Warning: Permanently added '10.128.1.232' (ED25519) to the list of known hosts.
2024/10/10 21:37:31 ignoring optional flag "sandboxArg"="0"
2024/10/10 21:37:32 parsed 1 programs
[   48.941252][   T25] audit: type=1400 audit(1728596252.239:122): avc:  denied  { unlink } for  pid=2020 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   48.973472][ T2020] swapon: swapfile has holes
[   49.201933][   T25] audit: type=1401 audit(1728596252.499:123): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2024/10/10 21:37:33 executed programs: 0
[   50.297660][   T25] audit: type=1400 audit(1728596253.559:124): avc:  denied  { read } for  pid=2556 comm="syz.1.16" name="msr" dev="devtmpfs" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   50.320301][   T25] audit: type=1400 audit(1728596253.559:125): avc:  denied  { open } for  pid=2556 comm="syz.1.16" path="/dev/cpu/0/msr" dev="devtmpfs" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   50.348219][   T25] audit: type=1400 audit(1728596253.649:126): avc:  denied  { execute } for  pid=2556 comm="syz.1.16" path=2F6D656D66643A01FDAE2E2BA68CB63F32193994532C7C783F55655BBDE1210333BC2723FF179B25F35B64202097F5479741C2D8F05571E62BA56C940BB607175CFB0421E4C4B1A21CFF433B94510DB67D9CEC430BCFEBE49A52E52C8203202864656C6574656429 dev="hugetlbfs" ino=10546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
2024/10/10 21:37:38 executed programs: 87
2024/10/10 21:37:49 executed programs: 89
2024/10/10 21:38:01 executed programs: 104
2024/10/10 21:38:13 executed programs: 132
2024/10/10 21:38:25 executed programs: 153
2024/10/10 21:38:37 executed programs: 172
2024/10/10 21:38:42 executed programs: 245
2024/10/10 21:38:48 executed programs: 248
[  128.217407][T18579] cgroup: fork rejected by pids controller in /syz2
2024/10/10 21:38:53 executed programs: 280
[  130.880561][T19096] cgroup: fork rejected by pids controller in /syz1
2024/10/10 21:38:59 executed programs: 310
[  136.339435][T19602] cgroup: fork rejected by pids controller in /syz3
[  139.100763][T20845] cgroup: fork rejected by pids controller in /syz0
[  139.105313][T20842] cgroup: fork rejected by pids controller in /syz4
2024/10/10 21:39:04 executed programs: 357
2024/10/10 21:39:09 executed programs: 427
[  148.842093][T23898] syz-executor (23898) used greatest stack depth: 11768 bytes left
2024/10/10 21:39:15 executed programs: 489
2024/10/10 21:39:20 executed programs: 500
2024/10/10 21:39:25 executed programs: 507
2024/10/10 21:39:31 executed programs: 518
2024/10/10 21:39:38 executed programs: 528
2024/10/10 21:39:44 executed programs: 538
2024/10/10 21:39:50 executed programs: 548
2024/10/10 21:39:56 executed programs: 558
2024/10/10 21:40:03 executed programs: 568
2024/10/10 21:40:09 executed programs: 578
[  212.233260][  T217] INFO: task syz.3.73:4433 blocked for more than 143 seconds.
[  212.240872][  T217]       Not tainted 5.7.0-syzkaller #0
[  212.246332][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  212.255129][  T217] syz.3.73        D14600  4433   2561 0x00000004
[  212.261458][  T217] Call Trace:
[  212.264815][  T217]  __schedule+0x2ca/0x650
[  212.269137][  T217]  schedule+0x3b/0xa0
[  212.273114][  T217]  rwsem_down_read_slowpath+0x318/0x560
[  212.278751][  T217]  ? down_read+0xa4/0xd0
[  212.283089][  T217]  down_read+0xa4/0xd0
[  212.287227][  T217]  hugetlb_fault+0x9b/0xaa0
[  212.291710][  T217]  handle_mm_fault+0x60a/0xe60
[  212.296472][  T217]  ? lock_acquire+0x93/0x130
[  212.301065][  T217]  ? do_page_fault+0x11d/0x59f
[  212.305827][  T217]  do_page_fault+0x2ad/0x59f
[  212.310398][  T217]  page_fault+0x39/0x40
[  212.314564][  T217] RIP: 0033:0x7fddb4822a98
[  212.319058][  T217] Code: Bad RIP value.
