INFO: task syz-executor.0:9870 blocked for more than 143 seconds.
      Not tainted 6.9.0-rc5-syzkaller-00042-ge88c4cfcb7b8 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:26328 pid:9870  tgid:9869  ppid:9353   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0x1796/0x4a00 kernel/sched/core.c:6746
 __schedule_loop kernel/sched/core.c:6823 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6838
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895
 rwsem_down_read_slowpath kernel/locking/rwsem.c:1086 [inline]
 __down_read_common kernel/locking/rwsem.c:1250 [inline]
 __down_read kernel/locking/rwsem.c:1263 [inline]
 down_read+0x705/0xa40 kernel/locking/rwsem.c:1528
 filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
 page_cache_ra_unbounded+0xfb/0x7a0 mm/readahead.c:225
 do_sync_mmap_readahead+0x444/0x850
 filemap_fault+0x7e5/0x16a0 mm/filemap.c:3289
 __do_fault+0x135/0x460 mm/memory.c:4531
 do_read_fault mm/memory.c:4894 [inline]
 do_fault mm/memory.c:5024 [inline]
 do_pte_missing mm/memory.c:3880 [inline]
 handle_pte_fault mm/memory.c:5300 [inline]
 __handle_mm_fault+0x45f7/0x7240 mm/memory.c:5441
 handle_mm_fault+0x27f/0x770 mm/memory.c:5606
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x2a8/0x8e0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x30/0x70 arch/x86/lib/copy_user_64.S:57
Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08
RSP: 0018:ffffc900143afe10 EFLAGS: 00050202
RAX: ffffffff84a67e01 RBX: 000000002000024c RCX: 000000000000000c
RDX: 0000000000000001 RSI: 0000000020000240 RDI: ffffc900143afe80
RBP: ffffc900143aff00 R08: 0000000000000003 R09: fffff52002875fd1
R10: dffffc0000000000 R11: fffff52002875fd1 R12: 0000000020000240
R13: 0000000000000001 R14: ffffc900143afe80 R15: 000000000000000c
 copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:125 [inline]
 _copy_from_user+0x8c/0xe0 lib/usercopy.c:23
 copy_from_user include/linux/uaccess.h:183 [inline]
 __do_sys_epoll_ctl fs/eventpoll.c:2383 [inline]
 __se_sys_epoll_ctl fs/eventpoll.c:2377 [inline]
 __x64_sys_epoll_ctl+0x124/0x1a0 fs/eventpoll.c:2377
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe36d07dea9
RSP: 002b:00007fe36dea10c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
RAX: ffffffffffffffda RBX: 00007fe36d1abf80 RCX: 00007fe36d07dea9
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000007
RBP: 00007fe36d0ca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fe36d1abf80 R15: 00007ffebdff75b8
 </TASK>
INFO: task syz-executor.0:9871 blocked for more than 145 seconds.
