x1bc0 kernel/workqueue.c:5734
1 lock held by syz-executor373/9075:
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline]
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9f4/0x1bc0 kernel/workqueue.c:5734
1 lock held by syz-executor373/9077:
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline]
 #0: ffffffff8ebe51a8 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9f4/0x1bc0 kernel/workqueue.c:5734

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x4ab/0x4e0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:437
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 9075 Comm: syz-executor373 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:io_serial_in+0x76/0xb0 drivers/tty/serial/8250/8250_port.c:409
Code: b0 09 34 fc 89 e9 41 d3 e6 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 71 b2 9b fc 44 03 33 44 89 f2 ec <0f> b6 c0 5b 41 5e 41 5f 5d c3 cc cc cc cc 89 e9 80 e1 07 38 c1 7c
RSP: 0018:ffffc900038febd8 EFLAGS: 00000006
RAX: 1ffffffff3548f05 RBX: ffffffff9aa47960 RCX: 0000000000000000
RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
RBP: 0000000000000000 R08: ffffffff858eb2a6 R09: fffff5200071fd5c
R10: dffffc0000000000 R11: ffffffff858eb260 R12: 0000000000000000
R13: dffffc0000000000 R14: 00000000000003f9 R15: dffffc0000000000
FS:  00007f267e20e6c0(0000) GS:ffff888124fcf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f267e20f000 CR3: 000000008f250000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 serial_port_in include/linux/serial_core.h:791 [inline]
 serial8250_console_write+0x4c0/0x1e00 drivers/tty/serial/8250/8250_port.c:3420
 console_emit_next_record kernel/printk/printk.c:3138 [inline]
 console_flush_all+0x86b/0xec0 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0x151/0x3b0 kernel/printk/printk.c:3325
 vprintk_emit+0x761/0xa40 kernel/printk/printk.c:2450
 bch2_print_maybe_redirect fs/bcachefs/super.c:110 [inline]
 __bch2_print+0x17c/0x220 fs/bcachefs/super.c:129
 bch2_fs_online+0x243/0x6a0 fs/bcachefs/super.c:707
 bch2_fs_alloc fs/bcachefs/super.c:979 [inline]
 bch2_fs_open+0x3232/0x32a0 fs/bcachefs/super.c:2216
 bch2_fs_get_tree+0x77b/0x18f0 fs/bcachefs/fs.c:2172
 vfs_get_tree+0x90/0x2b0 fs/super.c:1759
 do_new_mount+0x2cf/0xb70 fs/namespace.c:3881
 do_mount fs/namespace.c:4221 [inline]
 __do_sys_mount fs/namespace.c:4432 [inline]
 __se_sys_mount+0x38c/0x400 fs/namespace.c:4409
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f267ea6b92a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f267e20dfd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f267e20dff0 RCX: 00007f267ea6b92a
RDX: 0000200000000000 RSI: 0000200000000100 RDI: 00007f267e20dff0
RBP: 0000200000000100 R08: 00007f267e20e030 R09: 0000000000005a4f
R10: 0000000002000000 R11: 0000000000000282 R12: 0000200000000000
R13: 00007f267e20e030 R14: 0000000000000003 R15: 0000000002000000
 </TASK>