ci starts bisection 2025-04-15 14:32:50.104036926 +0000 UTC m=+17999.616853118
bisecting fixing commit since 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd
building syzkaller on 402f1df054ddb07ed5bb299d08c781354eb06607
ensuring issue is reproducible on original commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd

testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1f741ba185a860d562d7bb03096cb3b289acbe2c57923b5309ed6691b70c7b61
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in remove_inode_hugepages
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in remove_inode_hugepages
run #10: crashed: INFO: task hung in hugetlb_fault
run #11: crashed: INFO: task hung in remove_inode_hugepages
run #12: crashed: INFO: task hung in hugetlb_fault
run #13: crashed: INFO: task hung in hugetlb_fault
run #14: crashed: INFO: task hung in remove_inode_hugepages
run #15: crashed: INFO: task hung in hugetlb_fault
run #16: crashed: INFO: task hung in hugetlb_fault
run #17: crashed: INFO: task hung in hugetlb_fault
run #18: crashed: INFO: task hung in remove_inode_hugepages
run #19: crashed: INFO: task hung in hugetlb_wp
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
check whether we can drop unnecessary instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5522cc5d12c8efb46487277ba82b3f81c1ccefd762069693da6f43fa251e9ad4
run #0: crashed: INFO: task hung in hugetlb_wp
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_wp
run #3: crashed: INFO: task hung in hugetlb_wp
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in remove_inode_hugepages
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_wp, types: [HANG]
the bug reproduces without the instrumentation
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=4083 full=8192 leaves diff=2130
split chunks (needed=false): <2130>
split chunk #0 of len 2130 into 5 parts
testing without sub-chunk 1/5
disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b1d81d1afd12fe1857e8c48fafa72c70ffabe8491da215c4e4c78b0cf4a80113
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_wp
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_wp
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9102c73896a412b5fe197f1b4d956067042adf3c3878338f87e7aaba4746ab5f
run #0: infra problem: failed to create instance: googleapi: Error 503: The service is currently unavailable., backendError
run #1: crashed: INFO: task hung in remove_inode_hugepages
run #2: crashed: INFO: task hung in hugetlb_wp
run #3: crashed: INFO: task hung in remove_inode_hugepages
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_wp
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_wp
representative crash: INFO: task hung in remove_inode_hugepages, types: [HANG]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 49fc29853d3af2a2ccf33da2038cd68f3f7df528f97818019a5ba10eedd3558e
run #0: crashed: INFO: task hung in hugetlb_fault
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in remove_inode_hugepages
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in hugetlb_fault
run #8: crashed: INFO: task hung in hugetlb_fault
run #9: crashed: INFO: task hung in hugetlb_wp
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4a3438ca5ad750bc36268a8f196d1e57f6c9e61812c1d99c3d15f013ada8401d
all runs: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 87d6aab2389e5ce0197d8257d5f8ee965a67c4cd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4c09f9b635c6af39c0859a71054228978041c028bf2f61f9f4dda8355c80ad42
all runs: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
the chunk can be dropped
disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed
testing current HEAD 834a4a689699090a406d1662b03affa8b155d025
testing commit 834a4a689699090a406d1662b03affa8b155d025 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f913990b9e490954707eb851c2940717ffa3e04433094e160e9595b664007b71
run #0: ignore: lost connection to test machine
run #1: crashed: INFO: task hung in hugetlb_fault
run #2: crashed: INFO: task hung in hugetlb_fault
run #3: crashed: INFO: task hung in hugetlb_fault
run #4: crashed: INFO: task hung in hugetlb_fault
run #5: crashed: INFO: task hung in hugetlb_fault
run #6: crashed: INFO: task hung in hugetlb_fault
run #7: crashed: INFO: task hung in remove_inode_hugepages
run #8: crashed: INFO: task hung in hugetlb_wp
run #9: crashed: INFO: task hung in hugetlb_fault
representative crash: INFO: task hung in hugetlb_fault, types: [HANG]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 7h39m46.243405778s (build: 6h36m21.720006699s, test: 54m26.079866263s)
crash still not fixed or there were kernel test errors
commit msg: Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
crash: INFO: task hung in hugetlb_fault
INFO: task syz.1.115:4683 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.115       state:D stack:14336 pid:4683  tgid:4683  ppid:2408   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 io_schedule+0x41/0x60 kernel/sched/core.c:7742
 folio_wait_bit_common+0x141/0x380 mm/filemap.c:1317
 __folio_lock mm/filemap.c:1664 [inline]
 folio_lock include/linux/pagemap.h:1137 [inline]
 folio_lock include/linux/pagemap.h:1133 [inline]
 __filemap_get_folio+0x1be/0x350 mm/filemap.c:1917
 filemap_lock_folio include/linux/pagemap.h:775 [inline]
 filemap_lock_hugetlb_folio include/linux/hugetlb.h:806 [inline]
 hugetlb_fault+0x797/0xc90 mm/hugetlb.c:6730
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x25d/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f2a980e7208