      Not tainted 6.9.0-rc5-syzkaller-00042-ge88c4cfcb7b8 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:25752 pid:9871  tgid:9869  ppid:9353   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0x1796/0x4a00 kernel/sched/core.c:6746
 __schedule_loop kernel/sched/core.c:6823 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6838
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895
 rwsem_down_read_slowpath kernel/locking/rwsem.c:1086 [inline]
 __down_read_common kernel/locking/rwsem.c:1250 [inline]
 __down_read kernel/locking/rwsem.c:1263 [inline]
 down_read+0x705/0xa40 kernel/locking/rwsem.c:1528
 filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
 page_cache_ra_unbounded+0xfb/0x7a0 mm/readahead.c:225
 do_sync_mmap_readahead+0x444/0x850
 filemap_fault+0x7e5/0x16a0 mm/filemap.c:3289
 __do_fault+0x135/0x460 mm/memory.c:4531
 do_read_fault mm/memory.c:4894 [inline]
 do_fault mm/memory.c:5024 [inline]
 do_pte_missing mm/memory.c:3880 [inline]
 handle_pte_fault mm/memory.c:5300 [inline]
 __handle_mm_fault+0x45f7/0x7240 mm/memory.c:5441
 handle_mm_fault+0x27f/0x770 mm/memory.c:5606
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x2a8/0x8e0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:__get_user_4+0x11/0x20 arch/x86/lib/getuser.S:77
Code: 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
RSP: 0018:ffffc9001439f998 EFLAGS: 00050206
RAX: 0000000020000100 RBX: ffff888054a92e08 RCX: ffffc9001439f803
RDX: 0000000000000000 RSI: ffffffff8bcaca20 RDI: ffffffff8c1ec360
RBP: ffffc9001439fec8 R08: ffffffff8fa7d12f R09: 1ffffffff1f4fa25
R10: dffffc0000000000 R11: fffffbfff1f4fa26 R12: ffffffff8e47a2a0
R13: ffff88802057e2f0 R14: dffffc0000000000 R15: ffff888054a92c80
 ioctl_setflags fs/ioctl.c:724 [inline]
 do_vfs_ioctl+0xbc2/0x2e50 fs/ioctl.c:867
 __do_sys_ioctl fs/ioctl.c:902 [inline]
 __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe36d07dea9
RSP: 002b:00007fe36de800c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe36d1ac050 RCX: 00007fe36d07dea9
RDX: 0000000020000100 RSI: 0000000040086602 RDI: 0000000000000005
RBP: 00007fe36d0ca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fe36d1ac050 R15: 00007ffebdff75b8
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:0/10:
1 lock held by khungtaskd/29:
 #0: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #0: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #0: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by getty/4826:
 #0: ffff88802a7720a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000313b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2201
1 lock held by syz-executor.3/6878:
1 lock held by syz-executor.3/7069:
1 lock held by syz-executor.2/9863:
1 lock held by syz-executor.0/9870:
 #0: ffff88801d4b42c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
 #0: ffff88801d4b42c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: page_cache_ra_unbounded+0xfb/0x7a0 mm/readahead.c:225
1 lock held by syz-executor.0/9871:
 #0: ffff88801d4b42c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
 #0: ffff88801d4b42c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: page_cache_ra_unbounded+0xfb/0x7a0 mm/readahead.c:225
1 lock held by syz-executor.4/10746:
3 locks held by syz-executor.0/11140:
2 locks held by syz-executor.0/11158:
 #0: ffff888063406420 (sb_writers#41){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28){++++}-{3:3}, at: inode_lock include/linux/fs.h:795 [inline]
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28){++++}-{3:3}, at: open_last_lookups fs/namei.c:3563 [inline]
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28){++++}-{3:3}, at: path_openat+0x7d3/0x3240 fs/namei.c:3796
2 locks held by syz-executor.0/11161:
 #0: ffff888063406420 (sb_writers#41){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline]
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:3892
1 lock held by syz-executor.0/11163:
 #0: ffff88807fbd4188 (&type->i_mutex_dir_key#28){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:805 [inline]
 #0: ffff88807fbd4188 (&type->i_mutex_dir_key#28){++++}-{3:3}, at: lookup_slow+0x45/0x70 fs/namei.c:1708
2 locks held by syz-executor.0/11164:
 #0: ffff888063406420 (sb_writers#41){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline]