[  212.323121][  T217] RSP: 002b:00007ffd81f64228 EFLAGS: 00010246
[  212.329171][  T217] RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
[  212.337138][  T217] RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
[  212.345111][  T217] RBP: 00007fddb4a14a80 R08: 00007fddb46dd000 R09: 0000000000000001
[  212.353079][  T217] R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000d2e4
[  212.361049][  T217] R13: 00007ffd81f64330 R14: 0000000000000032 R15: fffffffffffffffe
[  212.373293][  T217] INFO: task syz.3.73:4435 blocked for more than 143 seconds.
[  212.380924][  T217]       Not tainted 5.7.0-syzkaller #0
[  212.386420][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  212.395525][  T217] syz.3.73        D14400  4435   2561 0x00004004
[  212.401828][  T217] Call Trace:
[  212.405109][  T217]  __schedule+0x2ca/0x650
[  212.409411][  T217]  schedule+0x3b/0xa0
[  212.413400][  T217]  rwsem_down_write_slowpath+0x38b/0x570
[  212.419020][  T217]  ? hugetlb_cow+0x1ac/0x540
[  212.423705][  T217]  hugetlb_cow+0x1ac/0x540
[  212.428101][  T217]  hugetlb_fault+0x6f6/0xaa0
[  212.432657][  T217]  handle_mm_fault+0x60a/0xe60
[  212.437440][  T217]  ? lock_acquire+0x93/0x130
[  212.442090][  T217]  ? do_page_fault+0x11d/0x59f
[  212.446855][  T217]  do_page_fault+0x2ad/0x59f
[  212.451422][  T217]  page_fault+0x39/0x40
[  212.455559][  T217] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[  212.461870][  T217] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[  212.481556][  T217] RSP: 0018:ffffc90001a17e70 EFLAGS: 00050202
[  212.487603][  T217] RAX: 000000002002bb18 RBX: 0000000000012490 RCX: 0000000000000001
[  212.495559][  T217] RDX: 0000000000000000 RSI: ffffc90001a17e88 RDI: 000000002002bb10
[  212.503702][  T217] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222dd2040
[  212.511643][  T217] R10: 0000000000000001 R11: ffff888222dd17c0 R12: 000000002002bb10
[  212.519714][  T217] R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001a17e8c
[  212.527673][  T217]  _copy_to_user+0x22/0x30
[  212.532186][  T217]  msr_read+0x62/0xe0
[  212.536174][  T217]  vfs_read+0x8f/0x150
[  212.540215][  T217]  ksys_read+0x5a/0xd0
[  212.544270][  T217]  do_syscall_64+0x50/0x180
[  212.548741][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  212.554609][  T217] RIP: 0033:0x7fddb485aff9
[  212.559000][  T217] Code: Bad RIP value.
[  212.563040][  T217] RSP: 002b:00007fddb42dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  212.571414][  T217] RAX: ffffffffffffffda RBX: 00007fddb4a12f80 RCX: 00007fddb485aff9
[  212.579369][  T217] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
[  212.587319][  T217] RBP: 00007fddb48cd296 R08: 0000000000000000 R09: 0000000000000000
[  212.595289][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  212.603261][  T217] R13: 0000000000000000 R14: 00007fddb4a12f80 R15: 00007ffd81f640c8
2024/10/10 21:40:15 executed programs: 588
[  212.775064][  T217] INFO: task syz.3.73:4452 blocked for more than 143 seconds.