RSP: 002b:00007ffe20fa8fe8 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007f2a982d7a80 R08: 00007f2a97fa0000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00000000000106cf
R13: 00007ffe20fa90f0 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.1.115:4684 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.115       state:D stack:14144 pid:4684  tgid:4683  ppid:2408   task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6215
 hugetlb_fault+0xaeb/0xc90 mm/hugetlb.c:6778
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1388 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x162/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x33/0x90 arch/x86/lib/copy_user_64.S:61
Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
RSP: 0018:ffffc90001ecbde0 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
RDX: 00000000200308e8 RSI: ffffc90001ecbe10 RDI: 00000000200308e0
RBP: 00000000200308e0 R08: 00000000000804cf R09: 0000000000000000
R10: 0000000000080000 R11: 0000000000000001 R12: ffffc90001ecbe10
R13: 0000000000000000 R14: 0000000020019680 R15: 0000000000017260
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 _inline_copy_to_user include/linux/uaccess.h:197 [inline]
 _copy_to_user+0x56/0x70 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 msr_read+0x6a/0xf0 arch/x86/kernel/msr.c:69
 vfs_read+0xdd/0x370 fs/read_write.c:568
 ksys_read+0x6e/0xe0 fs/read_write.c:713
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2a9811dff9
RSP: 002b:00007f2a97b9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f2a982d5f80 RCX: 00007f2a9811dff9
RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
RBP: 00007f2a98190296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f2a982d5f80 R15: 00007ffe20fa8e88
 </TASK>
INFO: task syz.4.187:5018 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.187       state:D stack:12864 pid:5018  tgid:5017  ppid:2428   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x124/0x3c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcc6004dff9
RSP: 002b:00007fcc5fac7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fcc60205f80 RCX: 00007fcc6004dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fcc600c0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcc60205f80 R15: 00007ffc51f3db58
 </TASK>
INFO: task syz.0.342:5721 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.342       state:D stack:13808 pid:5721  tgid:5721  ppid:1903   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 io_schedule+0x41/0x60 kernel/sched/core.c:7742
 folio_wait_bit_common+0x141/0x380 mm/filemap.c:1317
 __folio_lock mm/filemap.c:1664 [inline]
 folio_lock include/linux/pagemap.h:1137 [inline]
 folio_lock include/linux/pagemap.h:1133 [inline]
 __filemap_get_folio+0x1be/0x350 mm/filemap.c:1917
 filemap_lock_folio include/linux/pagemap.h:775 [inline]
 filemap_lock_hugetlb_folio include/linux/hugetlb.h:806 [inline]
 hugetlb_fault+0x797/0xc90 mm/hugetlb.c:6730
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x25d/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7ff299fd7208
RSP: 002b:00007ffdb29c5658 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007ff29a1c7a80 R08: 00007ff299e90000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 0000000000012830
R13: 00007ffdb29c5760 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.0.342:5722 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.342       state:D stack:14144 pid:5722  tgid:5721  ppid:1903   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6215
 hugetlb_fault+0xaeb/0xc90 mm/hugetlb.c:6778
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1388 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x162/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x33/0x90 arch/x86/lib/copy_user_64.S:61
Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
RSP: 0018:ffffc90002f9fde0 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
RDX: 00000000200253c0 RSI: ffffc90002f9fe10 RDI: 00000000200253b8
RBP: 00000000200253b8 R08: 00000000000804cf R09: 0000000000000000
R10: 0000000000080000 R11: 0000000000000001 R12: ffffc90002f9fe10
R13: 0000000000000000 R14: 0000000020019680 R15: 000000000000bd38
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 _inline_copy_to_user include/linux/uaccess.h:197 [inline]
 _copy_to_user+0x56/0x70 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 msr_read+0x6a/0xf0 arch/x86/kernel/msr.c:69
 vfs_read+0xdd/0x370 fs/read_write.c:568
 ksys_read+0x6e/0xe0 fs/read_write.c:713
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff29a00dff9
RSP: 002b:00007ff299a8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007ff29a1c5f80 RCX: 00007ff29a00dff9
RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
RBP: 00007ff29a080296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff29a1c5f80 R15: 00007ffdb29c54f8
 </TASK>
INFO: task syz.3.344:5734 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.344       state:D stack:14336 pid:5734  tgid:5734  ppid:2423   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6646
 handle_mm_fault+0x36c/0x380 mm/memory.c:6307
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x25d/0x710 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7ff3d9a07208
RSP: 002b:00007ffd9f623da8 EFLAGS: 00010246
RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
RBP: 00007ff3d9bf7a80 R08: 00007ff3d98b8000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00000000000128aa
R13: 00007ffd9f623eb0 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