 #1: ffff88807fbd4188 (&type->i_mutex_dir_key#28/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:3892
1 lock held by syz-executor.1/11501:
 #0: ffffffff8e33a0b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline]
 #0: ffffffff8e33a0b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x39a/0x820 kernel/rcu/tree_exp.h:939

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.9.0-rc5-syzkaller-00042-ge88c4cfcb7b8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
 watchdog+0xfde/0x1020 kernel/hung_task.c:380
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 11015 Comm: kworker/u8:10 Not tainted 6.9.0-rc5-syzkaller-00042-ge88c4cfcb7b8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:check_preemption_disabled+0x19/0x120 lib/smp_processor_id.c:14
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 <65> 8b 1d fc 87 8c 74 65 8b 05 f1 87 8c 74 a9 ff ff ff 7f 74 26 65
RSP: 0018:ffffc90000a07c30 EFLAGS: 00000086
RAX: 88c2e1ef7117c200 RBX: ffffffff8183cdcb RCX: ffff8880296c1e00
RDX: 0000000080000702 RSI: ffffffff8bcab8c0 RDI: ffffffff8c1ec360
RBP: ffffc90000a07d58 R08: ffffffff8183cd7e R09: 1ffffffff25e00bc
R10: dffffc0000000000 R11: fffffbfff25e00bd R12: dffffc0000000000
R13: 0000000000000200 R14: ffffffff8183cdcb R15: 1ffff92000140f94
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055558ccb3978 CR3: 000000000e134000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 lockdep_hardirqs_off+0xa9/0x110 kernel/locking/lockdep.c:4444
 trace_hardirqs_off+0x12/0x40 kernel/trace/trace_preemptirq.c:87
 seqcount_lockdep_reader_access+0x11b/0x220 include/linux/seqlock.h:72
 timekeeping_get_delta kernel/time/timekeeping.c:254 [inline]
 timekeeping_get_ns kernel/time/timekeeping.c:388 [inline]
 ktime_get_with_offset+0x105/0x330 kernel/time/timekeeping.c:891
 ktime_get_real include/linux/timekeeping.h:82 [inline]
 netif_rx_internal+0x41d/0x600 net/core/dev.c:5050
 __netif_rx+0x78/0xc0 net/core/dev.c:5093
 veth_forward_skb drivers/net/veth.c:321 [inline]
 veth_xmit+0x61d/0xad0 drivers/net/veth.c:374
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3547
 __dev_queue_xmit+0x1ad1/0x3ca0 net/core/dev.c:4341
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 hsr_xmit net/hsr/hsr_forward.c:380 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:471 [inline]
 hsr_forward_skb+0x183f/0x2400 net/hsr/hsr_forward.c:619
 hsr_dev_xmit+0x149/0x1d0 net/hsr/hsr_device.c:229
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3547
 __dev_queue_xmit+0x1ad1/0x3ca0 net/core/dev.c:4341
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0xff8/0x1670 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x41e/0x810 net/ipv6/ip6_output.c:222
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ndisc_send_skb+0xab0/0x1380 net/ipv6/ndisc.c:509
 addrconf_rs_timer+0x36e/0x660 net/ipv6/addrconf.c:4038
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1844 [inline]
 __run_timers kernel/time/timer.c:2418 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429
 run_timer_base kernel/time/timer.c:2438 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448
 __do_softirq+0x2c6/0x980 kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__text_poke+0xa4a/0xd30 arch/x86/kernel/alternative.c:1961
Code: 7c 24 50 00 75 19 e8 a5 7c 60 00 eb 18 e8 9e 7c 60 00 e8 29 aa 41 0a 48 83 7c 24 50 00 74 e7 e8 8c 7c 60 00 fb 48 8b 44 24 78 <42> 80 3c 28 00 74 0d 48 8d bc 24 60 01 00 00 e8 d2 8d c1 00 48 8b
RSP: 0018:ffffc90003557740 EFLAGS: 00000293
RAX: 1ffff920006aaf14 RBX: 0000000000000000 RCX: ffff8880296c1e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003557910 R08: ffffffff813583b4 R09: 1ffffffff25e00a0
R10: dffffc0000000000 R11: fffffbfff25e00a1 R12: 1ffff920006aaef8
R13: dffffc0000000000 R14: 0000000000000046 R15: ffffffff81eb8b5a
 text_poke arch/x86/kernel/alternative.c:1985 [inline]
 text_poke_bp_batch+0x8cd/0xb30 arch/x86/kernel/alternative.c:2374
 text_poke_flush arch/x86/kernel/alternative.c:2487 [inline]
 text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2494
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_disable_cpuslocked+0xce/0x1c0 kernel/jump_label.c:235
 static_key_disable+0x1a/0x20 kernel/jump_label.c:243
 toggle_allocation_gate+0x1b8/0x250 mm/kfence/core.c:831
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>