ci starts bisection 2025-06-18 05:50:15.135970922 +0000 UTC m=+2479.833642551
bisecting fixing commit since 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd
building syzkaller on 402f1df054ddb07ed5bb299d08c781354eb06607
ensuring issue is reproducible on original commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd

testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2071136c3a9df50ddbe5cbd684459635c359b9acea86439a159a6e06679f4bf1
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in remove_inode_hugepages
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_wp
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_wp
run #6: crashed: INFO: task hung in hugetlb_wp
run #7: crashed: INFO: task hung in remove_inode_hugepages
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
run #10: crashed: INFO: task hung in hugetlb_fault
run #11: crashed: INFO: task hung in hugetlb_wp
run #12: crashed: INFO: task hung in remove_inode_hugepages
run #13: crashed: INFO: task hung in hugetlb_fault
run #14: crashed: INFO: task hung in hugetlb_fault
run #15: crashed: INFO: task hung in hugetlb_wp
run #16: crashed: INFO: task hung in hugetlb_fault
run #17: crashed: INFO: task hung in hugetlb_fault
run #18: crashed: INFO: task hung in hugetlb_fault
run #19: crashed: INFO: task hung in remove_inode_hugepages
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
check whether we can drop unnecessary instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 472df2c0f1cf6cb31abd198f40fc3ae82057409d7dd4912c666489b2268265e3
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_wp
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_wp
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the bug reproduces without the instrumentation
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed
kconfig minimization: base=4089 full=8192 leaves diff=2142
split chunks (needed=false): <2142>
split chunk #0 of len 2142 into 5 parts
testing without sub-chunk 1/5
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f3246176392655397fea5b15f0efc0c76bd3a239e79d996a8fe28605cf4f7d32
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_wp
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in remove_inode_hugepages
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_wp
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 69f96e08af1fa527590d93d6d23fc8f3842fc703c3cecad8032e47b6e5cd8740
all runs: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 90406c5877c6ee55d7ef7a8d6c3951d4dfa4a9416e083a23799439dc2f335bf1
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_wp
run #5: crashed: INFO: task hung in hugetlbfs_fallocate
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_wp
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in remove_inode_hugepages
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6baf485d6d0f92f33205d398eef7953ffe38d3442c716536f036f23768bce49a
all runs: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2f2e063b0b86512c2d6b483306828e3302c6c35cec0c7ee47feacb4f140c7664
all runs: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing current HEAD 52da431bf03b5506203bca27fe14a97895c80faf
testing commit 52da431bf03b5506203bca27fe14a97895c80faf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 10e7327ca5269ed3c292c1220660aaa34156c11b1303cc3e17fd40525e597c5a
run #0: crashed: INFO: task hung in remove_inode_hugepages
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in remove_inode_hugepages, types: [HANG]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 2h23m28.632905723s (build: 1h18m23.20413276s, test: 55m10.907383532s)
crash still not fixed or there were kernel test errors
commit msg: Merge tag 'libnvdimm-fixes-6.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
crash: INFO: task hung in remove_inode_hugepages
INFO: task syz.4.144:4841 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc2-syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.144       state:D stack:14152 pid:4841  tgid:4841  ppid:2433   task_flags:0x40004c flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:747
 remove_inode_hugepages+0x111/0x5b0 fs/hugetlbfs/inode.c:591
 hugetlbfs_evict_inode+0x2f/0x90 fs/hugetlbfs/inode.c:617
 evict+0x119/0x2a0 fs/inode.c:810
 __dentry_kill+0x6f/0x1c0 fs/dcache.c:669
 dput fs/dcache.c:911 [inline]
 dput+0x14e/0x290 fs/dcache.c:899
 __fput+0x139/0x2b0 fs/file_table.c:473
 task_work_run+0x54/0x80 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x27b/0xba0 kernel/exit.c:955
 __do_sys_exit kernel/exit.c:1071 [inline]
 __se_sys_exit kernel/exit.c:1069 [inline]
 __x64_sys_exit+0x16/0x20 kernel/exit.c:1069
 x64_sys_call+0xea3/0x1730 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x2d0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fae1c9adff9
RSP: 002b:00007fae1c405fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 00007fae1cb66058 RCX: 00007fae1c9adff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fae1ca20296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fae1cb66058 R15: 00007ffeeb01a018
 </TASK>
INFO: task syz.4.149:4844 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.149       state:D stack:13288 pid:4844  tgid:4844  ppid:2433   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6878
 io_schedule+0x41/0x60 kernel/sched/core.c:7723
 folio_wait_bit_common+0x141/0x380 mm/filemap.c:1317
 __folio_lock mm/filemap.c:1675 [inline]
 folio_lock include/linux/pagemap.h:1114 [inline]
 folio_lock include/linux/pagemap.h:1110 [inline]
 __filemap_get_folio+0x1bb/0x370 mm/filemap.c:1928
 filemap_lock_folio include/linux/pagemap.h:785 [inline]
 filemap_lock_hugetlb_folio include/linux/hugetlb.h:817 [inline]
 hugetlb_fault+0x77a/0xc80 mm/hugetlb.c:6784
 handle_mm_fault+0x341/0x350 mm/memory.c:6399
 do_user_addr_fault arch/x86/mm/fault.c:1336 [inline]
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x18b/0x750 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fae1c977208
RSP: 002b:00007ffeeb01a178 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007fae1cb67a80 R08: 00007fae1c828000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 0000000000010760
R13: 00007ffeeb01a280 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.4.149:4845 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.149       state:D stack:14128 pid:4845  tgid:4844  ppid:2433   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:747