INFO: task syz.3.344:5735 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.344       state:D stack:12800 pid:5735  tgid:5734  ppid:2423   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x124/0x3c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff3d9a3dff9
RSP: 002b:00007ff3d94b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007ff3d9bf5f80 RCX: 00007ff3d9a3dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007ff3d9ab0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff3d9bf5f80 R15: 00007ffd9f623c48
 </TASK>
INFO: task syz.2.399:6124 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.399       state:D stack:12864 pid:6124  tgid:6123  ppid:2413   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x593/0xd20 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x617/0xb10 kernel/locking/mutex.c:746
 hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
 vfs_fallocate+0x124/0x3c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x6d/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f330f14dff9
RSP: 002b:00007f330ebc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f330f305f80 RCX: 00007f330f14dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f330f1c0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f330f305f80 R15: 00007ffea4645458
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff82780980 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff82780980 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff82780980 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6764
2 locks held by getty/841:
 #0: ffff888100a8f8a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243
 #1: ffffc90001bdb2f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x17a/0x660 drivers/tty/n_tty.c:2222
2 locks held by kworker/u8:7/3124:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x42f/0x660 kernel/workqueue.c:3213
 #1: ffffc9000191fe40 (connector_reaper_work){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3214
3 locks held by syz.1.115/4683:
 #0: ffff888108aadb88 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff888108aadb88 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff888108aadb88 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6646
 #2: ffff888107ff32e8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc90 mm/hugetlb.c:6653
2 locks held by syz.1.115/4684:
 #0: ffff88810006c2a0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:203 [inline]
 #0: ffff88810006c2a0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6346 [inline]
 #0: ffff88810006c2a0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x270 mm/memory.c:6406
 #1: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6215
3 locks held by syz.4.187/5018:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810c707748 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810c707748 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.342/5721:
 #0: ffff88810bbbbc88 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810bbbbc88 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810bbbbc88 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6646
 #2: ffff8881013c5ae8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc90 mm/hugetlb.c:6653
2 locks held by syz.0.342/5722:
 #0: ffff88810b79e7a0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:203 [inline]
 #0: ffff88810b79e7a0 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6346 [inline]
 #0: ffff88810b79e7a0 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x270 mm/memory.c:6406
 #1: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6215
2 locks held by syz.3.344/5734:
 #0: ffff88810c785488 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810c785488 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810c785488 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6646
3 locks held by syz.3.344/5735:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810c705c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810c705c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
2 locks held by syz.2.399/6123:
 #0: ffff88810b75bc88 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810b75bc88 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810b75bc88 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6646
3 locks held by syz.2.399/6124:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810c7072c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810c7072c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.841/10047:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810cfdcec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810cfdcec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.4.942/10494:
 #0: ffff88810e2f9888 (vm_lock){....}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88810e2f9888 (vm_lock){....}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88810e2f9888 (vm_lock){....}-{0:0}, at: exc_page_fault+0x221/0x710 arch/x86/mm/fault.c:1538
 #1: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0xbd/0xc90 mm/hugetlb.c:6646
 #2: ffff88810d7412e8 (&resv_map->rw_sema){....}-{3:3}, at: hugetlb_fault+0xc5/0xc90 mm/hugetlb.c:6653
2 locks held by syz.4.942/10495:
 #0: ffff88810d3ed520 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:203 [inline]
 #0: ffff88810d3ed520 (&mm->mmap_lock){....}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:6346 [inline]
 #0: ffff88810d3ed520 (&mm->mmap_lock){....}-{3:3}, at: lock_mm_and_find_vma+0x26/0x270 mm/memory.c:6406
 #1: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_wp+0x849/0xce0 mm/hugetlb.c:6215
