INFO: task syz.3.267:7956 blocked for more than 143 seconds.
Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.267 state:D stack:24616 pid:7956 tgid:7956 ppid:5822 task_flags:0x400040 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x16a2/0x4cb0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6878
__bch2_two_state_lock+0x1ea/0x370 fs/bcachefs/two_state_shared_lock.c:7
bch2_two_state_lock fs/bcachefs/two_state_shared_lock.h:55 [inline]
bch2_page_fault+0x2f6/0x7a0 fs/bcachefs/fs-io-pagecache.c:592
__do_fault+0x138/0x390 mm/memory.c:5189
do_shared_fault mm/memory.c:5674 [inline]
do_fault mm/memory.c:5748 [inline]
do_pte_missing mm/memory.c:4251 [inline]
handle_pte_fault mm/memory.c:6089 [inline]
__handle_mm_fault+0x198b/0x5620 mm/memory.c:6232
handle_mm_fault+0x2d5/0x7f0 mm/memory.c:6401
do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1336
handle_page_fault arch/x86/mm/fault.c:1476 [inline]
exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f906eb5666b
RSP: 002b:00007ffe74267778 EFLAGS: 00010246
RAX: 0000200000009600 RBX: 0000000000000004 RCX: 0000000000736678
RDX: 0000000000000004 RSI: 0000000000736678 RDI: 0000200000009600
RBP: 00007f906edb7ba0 R08: 00007f906ea00000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00007f906edb616c
R13: 00007f906edb6160 R14: fffffffffffffffe R15: 00007ffe74267890
INFO: task syz.3.267:7957 blocked for more than 144 seconds.
Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.267 state:D stack:17720 pid:7957 tgid:7956 ppid:5822 task_flags:0x440140 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x16a2/0x4cb0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6878
__bch2_two_state_lock+0x1ea/0x370 fs/bcachefs/two_state_shared_lock.c:7
bch2_two_state_lock fs/bcachefs/two_state_shared_lock.h:55 [inline]
bch2_readahead+0x94f/0x1100 fs/bcachefs/fs-io-buffered.c:296
read_pages+0x17a/0x580 mm/readahead.c:160
page_cache_ra_order+0xa24/0xc70 mm/readahead.c:515
filemap_readahead mm/filemap.c:2571 [inline]
filemap_get_pages+0xb22/0x1ea0 mm/filemap.c:2616
filemap_splice_read+0x4fc/0xbc0 mm/filemap.c:2990
do_splice_read fs/splice.c:979 [inline]
splice_direct_to_actor+0x4a6/0xcc0 fs/splice.c:1083
do_splice_direct_actor fs/splice.c:1201 [inline]
do_splice_direct+0x181/0x270 fs/splice.c:1227
vfs_copy_file_range+0xabc/0x1310 fs/read_write.c:1627
__do_sys_copy_file_range fs/read_write.c:1677 [inline]
__se_sys_copy_file_range+0x2fb/0x470 fs/read_write.c:1644
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f906eb8e929
RSP: 002b:00007f906c9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
RAX: ffffffffffffffda RBX: 00007f906edb5fa0 RCX: 00007f906eb8e929
RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008
RBP: 00007f906ec10b39 R08: 0000000000400000 R09: 0000000000000000
R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f906edb5fa0 R15: 00007ffe74267618
INFO: task syz.3.267:7986 blocked for more than 145 seconds.
Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.267 state:D stack:24408 pid:7986 tgid:7956 ppid:5822 task_flags:0x400040 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x16a2/0x4cb0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6878
io_schedule+0x81/0xe0 kernel/sched/core.c:7723
folio_wait_bit_common+0x6b0/0xb90 mm/filemap.c:1317
folio_lock include/linux/pagemap.h:1114 [inline]
invalidate_inode_pages2_range+0x557/0xa80 mm/truncate.c:690
bch2_write_invalidate_inode_pages_range+0xc5/0x110 fs/bcachefs/fs-io-pagecache.c:68
bch2_direct_write+0x2a62/0x2ce0 fs/bcachefs/fs-io-direct.c:662
bch2_write_iter+0x18f/0x2b90 fs/bcachefs/fs-io-buffered.c:1064
do_iter_readv_writev+0x56b/0x7f0 fs/read_write.c:-1
vfs_writev+0x31a/0x960 fs/read_write.c:1057
do_pwritev fs/read_write.c:1153 [inline]
__do_sys_pwritev2 fs/read_write.c:1211 [inline]
__se_sys_pwritev2+0x179/0x290 fs/read_write.c:1202
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f906eb8e929
RSP: 002b:00007f906c9d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
RAX: ffffffffffffffda RBX: 00007f906edb6080 RCX: 00007f906eb8e929
RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000006
RBP: 00007f906ec10b39 R08: 0000000000000000 R09: 0000000000000003
R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f906edb6080 R15: 00007ffe74267618
Showing all locks held in the system:
1 lock held by pool_workqueue_/3:
#0: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
#0: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:998
1 lock held by khungtaskd/31:
#0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770
3 locks held by kworker/u8:7/1163:
#0: ffff8880b863b798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:606
#1: ffffc9000410fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc9000410fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
#2: ffff8880b8625958 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline]
#2: ffff8880b8625958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085
1 lock held by udevd/5194:
2 locks held by dhcpcd/5488:
