INFO: task syz-executor.2:15677 blocked for more than 143 seconds.
      Not tainted 6.0.0-next-20221017-syzkaller-13375-g77d8bf70fac0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28760 pid:15677 ppid:3640   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xae9/0x53f0 kernel/sched/core.c:6503
 schedule+0xda/0x1b0 kernel/sched/core.c:6579
 rwsem_down_write_slowpath+0x5fc/0x12d0 kernel/locking/rwsem.c:1190
 __down_write_common kernel/locking/rwsem.c:1305 [inline]
 __down_write_common kernel/locking/rwsem.c:1302 [inline]
 __down_write kernel/locking/rwsem.c:1314 [inline]
 down_write+0x1e4/0x220 kernel/locking/rwsem.c:1563
 mmap_write_lock include/linux/mmap_lock.h:71 [inline]
 userfaultfd_release+0x1f0/0x680 fs/userfaultfd.c:875
 __fput+0x27c/0xa90 fs/file_table.c:320
 task_work_run+0x16b/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:296
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa50f83d37b
RSP: 002b:00007ffd521b5cb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007fa50f83d37b
RDX: 0000001b2ea20000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fa50f9ad980 R08: 0000000000000000 R09: 00007ffd521bc080
R10: 00007ffd521bc090 R11: 0000000000000293 R12: 00000000001143b7
R13: 00007ffd521b5db0 R14: 00007ffd521b5dd0 R15: 0000000000000032
 </TASK>
INFO: task syz-executor.2:15678 blocked for more than 143 seconds.
      Not tainted 6.0.0-next-20221017-syzkaller-13375-g77d8bf70fac0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28552 pid:15678 ppid:3640   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xae9/0x53f0 kernel/sched/core.c:6503
 schedule+0xda/0x1b0 kernel/sched/core.c:6579
 rwsem_down_read_slowpath+0x59f/0xb10 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe2/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 exit_mm kernel/exit.c:492 [inline]
 do_exit+0x919/0x2a20 kernel/exit.c:807
 do_group_exit+0xd0/0x2a0 kernel/exit.c:950
 get_signal+0x21a1/0x2430 kernel/signal.c:2858
 arch_do_signal_or_restart+0x82/0x2300 arch/x86/kernel/signal.c:869
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:296
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa50f88b5a9
RSP: 002b:00007fa510ac7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fa50f9abf88 RCX: 00007fa50f88b5a9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa50f9abf88
RBP: 00007fa50f9abf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa50f9abf8c
R13: 00007ffd521b5c4f R14: 00007fa510ac7300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:15686 blocked for more than 144 seconds.
      Not tainted 6.0.0-next-20221017-syzkaller-13375-g77d8bf70fac0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28576 pid:15686 ppid:3640   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xae9/0x53f0 kernel/sched/core.c:6503
 schedule+0xda/0x1b0 kernel/sched/core.c:6579
 rwsem_down_write_slowpath+0x5fc/0x12d0 kernel/locking/rwsem.c:1190
 __down_write_common kernel/locking/rwsem.c:1305 [inline]
 __down_write_common kernel/locking/rwsem.c:1302 [inline]
 __down_write kernel/locking/rwsem.c:1314 [inline]
 down_write+0x1e4/0x220 kernel/locking/rwsem.c:1563
 mmap_write_lock include/linux/mmap_lock.h:71 [inline]
 userfaultfd_register fs/userfaultfd.c:1321 [inline]
 userfaultfd_ioctl+0x18d7/0x4200 fs/userfaultfd.c:2002
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa50f88b5a9
RSP: 002b:00007fa510aa6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa50f9ac050 RCX: 00007fa50f88b5a9
RDX: 0000000020000080 RSI: 00000000c020aa00 RDI: 0000000000000003
RBP: 00007fa50f8e6580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd521b5c4f R14: 00007fa510aa6300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:15698 blocked for more than 144 seconds.
