syzbot

INFO: task syz-executor385:6297 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor385 state:D stack:14368 pid:6297  tgid:6296  ppid:5836   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x17fb/0x4be0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 __bch2_two_state_lock+0x229/0x2c0 fs/bcachefs/two_state_shared_lock.c:7
 bch2_two_state_lock fs/bcachefs/two_state_shared_lock.h:55 [inline]
 bch2_readahead+0x9a2/0x11e0 fs/bcachefs/fs-io-buffered.c:258
 read_pages+0x176/0x750 mm/readahead.c:160
 page_cache_ra_order+0x7e3/0xb60 mm/readahead.c:512
 filemap_readahead mm/filemap.c:2518 [inline]
 filemap_get_pages+0x95f/0x2080 mm/filemap.c:2563
 filemap_splice_read+0x68e/0xef0 mm/filemap.c:2922
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x4af/0xc80 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0x289/0x3e0 fs/splice.c:1233
 do_sendfile+0x564/0x8a0 fs/read_write.c:1363
 __do_sys_sendfile64 fs/read_write.c:1424 [inline]
 __se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1410
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f53f8244f99
RSP: 002b:00007f53f81fb218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f53f82f16c8 RCX: 00007f53f8244f99
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
RBP: 00007f53f82f16c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 00007f53f82bdd3c
R13: 756d6d695f737973 R14: 656c626174756d6d R15: 00007f53f829906b
 </TASK>
INFO: task syz-executor385:6308 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor385 state:D stack:26768 pid:6308  tgid:6296  ppid:5836   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x17fb/0x4be0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 io_schedule+0x8d/0x110 kernel/sched/core.c:7681
 folio_wait_bit_common+0x839/0xee0 mm/filemap.c:1308
 folio_lock include/linux/pagemap.h:1151 [inline]
 truncate_inode_pages_range+0xc1f/0x10e0 mm/truncate.c:380
 truncate_inode_pages mm/truncate.c:407 [inline]
 truncate_pagecache mm/truncate.c:715 [inline]
 truncate_setsize+0xcf/0xf0 mm/truncate.c:740
 bchfs_truncate+0x6f3/0xc90 fs/bcachefs/fs-io.c:441
 notify_change+0xbca/0xe90 fs/attr.c:552
 do_truncate fs/open.c:65 [inline]
 do_ftruncate+0x462/0x580 fs/open.c:181
 do_sys_ftruncate fs/open.c:196 [inline]
 __do_sys_ftruncate fs/open.c:201 [inline]
 __se_sys_ftruncate fs/open.c:199 [inline]
 __x64_sys_ftruncate+0x94/0xf0 fs/open.c:199
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f53f8244f99
RSP: 002b:00007f53f81da218 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f53f82f16d8 RCX: 00007f53f8244f99
RDX: 00007f53f821e5f6 RSI: 0000000000000006 RDI: 0000000000000005
RBP: 00007f53f82f16d0 R08: 00007ffd7e15fa57 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53f82bdd3c
R13: 756d6d695f737973 R14: 00007ffd7e15f970 R15: 00007ffd7e15fa58
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6744
2 locks held by getty/5572:
 #0: ffff8880358e10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000330b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
1 lock held by syz-executor385/6297:
 #0: ffff8880781a4668 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
 #0: ffff8880781a4668 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_order+0x326/0xb60 mm/readahead.c:488
2 locks held by syz-executor385/6308:
 #0: ffff8880308fc420 (sb_writers#9){.+.+}-{0:0}, at: do_ftruncate+0x28b/0x580 fs/open.c:178
 #1: ffff8880781a44c8 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
 #1: ffff8880781a44c8 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: do_truncate fs/open.c:63 [inline]
 #1: ffff8880781a44c8 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: do_ftruncate+0x44e/0x580 fs/open.c:181

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
 watchdog+0xff6/0x1040 kernel/hung_task.c:397
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6317 Comm: kworker/u8:0 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:insn_get_opcode+0x51/0xe80 arch/x86/lib/insn.c:279
Code: 4d 8d 6f 1c 4c 89 ed 48 c1 ed 03 42 0f b6 44 35 00 84 c0 0f 85 1e 0b 00 00 41 0f b6 5d 00 45 31 e4 31 ff 89 de e8 0f 95 df f5 <85> db 74 0a e8 06 92 df f5 e9 cc 0a 00 00 4c 89 ff e8 c9 e4 ff ff
RSP: 0018:ffffc90003cc7658 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8880306f3c00
RDX: ffff8880306f3c00 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff92000798f27 R08: ffffffff8bbfe191 R09: 0000000000000000
R10: ffffc90003cc7920 R11: fffff52000798f2f R12: 0000000000000000
R13: ffffc90003cc793c R14: dffffc0000000000 R15: ffffc90003cc7920
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc84f01c580 CR3: 000000000e736000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 insn_get_modrm+0x63/0x730 arch/x86/lib/insn.c:369
 insn_get_sib arch/x86/lib/insn.c:443 [inline]
 insn_get_displacement+0x151/0x9a0 arch/x86/lib/insn.c:484
 insn_get_immediate+0x62/0x11f0 arch/x86/lib/insn.c:650
 insn_get_length arch/x86/lib/insn.c:723 [inline]
 insn_decode+0x2d6/0x4c0 arch/x86/lib/insn.c:762
 text_poke_loc_init+0xed/0x870 arch/x86/kernel/alternative.c:2428
 arch_jump_label_transform_queue+0x8f/0x100 arch/x86/kernel/jump_label.c:138
 __jump_label_update+0x177/0x3a0 kernel/jump_label.c:513
 static_key_disable_cpuslocked+0xd2/0x1c0 kernel/jump_label.c:240
 static_key_disable+0x1a/0x20 kernel/jump_label.c:248
 toggle_allocation_gate+0x1bf/0x260 mm/kfence/core.c:854
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.354 msecs