 hugetlb_wp+0x858/0xcf0 mm/hugetlb.c:6269
 hugetlb_fault+0xadc/0xc80 mm/hugetlb.c:6832
 handle_mm_fault+0x341/0x350 mm/memory.c:6399
 do_user_addr_fault arch/x86/mm/fault.c:1387 [inline]
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x21c/0x750 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x33/0x90 arch/x86/lib/copy_user_64.S:61
Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 92 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
RSP: 0018:ffffc900022e3de0 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
RDX: 000000002002fd10 RSI: ffffc900022e3e10 RDI: 000000002002fd08
RBP: 000000002002fd08 R08: 0000000000080000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc900022e3e10
R13: 0000000000000000 R14: 0000000020019680 R15: 0000000000016688
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 _inline_copy_to_user include/linux/uaccess.h:197 [inline]
 _copy_to_user+0x56/0x70 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 msr_read+0x6a/0xf0 arch/x86/kernel/msr.c:69
 vfs_read+0xad/0x370 fs/read_write.c:570
 ksys_read+0x6e/0xf0 fs/read_write.c:715
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x2d0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fae1c9adff9
RSP: 002b:00007fae1c427038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007fae1cb65f80 RCX: 00007fae1c9adff9
RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
RBP: 00007fae1ca20296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fae1cb65f80 R15: 00007ffeeb01a018
 </TASK>
INFO: task syz.1.196:5073 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.196       state:D stack:13336 pid:5073  tgid:5066  ppid:2426   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:747
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x127/0x3c0 fs/open.c:341
 ksys_fallocate fs/open.c:365 [inline]
 __do_sys_fallocate fs/open.c:370 [inline]
 __se_sys_fallocate fs/open.c:368 [inline]
 __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x2d0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2e7386dff9
RSP: 002b:00007f2e732ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f2e73a26058 RCX: 00007f2e7386dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f2e738e0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f2e73a26058 R15: 00007ffd89856828
 </TASK>
INFO: task syz.0.212:5136 blocked for more than 144 seconds.
      Not tainted 6.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.212       state:D stack:14344 pid:5136  tgid:5136  ppid:2423   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:747
 hugetlb_fault+0xbd/0xc80 mm/hugetlb.c:6700
 handle_mm_fault+0x341/0x350 mm/memory.c:6399
 do_user_addr_fault arch/x86/mm/fault.c:1336 [inline]
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x18b/0x750 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fcf317b7208
RSP: 002b:00007ffecbf4ed98 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007fcf319a7a80 R08: 00007fcf31668000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 000000000001108b
R13: 00007ffecbf4eea0 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.0.212:5137 blocked for more than 144 seconds.
      Not tainted 6.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.212       state:D stack:12824 pid:5137  tgid:5136  ppid:2423   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:747
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x127/0x3c0 fs/open.c:341
 ksys_fallocate fs/open.c:365 [inline]
 __do_sys_fallocate fs/open.c:370 [inline]
 __se_sys_fallocate fs/open.c:368 [inline]
 __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x2d0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcf317edff9
RSP: 002b:00007fcf31267038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fcf319a5f80 RCX: 00007fcf317edff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fcf31860296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcf319a5f80 R15: 00007ffecbf4ec38
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_preempt/16:
 #0: ffff888237c2a418 (&rq->__lock){....}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:606 [inline]
 #0: ffff888237c2a418 (&rq->__lock){....}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1532 [inline]
 #0: ffff888237c2a418 (&rq->__lock){....}-{2:2}, at: rq_lock kernel/sched/sched.h:1856 [inline]
 #0: ffff888237c2a418 (&rq->__lock){....}-{2:2}, at: __schedule+0xf5/0xd20 kernel/sched/core.c:6709
1 lock held by khungtaskd/31:
 #0: ffffffff82980700 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff82980700 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff82980700 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6770
2 locks held by getty/848:
 #0: ffff88810dee48a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243
 #1: ffffc900001fb2f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x17a/0x660 drivers/tty/n_tty.c:2222
1 lock held by syz.4.144/4841:
 #0: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: remove_inode_hugepages+0x111/0x5b0 fs/hugetlbfs/inode.c:591
3 locks held by syz.4.149/4844:
 #0: ffff888106b2b888 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1327 [inline]
 #0: ffff888106b2b888 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 #0: ffff888106b2b888 (vm_lock){....}-{0:0}, at: exc_page_fault+0x14c/0x750 arch/x86/mm/fault.c:1532
 #1: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc80 mm/hugetlb.c:6700
 #2: ffff88810e3a5ae8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc80 mm/hugetlb.c:6707
2 locks held by syz.4.149/4845:
 #0: ffff8881063fd1e0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:431 [inline]
 #0: ffff8881063fd1e0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/mmap_lock.c:188 [inline]
 #0: ffff8881063fd1e0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x650 mm/mmap_lock.c:248
 #1: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x858/0xcf0 mm/hugetlb.c:6269
3 locks held by syz.1.196/5073:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810275c148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810275c148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.0.212/5136:
 #0: ffff8881027c1388 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1327 [inline]
 #0: ffff8881027c1388 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 #0: ffff8881027c1388 (vm_lock){....}-{0:0}, at: exc_page_fault+0x14c/0x750 arch/x86/mm/fault.c:1532