[  212.782537][  T217]       Not tainted 5.7.0-syzkaller #0
[  212.788009][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  212.796738][  T217] syz.3.73        D15032  4452   4433 0x80000000
[  212.803070][  T217] Call Trace:
[  212.806345][  T217]  __schedule+0x2ca/0x650
[  212.810659][  T217]  schedule+0x3b/0xa0
[  212.814776][  T217]  rwsem_down_write_slowpath+0x38b/0x570
[  212.820399][  T217]  ? unmap_single_vma+0xaf/0xf0
[  212.825354][  T217]  unmap_single_vma+0xaf/0xf0
[  212.830105][  T217]  unmap_vmas+0x37/0x50
[  212.834265][  T217]  exit_mmap+0xa4/0x180
[  212.838403][  T217]  mmput+0x2e/0xe0
[  212.842104][  T217]  do_exit+0x32c/0xb60
[  212.846172][  T217]  __x64_sys_exit+0x12/0x20
[  212.850657][  T217]  do_syscall_64+0x50/0x180
[  212.855244][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  212.861114][  T217] RIP: 0033:0x7fddb485aff9
[  212.865550][  T217] Code: Bad RIP value.
[  212.869596][  T217] RSP: 002b:00007fddb42bafe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  212.878044][  T217] RAX: ffffffffffffffda RBX: 00007fddb4a13058 RCX: 00007fddb485aff9
[  212.886208][  T217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  212.894174][  T217] RBP: 00007fddb48cd296 R08: 0000000000000000 R09: 0000000000000000
[  212.902135][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  212.910149][  T217] R13: 0000000000000000 R14: 00007fddb4a13058 R15: 00007ffd81f640c8
[  213.020984][  T217] INFO: task syz.4.79:4589 blocked for more than 144 seconds.
[  213.028508][  T217]       Not tainted 5.7.0-syzkaller #0
[  213.034067][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  213.042979][  T217] syz.4.79        D13696  4589   2562 0x00000004
[  213.049289][  T217] Call Trace:
[  213.052645][  T217]  __schedule+0x2ca/0x650
[  213.056985][  T217]  schedule+0x3b/0xa0
[  213.060950][  T217]  rwsem_down_read_slowpath+0x318/0x560
[  213.066765][  T217]  ? down_read+0xa4/0xd0
[  213.070988][  T217]  down_read+0xa4/0xd0
[  213.075062][  T217]  hugetlb_fault+0x9b/0xaa0
[  213.079546][  T217]  handle_mm_fault+0x60a/0xe60
[  213.084305][  T217]  ? lock_acquire+0x93/0x130
[  213.089059][  T217]  ? do_page_fault+0x11d/0x59f
[  213.093906][  T217]  do_page_fault+0x2ad/0x59f
[  213.098478][  T217]  page_fault+0x39/0x40
[  213.102695][  T217] RIP: 0033:0x7fc2188eca98
[  213.107194][  T217] Code: Bad RIP value.
[  213.111243][  T217] RSP: 002b:00007ffc0763b378 EFLAGS: 00010246
[  213.117312][  T217] RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
[  213.125317][  T217] RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
[  213.133378][  T217] RBP: 00007fc218adea80 R08: 00007fc2187a7000 R09: 0000000000000001
[  213.141354][  T217] R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000d447
[  213.149328][  T217] R13: 00007ffc0763b480 R14: 0000000000000032 R15: fffffffffffffffe
[  213.340521][  T217] INFO: task syz.4.79:4590 blocked for more than 144 seconds.
[  213.348327][  T217]       Not tainted 5.7.0-syzkaller #0
[  213.353825][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  213.362480][  T217] syz.4.79        D14560  4590   2562 0x00004004
[  213.368903][  T217] Call Trace:
[  213.372176][  T217]  __schedule+0x2ca/0x650
[  213.376517][  T217]  schedule+0x3b/0xa0
[  213.380486][  T217]  rwsem_down_write_slowpath+0x38b/0x570
[  213.386119][  T217]  ? hugetlb_cow+0x1ac/0x540
[  213.390694][  T217]  hugetlb_cow+0x1ac/0x540
[  213.395226][  T217]  hugetlb_fault+0x6f6/0xaa0
[  213.399798][  T217]  handle_mm_fault+0x60a/0xe60
[  213.404575][  T217]  ? lock_acquire+0x93/0x130
[  213.409144][  T217]  ? do_page_fault+0x11d/0x59f
[  213.413913][  T217]  do_page_fault+0x2ad/0x59f
[  213.418486][  T217]  page_fault+0x39/0x40
[  213.422637][  T217] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[  213.428963][  T217] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[  213.448649][  T217] RSP: 0018:ffffc90001aafe70 EFLAGS: 00050202
[  213.454716][  T217] RAX: 000000002001d818 RBX: 0000000000004190 RCX: 0000000000000001
[  213.462733][  T217] RDX: 0000000000000000 RSI: ffffc90001aafe88 RDI: 000000002001d810
[  213.470719][  T217] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222de0880
[  213.478688][  T217] R10: 0000000000000001 R11: ffff888222de0000 R12: 000000002001d810
[  213.486663][  T217] R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001aafe8c
[  213.494638][  T217]  _copy_to_user+0x22/0x30
[  213.499033][  T217]  msr_read+0x62/0xe0
[  213.503111][  T217]  vfs_read+0x8f/0x150
[  213.507259][  T217]  ksys_read+0x5a/0xd0
[  213.511308][  T217]  do_syscall_64+0x50/0x180
[  213.515816][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  213.521689][  T217] RIP: 0033:0x7fc218924ff9
[  213.526199][  T217] Code: Bad RIP value.