3 locks held by syz.1.945/10522:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810cfdd7c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810cfdd7c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.956/10550:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810c7057c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810c7057c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.962/10572:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810c704ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810c704ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.1156/13523:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810d3e4148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810d3e4148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.1162/13566:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810d3e5c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810d3e5c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.1186/13648:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810d3e72c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810d3e72c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.1733/16993:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810ef51348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810ef51348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.3569/25525:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f758ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f758ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.4.3573/25545:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f759c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f759c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.3587/25604:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f75bbc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f75bbc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.1.4195/29635:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f3885c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f3885c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.4197/29637:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f388a48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f388a48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.4196/29649:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f389348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f389348 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.4.4200/29659:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f389c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f389c48 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.4288/29928:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88810f38a9c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88810f38a9c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.1.5479/4517:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88811fa90ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88811fa90ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af4728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.2.5489/4561:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88811fa94148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88811fa94148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.0.5498/4595:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88811fa969c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88811fa969c8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.4.5501/4607:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88811fa97bc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88811fa97bc8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af43c8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801
3 locks held by syz.3.5506/4623:
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: ksys_fallocate fs/open.c:362 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __do_sys_fallocate fs/open.c:367 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __se_sys_fallocate fs/open.c:365 [inline]
 #0: ffff888101af53f8 (sb_writers#13){....}-{0:0}, at: __x64_sys_fallocate+0x3e/0x80 fs/open.c:365
 #1: ffff88811fa98ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff88811fa98ec8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xce/0x740 fs/hugetlbfs/inode.c:757
 #2: ffff888101af40f8 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x263/0x740 fs/hugetlbfs/inode.c:801

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:120
 nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x652/0x690 kernel/hung_task.c:437
 kthread+0x104/0x200 kernel/kthread.c:464
 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:81
Code: 06 69 00 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 05 45 15 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc900000abed0 EFLAGS: 000002c6
RAX: 00000000017b344c RBX: ffff8881012921c0 RCX: 000000342cce0a80
RDX: ffff888237d24be8 RSI: ffffffff8252a6eb RDI: ffffffff824fa8ac
RBP: 0000000000000001 R08: 00000000000a006b R09: 0000000000000000
R10: 0000000000080000 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8882b4cf5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000640 CR3: 000000011f6bc000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:748
 default_idle_call+0x48/0x140 kernel/sched/idle.c:117
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d4/0x230 kernel/sched/idle.c:325
 cpu_startup_entry+0x24/0x30 kernel/sched/idle.c:423
 start_secondary+0x112/0x130 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x148
 </TASK>