      Not tainted 6.0.0-next-20221017-syzkaller-13375-g77d8bf70fac0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28944 pid:15698 ppid:3640   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xae9/0x53f0 kernel/sched/core.c:6503
 schedule+0xda/0x1b0 kernel/sched/core.c:6579
 rwsem_down_read_slowpath+0x59f/0xb10 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe2/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x94/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40 arch/x86/lib/copy_user_64.S:166
Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 <f3> a4 31 c0 0f 01 ca c3 89 ca eb 0a 66 2e 0f 1f 84 00 00 00 00 00
RSP: 0018:ffffc9000b797a78 EFLAGS: 00050206
RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 00000000206e0000 RDI: ffff88809147f000
RBP: ffff88809147f000 R08: 0000000000000001 R09: ffff88809147ffff
R10: ffffed101228ffff R11: 0000000000000000 R12: 00007fffffffe000
R13: 00000000206e0000 R14: 000000000000082a R15: ffff8880a4f709b8
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:52 [inline]
 _copy_from_user+0x137/0x170 lib/usercopy.c:16
 copy_from_user include/linux/uaccess.h:161 [inline]
 shmem_mfill_atomic_pte+0xb37/0x1040 mm/shmem.c:2427
 mfill_atomic_pte mm/userfaultfd.c:505 [inline]
 __mcopy_atomic mm/userfaultfd.c:639 [inline]
 mcopy_atomic+0x98c/0x1900 mm/userfaultfd.c:690
 userfaultfd_copy fs/userfaultfd.c:1736 [inline]
 userfaultfd_ioctl+0x7a3/0x4200 fs/userfaultfd.c:2011
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa50f88b5a9
RSP: 002b:00007fa510a85168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa50f9ac120 RCX: 00007fa50f88b5a9
RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007fa50f8e6580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd521b5c4f R14: 00007fa510a85300 R15: 0000000000022000
 </TASK>
INFO: lockdep is turned off.
NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-next-20221017-syzkaller-13375-g77d8bf70fac0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x24/0x18a lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x32f/0x3c0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xc71/0xfc0 kernel/hung_task.c:377
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3644 Comm: syz-executor.3 Not tainted 6.0.0-next-20221017-syzkaller-13375-g77d8bf70fac0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:arch_atomic_try_cmpxchg arch/x86/include/asm/atomic.h:202 [inline]
RIP: 0010:atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:543 [inline]
RIP: 0010:queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]
RIP: 0010:do_raw_spin_lock+0x132/0x2a0 kernel/locking/spinlock_debug.c:115
Code: 00 00 00 00 e8 6f cc 68 00 be 04 00 00 00 48 8d 7c 24 28 e8 60 cc 68 00 8b 44 24 28 ba 01 00 00 00 89 44 24 04 f0 0f b1 55 00 <0f> 85 91 00 00 00 65 44 8b 35 c8 10 a2 7e 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc9000407fa40 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 1ffff9200080ff49 RCX: ffffffff816008f0
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc9000407fa68
RBP: ffff8880b9a3a100 R08: 0000000000000001 R09: 0000000000000003
R10: fffff5200080ff4d R11: 0000000000000000 R12: ffff8880b9a3a108
R13: ffff8880b9a3a110 R14: ffffc9000407fdd8 R15: ffff88801e260000
FS:  0000555556120400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0ce577f1b8 CR3: 000000008203c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:537
 raw_spin_rq_lock kernel/sched/sched.h:1340 [inline]
 rq_lock kernel/sched/sched.h:1638 [inline]
 __schedule+0x242/0x53f0 kernel/sched/core.c:6420
 schedule+0xda/0x1b0 kernel/sched/core.c:6579
 do_nanosleep+0x154/0x4f0 kernel/time/hrtimer.c:2044
 hrtimer_nanosleep+0x1f9/0x4a0 kernel/time/hrtimer.c:2097
 common_nsleep+0xa2/0xc0 kernel/time/posix-timers.c:1236
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1276 [inline]
 __se_sys_clock_nanosleep kernel/time/posix-timers.c:1254 [inline]
 __x64_sys_clock_nanosleep+0x2f4/0x430 kernel/time/posix-timers.c:1254
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcd256b02d1
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 aa e7 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 e3 e7 ff ff 48 8b 04 24 eb 97 66 2e 0f 1f
RSP: 002b:00007ffc587a9a70 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 00000000000022bd RCX: 00007fcd256b02d1
RDX: 00007ffc587a9ab0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffc587a9b3c R08: 0000000000000000 R09: 00007ffc587d0080
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 000000000013891e R14: 0000000000000001 R15: 00007ffc587a9ba0
 </TASK>