 #1: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc80 mm/hugetlb.c:6700
3 locks held by syz.0.212/5137:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff888100ea5c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff888100ea5c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.581/7592:
 #0: ffff888101701e88 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1327 [inline]
 #0: ffff888101701e88 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 #0: ffff888101701e88 (vm_lock){....}-{0:0}, at: exc_page_fault+0x14c/0x750 arch/x86/mm/fault.c:1532
 #1: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc80 mm/hugetlb.c:6700
 #2: ffff888118a870e8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc80 mm/hugetlb.c:6707
2 locks held by syz.2.581/7593:
 #0: ffff88811a0d6fe0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:431 [inline]
 #0: ffff88811a0d6fe0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/mmap_lock.c:188 [inline]
 #0: ffff88811a0d6fe0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x650 mm/mmap_lock.c:248
 #1: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x858/0xcf0 mm/hugetlb.c:6269
3 locks held by syz.4.590/7782:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810275e0c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810275e0c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.1.725/8656:
 #0: ffff88811a0d0be0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock_killable include/linux/mmap_lock.h:421 [inline]
 #0: ffff88811a0d0be0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/mmap_lock.c:197 [inline]
 #0: ffff88811a0d0be0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x169/0x650 mm/mmap_lock.c:248
 #1: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc80 mm/hugetlb.c:6700
3 locks held by syz.1.725/8659:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810dbb72c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810dbb72c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.0.1343/12505:
 #0: ffff8881200f33e0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock_killable include/linux/mmap_lock.h:421 [inline]
 #0: ffff8881200f33e0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/mmap_lock.c:197 [inline]
 #0: ffff8881200f33e0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x169/0x650 mm/mmap_lock.c:248
 #1: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc80 mm/hugetlb.c:6700
3 locks held by syz.0.1343/12515:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810dbb85c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810dbb85c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.1347/12522:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810dbb97c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810dbb97c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.1.1350/12529:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810dbba0c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810dbba0c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.1364/12590:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810dbbbbc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810dbbbbc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.4.1934/16359:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810a315348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810a315348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.1933/16366:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810a3145c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810a3145c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.1944/16404:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810a3160c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810a3160c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.4.2649/20392:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810ff32548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810ff32548 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f4338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.2861/21230:
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:365 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:370 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:368 [inline]
 #0: ffff8881022a5400 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x44/0xa0 fs/open.c:368
 #1: ffff88810ff34a48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88810ff34a48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff8881016f43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:120
 nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0x652/0x690 kernel/hung_task.c:470
 kthread+0x107/0x200 kernel/kthread.c:464
 ret_from_fork+0x16f/0x190 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 3425 Comm: syz.2.6017 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:native_read_msr_safe arch/x86/include/asm/msr.h:121 [inline]
RIP: 0010:__rdmsr_safe_on_cpu+0xf/0x50 arch/x86/lib/msr-smp.c:156
Code: c7 c1 a0 0e 85 81 e9 00 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb 8b 0f 0f 32 <45> 31 e4 66 90 48 c1 e2 20 48 09 c2 48 89 d5 48 89 6b 08 48 8d 7b
RSP: 0018:ffffc90003ff3cc8 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffc90003ff3d40 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff825342fd RDI: ffffc90003ff3d40
RBP: 0000000000000246 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90003ff3d40
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000012fa8
FS:  00007f696fb776c0(0000) GS:ffff8882b49e6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002002c000 CR3: 000000010f721000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 csd_do_func kernel/smp.c:134 [inline]
 generic_exec_single+0x79/0x1a0 kernel/smp.c:433
 smp_call_function_single_async+0x2c/0x70 kernel/smp.c:724
 rdmsr_safe_on_cpu+0x8f/0xe0 arch/x86/lib/msr-smp.c:179
 msr_read+0x92/0xf0 arch/x86/kernel/msr.c:66
 vfs_read+0xad/0x370 fs/read_write.c:570
 ksys_read+0x6e/0xf0 fs/read_write.c:715
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x2d0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f69700fdff9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f696fb77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f69702b5f80 RCX: 00007f69700fdff9
RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
RBP: 00007f6970170296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f69702b5f80 R15: 00007ffe90530128
 </TASK>