#0: ffffffff8f4e2908 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x5ee/0x790 net/socket.c:1273
#1: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xd0/0x650 net/8021q/vlan.c:553
2 locks held by getty/5585:
#0: ffff88814c1eb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
1 lock held by syz.3.267/7956:
#0: ffff8880342aba88 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x2d9/0x1390 arch/x86/mm/fault.c:1327
1 lock held by syz.3.267/7957:
#0: ffff888057992148 (mapping.invalidate_lock#8){.+.+}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:934 [inline]
#0: ffff888057992148 (mapping.invalidate_lock#8){.+.+}-{4:4}, at: page_cache_ra_order+0x445/0xc70 mm/readahead.c:491
1 lock held by syz.3.267/7986:
#0: ffff888034d9e428 (sb_writers#26){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3096 [inline]
#0: ffff888034d9e428 (sb_writers#26){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 fs/read_write.c:1055
8 locks held by syz-executor/9590:
#0: ffff8880364d8428 (sb_writers#7){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3096 [inline]
#0: ffff8880364d8428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 fs/read_write.c:682
#1: ffff888056dac488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 fs/kernfs/file.c:325
#2: ffff888143f55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 fs/kernfs/file.c:326
#3: ffffffff8ed98ca8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 drivers/net/netdevsim/bus.c:216
#4: ffff8880575060e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#4: ffff8880575060e8 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1094 [inline]
#4: ffff8880575060e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 drivers/base/dd.c:1292
#5: ffff888025354250 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1675
#6: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xdb/0x670 drivers/net/netdevsim/netdev.c:1064
#7: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
#7: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:998
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
watchdog+0xfee/0x1030 kernel/hung_task.c:470
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 8213 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:format_decode+0xcf/0xe30 lib/vsprintf.c:2625
Code: 97 47 c6 f6 eb c4 e8 c0 f4 64 f6 eb 05 e8 b9 f4 64 f6 4d 85 f6 41 0f 94 c6 0f b6 db 31 ff 89 de e8 a6 f7 64 f6 84 db 0f 95 c0 <41> 84 c6 75 16 e8 97 f4 64 f6 4c 8b 74 24 18 49 81 e6 00 ff ff ff
RSP: 0018:ffffc90004df64d0 EFLAGS: 00000202
RAX: ffffffff8b5b6601 RBX: 0000000000000025 RCX: 0000000000000000
RDX: ffff88802fe00000 RSI: 0000000000000025 RDI: 0000000000000000
RBP: ffffffff8b8b8145 R08: ffff88802fe00000 R09: 0000000000000002
R10: 0000000000000025 R11: 0000000000000000 R12: ffffffff8b8b8146
R13: ffffc90004df6578 R14: 0000000000000000 R15: ffffffff8b8b8145
FS: 0000555555653500(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd3bed9ef8 CR3: 0000000076a36000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vsnprintf+0x102/0xf00 lib/vsprintf.c:2817
sprintf+0xd9/0x120 lib/vsprintf.c:3037
print_time kernel/printk/printk.c:1381 [inline]
info_print_prefix+0x155/0x310 kernel/printk/printk.c:1407
record_print_text+0x154/0x430 kernel/printk/printk.c:1456
printk_get_next_message+0x26d/0x7b0 kernel/printk/printk.c:3024
console_emit_next_record kernel/printk/printk.c:3092 [inline]
console_flush_all+0x4ca/0xc40 kernel/printk/printk.c:3226
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
_printk+0xcf/0x120 kernel/printk/printk.c:2475
bio_check_eod block/blk-core.c:563 [inline]
submit_bio_noacct+0x108b/0x1a70 block/blk-core.c:796
__submit_merged_bio+0x27a/0x6a0 fs/f2fs/data.c:543
__f2fs_submit_merged_write fs/f2fs/data.c:638 [inline]
__submit_merged_write_cond+0x255/0x530 fs/f2fs/data.c:660
f2fs_submit_merged_write_cond fs/f2fs/data.c:677 [inline]
f2fs_write_cache_pages fs/f2fs/data.c:3201 [inline]
__f2fs_write_data_pages fs/f2fs/data.c:3282 [inline]
f2fs_write_data_pages+0x261d/0x3000 fs/f2fs/data.c:3309
do_writepages+0x32b/0x550 mm/page-writeback.c:2636
filemap_fdatawrite_wbc mm/filemap.c:386 [inline]
__filemap_fdatawrite_range mm/filemap.c:419 [inline]
__filemap_fdatawrite mm/filemap.c:425 [inline]
filemap_fdatawrite+0x191/0x230 mm/filemap.c:430
f2fs_sync_dirty_inodes+0x31f/0x830 fs/f2fs/checkpoint.c:1108
block_operations fs/f2fs/checkpoint.c:1247 [inline]
f2fs_write_checkpoint+0x94a/0x1de0 fs/f2fs/checkpoint.c:1638
kill_f2fs_super+0x2c3/0x6c0 fs/f2fs/super.c:5076
deactivate_locked_super+0xbc/0x130 fs/super.c:474
cleanup_mnt+0x425/0x4c0 fs/namespace.c:1417
task_work_run+0x1d1/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f632b38fc57
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffeedfd39a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f632b410925 RCX: 00007f632b38fc57
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeedfd3a60
RBP: 00007ffeedfd3a60 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeedfd4af0
R13: 00007f632b410925 R14: 0000000000064ae3 R15: 00007ffeedfd4b30