ci starts bisection 2025-05-18 05:29:00.564744706 +0000 UTC m=+121472.179227556
bisecting fixing commit since 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd
building syzkaller on 402f1df054ddb07ed5bb299d08c781354eb06607
ensuring issue is reproducible on original commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd

testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7b2cea16ff187edd2df5c7798c273f6595ec73f91705e9ab82f53845cb3a0058
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_wp
run #3: crashed: INFO: task hung in hugetlb_wp
run #4: crashed: INFO: task hung in remove_inode_hugepages
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
run #10: crashed: INFO: task hung in hugetlb_wp
run #11: crashed: INFO: task hung in remove_inode_hugepages
run #12: crashed: INFO: task hung in remove_inode_hugepages
run #13: crashed: INFO: task hung in hugetlb_fault
run #14: crashed: INFO: task hung in hugetlb_fault
run #15: crashed: INFO: task hung in hugetlb_fault
run #16: crashed: INFO: task hung in hugetlb_fault
run #17: crashed: INFO: task hung in hugetlb_fault
run #18: crashed: INFO: task hung in hugetlb_fault
run #19: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
check whether we can drop unnecessary instrumentation
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 98a36bdb1f8cb13c46b29768286e6bcea29466db119133cbd09d3ec68513f7f2
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_wp
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the bug reproduces without the instrumentation
disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
kconfig minimization: base=4081 full=8192 leaves diff=2135
split chunks (needed=false): <2135>
split chunk #0 of len 2135 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 74a4db9cdab86c937719eb8ed114647d58178125fef795bc830083ca201eb561
run #0: crashed: INFO: task hung in hugetlb_wp
run #1: crashed: INFO: task hung in remove_inode_hugepages
run #2: crashed: INFO: task hung in hugetlb_wp
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_wp, types: [HANG]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 901d429f016a83a5658b8868de3c1e1404ef67c04830d100f6fb5ae26c73e93a
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_wp
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f51ec019561f671c278e4f968b6eb0ec88f1f59a75608b73cf43a2abbcb74c51
run #0: crashed: INFO: task hung in hugetlb_wp
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_wp
representative crash: INFO: task hung in hugetlb_wp, types: [HANG]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f558142b7b5887731dc586a3b8d965f15153c954ff50160a88088f7f87cbf389
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in remove_inode_hugepages
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in remove_inode_hugepages
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_wp
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0d4812bfc34984e4e2f944487c8b47cecbda9749dafd3f14426cd4c11f85f789
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_wp
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed
testing current HEAD 5723cc3450bccf7f98f227b9723b5c9f6b3af1c5
testing commit 5723cc3450bccf7f98f227b9723b5c9f6b3af1c5 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8cbadc7ed362fa31db48d53aaa102b28174e1a6d3c03a7276d54505e6549346f
all runs: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 3h12m48.011210874s (build: 1h56m59.557246409s, test: 54m58.925791502s)
crash still not fixed or there were kernel test errors
commit msg: Merge tag 'dmaengine-fix-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
crash: INFO: task hung in hugetlb_fault
INFO: task syz.4.172:4988 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.172       state:D stack:14200 pid:4988  tgid:4988  ppid:2429   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 io_schedule+0x41/0x60 kernel/sched/core.c:7742
 folio_wait_bit_common+0x141/0x380 mm/filemap.c:1317
 __folio_lock mm/filemap.c:1664 [inline]
 folio_lock include/linux/pagemap.h:1137 [inline]
 folio_lock include/linux/pagemap.h:1133 [inline]
 __filemap_get_folio+0x1be/0x350 mm/filemap.c:1917
 filemap_lock_folio include/linux/pagemap.h:775 [inline]
 filemap_lock_hugetlb_folio include/linux/hugetlb.h:806 [inline]
 hugetlb_fault+0x797/0xc90 mm/hugetlb.c:6761
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x25d/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f0372167208
RSP: 002b:00007ffe4fe59ab8 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007f0372357a80 R08: 00007f0372020000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000eab1
R13: 00007ffe4fe59bc0 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.4.172:4989 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.172       state:D stack:14032 pid:4989  tgid:4988  ppid:2429   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6246
 hugetlb_fault+0xaeb/0xc90 mm/hugetlb.c:6809
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1388 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x162/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x33/0x90 arch/x86/lib/copy_user_64.S:61
Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 0d 92 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
RSP: 0018:ffffc90002427de0 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
RDX: 000000002002eca0 RSI: ffffc90002427e10 RDI: 000000002002ec98
RBP: 000000002002ec98 R08: 00000000000804d3 R09: 0000000000000000
R10: 0000000000080000 R11: 0000000000000001 R12: ffffc90002427e10
R13: 0000000000000000 R14: 0000000020019680 R15: 0000000000015618
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 _inline_copy_to_user include/linux/uaccess.h:197 [inline]
 _copy_to_user+0x56/0x70 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 msr_read+0x6a/0xf0 arch/x86/kernel/msr.c:69
 vfs_read+0xdd/0x370 fs/read_write.c:568
 ksys_read+0x6e/0xe0 fs/read_write.c:713
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f037219dff9
RSP: 002b:00007f0371c1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f0372355f80 RCX: 00007f037219dff9
RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
RBP: 00007f0372210296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0372355f80 R15: 00007ffe4fe59958
 </TASK>
INFO: task syz.1.175:5003 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.175       state:D stack:14136 pid:5003  tgid:5002  ppid:2436   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x127/0x3c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f57772ddff9
RSP: 002b:00007f5776d57038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f5777495f80 RCX: 00007f57772ddff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f5777350296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f5777495f80 R15: 00007ffc350896c8
 </TASK>
INFO: task syz.3.213:5187 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.213       state:D stack:13728 pid:5187  tgid:5187  ppid:2428   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x25d/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f819b7e7208
RSP: 002b:00007fff96f6e748 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007f819b9d7a80 R08: 00007f819b6a0000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000f106
R13: 00007fff96f6e850 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.3.213:5188 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.213       state:D stack:13344 pid:5188  tgid:5187  ppid:2428   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x127/0x3c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f819b81dff9
RSP: 002b:00007f819b29f038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f819b9d5f80 RCX: 00007f819b81dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f819b890296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f819b9d5f80 R15: 00007fff96f6e5e8
 </TASK>
INFO: task syz.2.229:5254 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.229       state:D stack:14328 pid:5254  tgid:5254  ppid:1949   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x25d/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fc4f1507208