[  213.530242][  T217] RSP: 002b:00007fc2183a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  213.538650][  T217] RAX: ffffffffffffffda RBX: 00007fc218adcf80 RCX: 00007fc218924ff9
[  213.546622][  T217] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
[  213.554590][  T217] RBP: 00007fc218997296 R08: 0000000000000000 R09: 0000000000000000
[  213.563187][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  213.571233][  T217] R13: 0000000000000000 R14: 00007fc218adcf80 R15: 00007ffc0763b218
[  213.825909][  T217] INFO: task syz.4.79:4608 blocked for more than 144 seconds.
[  213.833416][  T217]       Not tainted 5.7.0-syzkaller #0
[  213.839023][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  213.847694][  T217] syz.4.79        D15032  4608   4589 0x80000000
[  213.854017][  T217] Call Trace:
[  213.857288][  T217]  __schedule+0x2ca/0x650
[  213.861614][  T217]  schedule+0x3b/0xa0
[  213.865595][  T217]  rwsem_down_write_slowpath+0x38b/0x570
[  213.871380][  T217]  ? unmap_single_vma+0xaf/0xf0
[  213.876229][  T217]  unmap_single_vma+0xaf/0xf0
[  213.880885][  T217]  unmap_vmas+0x37/0x50
[  213.885036][  T217]  exit_mmap+0xa4/0x180
[  213.889176][  T217]  mmput+0x2e/0xe0
[  213.892908][  T217]  do_exit+0x32c/0xb60
[  213.896956][  T217]  __x64_sys_exit+0x12/0x20
[  213.901440][  T217]  do_syscall_64+0x50/0x180
[  213.905940][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  213.911816][  T217] RIP: 0033:0x7fc218924ff9
[  213.916320][  T217] Code: Bad RIP value.
[  213.920364][  T217] RSP: 002b:00007fc218384fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  213.929033][  T217] RAX: ffffffffffffffda RBX: 00007fc218add058 RCX: 00007fc218924ff9
[  213.937004][  T217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  213.945060][  T217] RBP: 00007fc218997296 R08: 0000000000000000 R09: 0000000000000000
[  213.953114][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  213.961065][  T217] R13: 0000000000000000 R14: 00007fc218add058 R15: 00007ffc0763b218
[  213.976020][  T217] INFO: task syz.1.83:4650 blocked for more than 145 seconds.
[  213.983535][  T217]       Not tainted 5.7.0-syzkaller #0
[  213.989146][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  213.997824][  T217] syz.1.83        D14600  4650   2079 0x00000004
[  214.004153][  T217] Call Trace:
[  214.007438][  T217]  __schedule+0x2ca/0x650
[  214.011747][  T217]  schedule+0x3b/0xa0
[  214.015732][  T217]  rwsem_down_read_slowpath+0x318/0x560
[  214.021270][  T217]  ? down_read+0xa4/0xd0
[  214.025520][  T217]  down_read+0xa4/0xd0
[  214.029571][  T217]  hugetlb_fault+0x9b/0xaa0
[  214.034075][  T217]  handle_mm_fault+0x60a/0xe60
[  214.038829][  T217]  ? lock_acquire+0x93/0x130
[  214.043510][  T217]  ? do_page_fault+0x11d/0x59f
[  214.048430][  T217]  do_page_fault+0x2ad/0x59f
[  214.053016][  T217]  page_fault+0x39/0x40
[  214.057150][  T217] RIP: 0033:0x7f7e8a4faa98
[  214.061545][  T217] Code: Bad RIP value.
