syzbot

INFO: task syz-executor248:5053 blocked for more than 143 seconds.
      Not tainted 6.8.0-rc3-syzkaller-00317-g7521f258ea30 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor248 state:D stack:22680 pid:5053  tgid:5053  ppid:5052   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0x177f/0x49a0 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0x149/0x260 kernel/sched/core.c:6817
 wait_extent_bit fs/btrfs/extent-io-tree.c:822 [inline]
 lock_extent+0x69d/0x860 fs/btrfs/extent-io-tree.c:1868
 btrfs_page_mkwrite+0x743/0x10c0 fs/btrfs/inode.c:8180
 do_page_mkwrite+0x19b/0x480 mm/memory.c:2966
 wp_page_shared mm/memory.c:3353 [inline]
 do_wp_page+0x20e3/0x4c90 mm/memory.c:3493
 handle_pte_fault mm/memory.c:5160 [inline]
 __handle_mm_fault+0x26ad/0x72d0 mm/memory.c:5285
 handle_mm_fault+0x27e/0x770 mm/memory.c:5450
 do_user_addr_fault arch/x86/mm/fault.c:1415 [inline]
 handle_page_fault arch/x86/mm/fault.c:1507 [inline]
 exc_page_fault+0x2ad/0x870 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0010:rep_movs_alternative+0x33/0x70 arch/x86/lib/copy_user_64.S:58
Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
RSP: 0018:ffffc90003a2f530 EFLAGS: 00050206
RAX: 0000000000000000 RBX: 0000000020000218 RCX: 0000000000000038
RDX: 0000000000000000 RSI: ffffc90003a2f5e0 RDI: 00000000200001e0
RBP: ffffc90003a2f690 R08: ffffc90003a2f617 R09: 1ffff92000745ec2
R10: dffffc0000000000 R11: fffff52000745ec3 R12: 0000000000000038
R13: ffffc90003a2f5e0 R14: 00000000200001e0 R15: ffffc90003a2f5e0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:112 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:133 [inline]
 _copy_to_user+0x86/0xb0 lib/usercopy.c:41
 copy_to_user include/linux/uaccess.h:191 [inline]
 fiemap_fill_next_extent+0x235/0x410 fs/ioctl.c:145
 emit_last_fiemap_cache fs/btrfs/extent_io.c:2555 [inline]
 extent_fiemap+0x1b9c/0x1fe0 fs/btrfs/extent_io.c:3082
 btrfs_fiemap+0x178/0x1f0 fs/btrfs/inode.c:7848
 ioctl_fiemap fs/ioctl.c:220 [inline]
 do_vfs_ioctl+0x1a02/0x2b60 fs/ioctl.c:811
 __do_sys_ioctl fs/ioctl.c:869 [inline]
 __se_sys_ioctl+0x81/0x170 fs/ioctl.c:857
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f0ff534ab59
RSP: 002b:00007ffc5e3f0b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0ff534ab59
RDX: 00000000200001c0 RSI: 00000000c020660b RDI: 0000000000000006
RBP: 00007f0ff53c35f0 R08: 0000000000000000 R09: 000055555703a4c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5e3f0b50
R13: 00007ffc5e3f0d78 R14: 431bde82d7b634db R15: 00007f0ff539303b
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/u4:0/11:
 #0: ffff8880b953c918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:559
 #1: ffff8880b9528988 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3a7/0x770 kernel/sched/psi.c:976
 #2: ffff8880b952a958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x6a1/0xfd0 kernel/time/timer.c:1112
 #3: ffffffff946ff620 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x16d/0x510 lib/debugobjects.c:708
 #4: ffffffff8dfe1268 (text_mutex){+.+.}-{3:3}, at: arch_jump_label_transform_apply+0x17/0x30 arch/x86/kernel/jump_label.c:145
 #5: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #5: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #5: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380 mm/pgtable-generic.c:285
1 lock held by khungtaskd/29:
 #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by getty/4805:
 #0: ffff88802b9820a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 drivers/tty/n_tty.c:2201
4 locks held by syz-executor248/5053:
 #0: ffff88807e1d8e10 (&sb->s_type->i_mutex_key#14){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:812 [inline]
 #0: ffff88807e1d8e10 (&sb->s_type->i_mutex_key#14){++++}-{3:3}, at: btrfs_inode_lock+0x60/0xe0 fs/btrfs/inode.c:379
 #1: ffff888076d8c420 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
 #1: ffff888076d8c420 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5477 [inline]
 #1: ffff888076d8c420 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x32/0x2e0 mm/memory.c:5537
 #2: ffff888029c8a518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x19b/0x480 mm/memory.c:2966
 #3: ffff88807e1d8c98 (&ei->i_mmap_lock){.+.+}-{3:3}, at: btrfs_page_mkwrite+0x603/0x10c0 fs/btrfs/inode.c:8169

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc3-syzkaller-00317-g7521f258ea30 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0xfaf/0xff0 kernel/hung_task.c:379
 kthread+0x2ef/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4497 Comm: klogd Not tainted 6.8.0-rc3-syzkaller-00317-g7521f258ea30 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:__sanitizer_cov_trace_switch+0x12/0x120 kernel/kcov.c:324
Code: 00 00 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 54 53 4c 8b 16 48 8b 46 08 <48> 83 c0 f8 48 c1 c0 3d 48 83 f8 02 7f 1f 48 85 c0 74 3a 48 83 f8
RSP: 0018:ffffc9000313f200 EFLAGS: 00000202
RAX: 0000000000000020 RBX: 0000000000000000 RCX: ffff888076698000
RDX: ffffc9000313f335 RSI: ffffffff8dfa0200 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000003 R09: ffffffff81405417
R10: 0000000000000008 R11: ffff888076698000 R12: ffffffff8f9be3cc
R13: dffffc0000000000 R14: ffffc9000313f350 R15: 1ffff92000627e60
FS:  00007ff874843380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056351fc2cff8 CR3: 000000002d754000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 unwind_next_frame+0x7c3/0x29e0 arch/x86/kernel/unwind_orc.c:515
 arch_stack_walk+0x150/0x1b0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x117/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:372 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slub.c:3981 [inline]
 __kmalloc_node_track_caller+0x249/0x4e0 mm/slub.c:4001
 kmalloc_reserve+0xf3/0x260 net/core/skbuff.c:582
 __alloc_skb+0x1b1/0x420 net/core/skbuff.c:651
 alloc_skb include/linux/skbuff.h:1296 [inline]
 alloc_skb_with_frags+0xc3/0x780 net/core/skbuff.c:6394
 sock_alloc_send_pskb+0x919/0xa60 net/core/sock.c:2784
 unix_dgram_sendmsg+0x696/0x2200 net/unix/af_unix.c:1972
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 __sys_sendto+0x3a4/0x4f0 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2199
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7ff8749a59b5
Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffdefeb2508 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff8749a59b5
RDX: 000000000000008b RSI: 000056249d641f50 RDI: 0000000000000003
RBP: 000056249d63d910 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013
R13: 00007ff874b33212 R14: 00007ffdefeb2608 R15: 0000000000000000
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.597 msecs