syzbot

INFO: task syz-executor401:5859 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor401 state:D stack:18968 pid:5859  tgid:5859  ppid:5853   task_flags:0x440140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x168f/0x4c70 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6860
 __closure_sync+0x163/0x220 lib/closure.c:146
 bch2_wait_on_allocator fs/bcachefs/alloc_foreground.h:256 [inline]
 __bch2_write+0x324b/0x39b0 fs/bcachefs/io_write.c:1575
 closure_queue include/linux/closure.h:270 [inline]
 closure_call include/linux/closure.h:432 [inline]
 bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:494 [inline]
 bch2_writepages+0x269/0x360 fs/bcachefs/fs-io-buffered.c:677
 do_writepages+0x3b1/0x7b0 mm/page-writeback.c:2656
 filemap_fdatawrite_wbc mm/filemap.c:386 [inline]
 __filemap_fdatawrite_range mm/filemap.c:419 [inline]
 file_write_and_wait_range+0x22c/0x330 mm/filemap.c:794
 bch2_fsync+0x127/0x330 fs/bcachefs/fs-io.c:243
 generic_write_sync include/linux/fs.h:2976 [inline]
 bch2_write_iter+0x2822/0x2b90 fs/bcachefs/fs-io-buffered.c:1097
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x54b/0xa90 fs/read_write.c:684
 ksys_pwrite64 fs/read_write.c:791 [inline]
 __do_sys_pwrite64 fs/read_write.c:799 [inline]
 __se_sys_pwrite64 fs/read_write.c:796 [inline]
 __x64_sys_pwrite64+0x193/0x220 fs/read_write.c:796
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7211906ab9
RSP: 002b:00007fff2efb3e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 0000200000000040 RCX: 00007f7211906ab9
RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000004
RBP: 00000000000f4240 R08: 00007fff2efb3e68 R09: 00007fff2efb3e68
R10: 000000000000fecc R11: 0000000000000246 R12: 0000000000000004
R13: 00007fff2efb3e80 R14: 00007fff2efb3e6c R15: 00007fff2efb3e70
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6764
2 locks held by getty/5579:
 #0: ffff88814dfc10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900030062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
1 lock held by syz-executor401/5859:
 #0: ffff88807c634420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3041 [inline]
 #0: ffff88807c634420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 fs/read_write.c:680
1 lock held by bch-copygc/loop/5901:
3 locks held by syz-executor401/9070:
 #0: ffff88808ed80940 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_alloc fs/bcachefs/super.c:828 [inline]
 #0: ffff88808ed80940 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_open+0x12e6/0x2820 fs/bcachefs/super.c:2210
 #1: ffff88808ed84860 (&c->mark_lock){++++}-{0:0}, at: bch2_sb_replicas_to_cpu_replicas+0x117/0x1a0 fs/bcachefs/replicas.c:600
 #2: ffffffff8df439b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
 #2: ffffffff8df439b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b7/0x730 kernel/rcu/tree_exp.h:998
2 locks held by syz-executor401/9092:
3 locks held by syz-executor401/9093:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0xfee/0x1030 kernel/hung_task.c:437
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3511 Comm: kworker/u8:8 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:ptlock_ptr include/linux/mm.h:3030 [inline]
RIP: 0010:pte_lockptr include/linux/mm.h:3054 [inline]
RIP: 0010:__pte_offset_map_lock+0xf0/0x1e0 mm/pgtable-generic.c:401
Code: 4c 21 fd 48 c1 ed 06 48 b8 28 00 00 00 00 ea ff ff 48 01 c5 48 89 e8 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 80 3c 38 00 <74> 08 48 89 ef e8 d6 a2 12 00 48 8b 6d 00 48 89 ef e8 0a d3 44 09
RSP: 0000:ffffc9000baef6c8 EFLAGS: 00000246
RAX: 1ffffd40000d03e5 RBX: 000ffffffffff000 RCX: ffff888030ae3c00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffea0000681f28 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff820d1cc9 R12: 1ffff1100340f555
R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881261f6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f720a3ff000 CR3: 000000000dd38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 get_locked_pte include/linux/mm.h:2843 [inline]
 __text_poke+0x29c/0xbf0 arch/x86/kernel/alternative.c:2571
 text_poke arch/x86/kernel/alternative.c:2656 [inline]
 text_poke_bp_batch+0x242/0x940 arch/x86/kernel/alternative.c:2964
 text_poke_flush arch/x86/kernel/alternative.c:3158 [inline]
 text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:3165
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_disable_cpuslocked+0xc5/0x1b0 kernel/jump_label.c:240
 static_key_disable+0x1a/0x20 kernel/jump_label.c:248
 toggle_allocation_gate+0x1a1/0x240 mm/kfence/core.c:855
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.092 msecs