[  214.065610][  T217] RSP: 002b:00007ffc183a6598 EFLAGS: 00010246
[  214.071651][  T217] RAX: 0000000020000640 RBX: 0000000000000004 RCX: 006b6e696c766564
[  214.079625][  T217] RDX: 0000000000000008 RSI: 006b6e696c766564 RDI: 0000000020000640
[  214.087611][  T217] RBP: 00007f7e8a6eca80 R08: 00007f7e8a3b5000 R09: 0000000000000001
[  214.095580][  T217] R10: 0000000000000001 R11: 0000000000000009 R12: 000000000000d573
[  214.103552][  T217] R13: 00007ffc183a66a0 R14: 0000000000000032 R15: fffffffffffffffe
[  214.114752][  T217] INFO: task syz.1.83:4653 blocked for more than 145 seconds.
[  214.122197][  T217]       Not tainted 5.7.0-syzkaller #0
[  214.127678][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  214.136436][  T217] syz.1.83        D14568  4653   2079 0x00004004
[  214.142746][  T217] Call Trace:
[  214.146031][  T217]  __schedule+0x2ca/0x650
[  214.150429][  T217]  schedule+0x3b/0xa0
[  214.154413][  T217]  rwsem_down_write_slowpath+0x38b/0x570
[  214.160027][  T217]  ? hugetlb_cow+0x1ac/0x540
[  214.164789][  T217]  hugetlb_cow+0x1ac/0x540
[  214.169282][  T217]  hugetlb_fault+0x6f6/0xaa0
[  214.173918][  T217]  handle_mm_fault+0x60a/0xe60
[  214.178666][  T217]  ? lock_acquire+0x93/0x130
[  214.183252][  T217]  ? do_page_fault+0x4ec/0x59f
[  214.187998][  T217]  do_page_fault+0x2ad/0x59f
[  214.192570][  T217]  page_fault+0x39/0x40
[  214.196766][  T217] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[  214.203089][  T217] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[  214.222959][  T217] RSP: 0018:ffffc90001adfe70 EFLAGS: 00050202
[  214.229183][  T217] RAX: 0000000020020290 RBX: 0000000000006c08 RCX: 0000000000000001
[  214.237163][  T217] RDX: 0000000000000000 RSI: ffffc90001adfe88 RDI: 0000000020020288
[  214.245143][  T217] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222c56780
[  214.253108][  T217] R10: 0000000000000001 R11: ffff888222c55f00 R12: 0000000020020288
[  214.261149][  T217] R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001adfe8c
[  214.269213][  T217]  _copy_to_user+0x22/0x30
[  214.273716][  T217]  msr_read+0x62/0xe0
[  214.277679][  T217]  vfs_read+0x8f/0x150
[  214.281739][  T217]  ksys_read+0x5a/0xd0
[  214.285806][  T217]  do_syscall_64+0x50/0x180
[  214.290287][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  214.296181][  T217] RIP: 0033:0x7f7e8a532ff9
[  214.300581][  T217] Code: Bad RIP value.
[  214.304654][  T217] RSP: 002b:00007f7e89fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  214.313423][  T217] RAX: ffffffffffffffda RBX: 00007f7e8a6eaf80 RCX: 00007f7e8a532ff9
[  214.321377][  T217] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
[  214.329357][  T217] RBP: 00007f7e8a5a5296 R08: 0000000000000000 R09: 0000000000000000
[  214.337331][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  214.345302][  T217] R13: 0000000000000000 R14: 00007f7e8a6eaf80 R15: 00007ffc183a6438
[  214.356928][  T217] INFO: task syz.1.83:4657 blocked for more than 145 seconds.