RSP: 002b:00007fff23bf5958 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007fc4f16f7a80 R08: 00007fc4f13b8000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000f2f0
R13: 00007fff23bf5a60 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.2.229:5255 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.229       state:D stack:12864 pid:5255  tgid:5254  ppid:1949   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x127/0x3c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc4f153dff9
RSP: 002b:00007fc4f0fb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fc4f16f5f80 RCX: 00007fc4f153dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fc4f15b0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc4f16f5f80 R15: 00007fff23bf57f8
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff82780980 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff82780980 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff82780980 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6764
2 locks held by kworker/u8:5/356:
2 locks held by getty/845:
 #0: ffff8881066d70a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243
 #1: ffffc90001b432f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x17a/0x660 drivers/tty/n_tty.c:2222
3 locks held by syz.4.172/4988:
 #0: ffff888101fb1f88 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff888101fb1f88 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff888101fb1f88 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
 #2: ffff88810e3adee8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc90 mm/hugetlb.c:6684
2 locks held by syz.4.172/4989:
 #0: ffff88810d305e60 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:203 [inline]
 #0: ffff88810d305e60 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6346 [inline]
 #0: ffff88810d305e60 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x270 mm/memory.c:6406
 #1: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6246
3 locks held by syz.1.175/5003:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810fbc6548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810fbc6548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.3.213/5187:
 #0: ffff88810cf56888 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810cf56888 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810cf56888 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
3 locks held by syz.3.213/5188:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff888100ea6548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff888100ea6548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.2.229/5254:
 #0: ffff88810cf45288 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810cf45288 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810cf45288 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
3 locks held by syz.2.229/5255:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff888100ea7bc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff888100ea7bc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.671/8951:
 #0: ffff88810cfe1988 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810cfe1988 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810cfe1988 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
 #2: ffff88810fbee4e8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc90 mm/hugetlb.c:6684
2 locks held by syz.0.671/8952:
 #0: ffff88810a3ff0e0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:203 [inline]
 #0: ffff88810a3ff0e0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6346 [inline]
 #0: ffff88810a3ff0e0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x270 mm/memory.c:6406
 #1: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6246
2 locks held by syz.2.713/9131:
 #0: ffff88810a3f8b20 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:203 [inline]
 #0: ffff88810a3f8b20 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6346 [inline]
 #0: ffff88810a3f8b20 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x270 mm/memory.c:6406
 #1: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
3 locks held by syz.2.713/9140:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810fbc69c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810fbc69c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.2929/19250:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810dba1c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810dba1c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.2933/19278:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810dba2548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810dba2548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.2950/19344:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810dba3748 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810dba3748 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.1.4944/29997:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810cbb5348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810cbb5348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.2.4948/30026:
 #0: ffff88810a733960 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock_killable include/linux/mmap_lock.h:193 [inline]
 #0: ffff88810a733960 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6355 [inline]
 #0: ffff88810a733960 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x98/0x270 mm/memory.c:6406
 #1: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6677
3 locks held by syz.2.4948/30027:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810cbb60c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810cbb60c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab23c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.4986/30161:
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888102ef03f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810cbb7bc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810cbb7bc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101ab2728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
1 lock held by syz.2.5652/2068:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:120
 nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x652/0x690 kernel/hung_task.c:437
 kthread+0x107/0x200 kernel/kthread.c:464
 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 2099 Comm: syz.2.5662 Not tainted 6.15.0-rc6-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:native_read_msr_safe arch/x86/include/asm/msr.h:133 [inline]
RIP: 0010:__rdmsr_safe_on_cpu+0xf/0x50 arch/x86/lib/msr-smp.c:156
Code: c7 c1 30 44 84 81 e9 00 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb 8b 0f 0f 32 <45> 31 e4 66 90 48 c1 e2 20 48 09 c2 48 89 d5 48 89 6b 08 48 8d 7b
RSP: 0018:ffffc900011c7cc8 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffc900011c7d40 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8252b341 RDI: ffffc900011c7d40
RBP: 0000000000000246 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900011c7d40
R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000ede0
FS:  00007f9909b7f6c0(0000) GS:ffff8882b4bf5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020028000 CR3: 000000011f829000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 csd_do_func kernel/smp.c:134 [inline]
 generic_exec_single+0x79/0x1a0 kernel/smp.c:433
 smp_call_function_single_async+0x2c/0x70 kernel/smp.c:724
 rdmsr_safe_on_cpu+0x8f/0xe0 arch/x86/lib/msr-smp.c:179
 msr_read+0x92/0xf0 arch/x86/kernel/msr.c:66
 vfs_read+0xdd/0x370 fs/read_write.c:568
 ksys_read+0x6e/0xe0 fs/read_write.c:713
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f990a0fdff9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9909b7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f990a2b5f80 RCX: 00007f990a0fdff9
RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
RBP: 00007f990a170296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f990a2b5f80 R15: 00007ffc350cf4e8
 </TASK>