[  214.364401][  T217]       Not tainted 5.7.0-syzkaller #0
[  214.369845][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  214.378549][  T217] syz.1.83        D15032  4657   4650 0x80000000
[  214.384860][  T217] Call Trace:
[  214.388136][  T217]  __schedule+0x2ca/0x650
[  214.392513][  T217]  schedule+0x3b/0xa0
[  214.396489][  T217]  rwsem_down_write_slowpath+0x38b/0x570
[  214.402096][  T217]  ? unmap_single_vma+0xaf/0xf0
[  214.406940][  T217]  unmap_single_vma+0xaf/0xf0
[  214.411591][  T217]  unmap_vmas+0x37/0x50
[  214.415728][  T217]  exit_mmap+0xa4/0x180
[  214.419853][  T217]  mmput+0x2e/0xe0
[  214.423556][  T217]  do_exit+0x32c/0xb60
[  214.427614][  T217]  __x64_sys_exit+0x12/0x20
[  214.432329][  T217]  do_syscall_64+0x50/0x180
[  214.436827][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  214.442689][  T217] RIP: 0033:0x7f7e8a532ff9
[  214.447096][  T217] Code: Bad RIP value.
[  214.451130][  T217] RSP: 002b:00007f7e89f92fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  214.459522][  T217] RAX: ffffffffffffffda RBX: 00007f7e8a6eb058 RCX: 00007f7e8a532ff9
[  214.467485][  T217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  214.475441][  T217] RBP: 00007f7e8a5a5296 R08: 0000000000000000 R09: 0000000000000000
[  214.483524][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  214.491549][  T217] R13: 0000000000000000 R14: 00007f7e8a6eb058 R15: 00007ffc183a6438
[  214.631652][  T217] INFO: task syz.0.84:4666 blocked for more than 145 seconds.
[  214.639254][  T217]       Not tainted 5.7.0-syzkaller #0
[  214.644721][  T217] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  214.653382][  T217] syz.0.84        D14584  4666   2553 0x00004004
[  214.659689][  T217] Call Trace:
[  214.662981][  T217]  __schedule+0x2ca/0x650
[  214.667295][  T217]  ? hugetlb_fault+0x1ab/0xaa0
[  214.672130][  T217]  schedule+0x3b/0xa0
[  214.676123][  T217]  schedule_preempt_disabled+0x5/0x10
[  214.681476][  T217]  __mutex_lock+0x3c4/0x700
[  214.686074][  T217]  ? lock_acquire+0x93/0x130
[  214.690652][  T217]  ? hugetlb_fault+0x1ab/0xaa0
[  214.695512][  T217]  hugetlb_fault+0x1ab/0xaa0
[  214.700180][  T217]  handle_mm_fault+0x60a/0xe60
[  214.704966][  T217]  do_page_fault+0x2ad/0x59f
[  214.709541][  T217]  page_fault+0x39/0x40
[  214.713701][  T217] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[  214.720006][  T217] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[  214.739788][  T217] RSP: 0018:ffffc90001ae7e70 EFLAGS: 00050202
[  214.745848][  T217] RAX: 000000002001fcc8 RBX: 0000000000006640 RCX: 0000000000000001
[  214.753921][  T217] RDX: 0000000000000000 RSI: ffffc90001ae7e88 RDI: 000000002001fcc0
[  214.761966][  T217] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222db4fc0
[  214.770031][  T217] R10: 0000000000000001 R11: ffff888222db4740 R12: 000000002001fcc0
[  214.778000][  T217] R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001ae7e8c
[  214.785979][  T217]  _copy_to_user+0x22/0x30
[  214.790373][  T217]  msr_read+0x62/0xe0
[  214.794525][  T217]  vfs_read+0x8f/0x150
[  214.798577][  T217]  ksys_read+0x5a/0xd0
[  214.802726][  T217]  do_syscall_64+0x50/0x180
[  214.807227][  T217]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  214.813119][  T217] RIP: 0033:0x7f9276e64ff9
[  214.817512][  T217] Code: Bad RIP value.
[  214.821558][  T217] RSP: 002b:00007f92768e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  214.829970][  T217] RAX: ffffffffffffffda RBX: 00007f927701cf80 RCX: 00007f9276e64ff9
[  214.837948][  T217] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003
[  214.845914][  T217] RBP: 00007f9276ed7296 R08: 0000000000000000 R09: 0000000000000000
[  214.853886][  T217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  214.862104][  T217] R13: 0000000000000000 R14: 00007f927701cf80 R15: 00007fff79880d48
[  215.135733][  T217] 
[  215.135733][  T217] Showing all locks held in the system:
[  215.143507][  T217] 2 locks held by kworker/u4:0/7:
[  215.148594][  T217]  #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.159537][  T217]  #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.171001][  T217] 2 locks held by kworker/u4:1/21:
[  215.176113][  T217]  #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.187043][  T217]  #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.198429][  T217] 1 lock held by khungtaskd/217:
[  215.203357][  T217]  #0: ffffffff8226cd60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0xfc
[  215.213087][  T217] 1 lock held by klogd/887:
[  215.217650][  T217]  #0: ffff888237c2b3d8 (&rq->lock){....}-{2:2}, at: __schedule+0xa5/0x650
[  215.226245][  T217] 2 locks held by getty/959:
[  215.230819][  T217]  #0: ffff8882315a0098 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x50
[  215.240538][  T217]  #1: ffffc900015672e8 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0xd4/0x9c0
[  215.250447][  T217] 2 locks held by kworker/u4:3/1018:
[  215.255736][  T217]  #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.266952][  T217]  #1: ffffc90000177e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.278499][  T217] 2 locks held by kworker/u4:5/1028:
[  215.283950][  T217]  #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.295074][  T217]  #1: ffffc90000217e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460
[  215.306532][  T217] 2 locks held by syz.3.73/4433:
[  215.311456][  T217]  #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.320916][  T217]  #1: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.331392][  T217] 4 locks held by syz.3.73/4435:
[  215.336338][  T217]  #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.345885][  T217]  #1: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.356390][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.367155][  T217]  #3: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540
[  215.377492][  T217] 1 lock held by syz.3.73/4452:
[  215.382320][  T217]  #0: ffff888222d90350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0
[  215.392910][  T217] 2 locks held by syz.4.79/4589:
[  215.397823][  T217]  #0: ffff888226740128 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.407296][  T217]  #1: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.417706][  T217] 4 locks held by syz.4.79/4590:
[  215.422617][  T217]  #0: ffff888226740128 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.432077][  T217]  #1: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.442571][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.453248][  T217]  #3: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540
[  215.463562][  T217] 1 lock held by syz.4.79/4608:
[  215.468389][  T217]  #0: ffff888222d74350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0
[  215.478987][  T217] 2 locks held by syz.1.83/4650:
[  215.484005][  T217]  #0: ffff888222c4b328 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.493565][  T217]  #1: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.503979][  T217] 4 locks held by syz.1.83/4653:
[  215.508890][  T217]  #0: ffff888222c4b328 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f
[  215.518392][  T217]  #1: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.528885][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.539661][  T217]  #3: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540
[  215.550081][  T217] 1 lock held by syz.1.83/4657:
[  215.555030][  T217]  #0: ffff888222c24350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0
[  215.565729][  T217] 3 locks held by syz.0.84/4666:
[  215.570821][  T217]  #0: ffff888222df8da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f
[  215.580405][  T217]  #1: ffff888222e08350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.590821][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.601510][  T217] 3 locks held by syz.0.84/4673:
[  215.606437][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  215.615740][  T217]  #1: ffff888222e08198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  215.626673][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  215.637881][  T217] 2 locks held by syz.2.93/4714:
[  215.642793][  T217]  #0: ffff8882267e2068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.652262][  T217]  #1: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.662677][  T217] 4 locks held by syz.2.93/4715:
[  215.667617][  T217]  #0: ffff8882267e2068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.677065][  T217]  #1: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.687488][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.698159][  T217]  #3: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540
[  215.708499][  T217] 1 lock held by syz.2.93/4717:
[  215.713339][  T217]  #0: ffff888222e71890 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0
[  215.724026][  T217] 3 locks held by syz.3.102/5967:
[  215.729026][  T217]  #0: ffff888226600da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.738497][  T217]  #1: ffff888222dc0bd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.748906][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.759696][  T217] 3 locks held by syz.3.102/6000:
[  215.764713][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  215.774116][  T217]  #1: ffff888222dc0a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  215.785044][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  215.796533][  T217] 3 locks held by syz.4.104/6005:
[  215.801532][  T217]  #0: ffff888222d40da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.811182][  T217]  #1: ffff888222d74790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.821593][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.832277][  T217] 3 locks held by syz.4.104/6030:
[  215.837292][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  215.846594][  T217]  #1: ffff888222d745d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  215.857616][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  215.868907][  T217] 1 lock held by syz.3.102/6025:
[  215.873832][  T217]  #0: ffff888222dc0bd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0
[  215.884420][  T217] 3 locks held by syz.1.97/6971:
[  215.889332][  T217]  #0: ffff888222c4cc28 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f
[  215.898782][  T217]  #1: ffff888222c26dd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0
[  215.909276][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0
[  215.919952][  T217] 3 locks held by syz.1.97/6972:
[  215.924886][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  215.934168][  T217]  #1: ffff888222c26c18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  215.945100][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  215.956310][  T217] 1 lock held by syz.1.97/7026:
[  215.961222][  T217]  #0: ffff888222c26dd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0
[  215.971917][  T217] 3 locks held by syz.2.98/7029:
[  215.976848][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  215.986249][  T217]  #1: ffff888222ea4a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  215.997183][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.008558][  T217] 3 locks held by syz.0.108/7047:
[  216.013571][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.022838][  T217]  #1: ffff888222e096d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.033767][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.044971][  T217] 3 locks held by syz.4.114/8212:
[  216.049982][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.059273][  T217]  #1: ffff888222c7d298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.070307][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.081503][  T217] 3 locks held by syz.3.121/8365:
[  216.086515][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.095793][  T217]  #1: ffff888222dc2398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.106717][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.117997][  T217] 3 locks held by syz.2.113/9367:
[  216.123011][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.132276][  T217]  #1: ffff888222ea4e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.143201][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.154426][  T217] 3 locks held by syz.0.126/9383:
[  216.159428][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.168710][  T217]  #1: ffff888222f145d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.179730][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.191016][  T217] 3 locks held by syz.1.136/9420:
[  216.196034][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.205319][  T217]  #1: ffff888222c27058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.216251][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.227453][  T217] 3 locks held by syz.3.140/10341:
[  216.232567][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.241924][  T217]  #1: ffff888222dc2c18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.252853][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.264054][  T217] 3 locks held by syz.4.150/10450:
[  216.269226][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.278512][  T217]  #1: ffff888222c7ec18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.289714][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.301169][  T217] 3 locks held by syz.2.155/11356:
[  216.306288][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.315656][  T217]  #1: ffff888222e72398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.326607][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.337976][  T217] 3 locks held by syz.0.147/11392:
[  216.343085][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.352447][  T217]  #1: ffff888222f14a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.363372][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.374653][  T217] 3 locks held by syz.1.157/11766:
[  216.379739][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.389020][  T217]  #1: ffff888222c25b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.399956][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.411157][  T217] 3 locks held by syz.3.162/12701:
[  216.416267][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.425555][  T217]  #1: ffff888222d90e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.436488][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.447780][  T217] 3 locks held by syz.4.167/12782:
[  216.452892][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.462157][  T217]  #1: ffff888222c7f058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.473090][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.484371][  T217] 3 locks held by syz.0.170/13631:
[  216.489630][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.498918][  T217]  #1: ffff888222e09b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.509844][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.521043][  T217] 3 locks held by syz.2.173/13763:
[  216.526142][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.535431][  T217]  #1: ffff888222e73058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.546368][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.557574][  T217] 3 locks held by syz.1.176/14105:
[  216.562656][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.571983][  T217]  #1: ffff888222c256d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.582911][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.594282][  T217] 3 locks held by syz.3.181/15135:
[  216.599368][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.608754][  T217]  #1: ffff888222d91298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.619685][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.630895][  T217] 3 locks held by syz.4.184/15181:
[  216.635998][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.645288][  T217]  #1: ffff888222d75298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.656217][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.667510][  T217] 3 locks held by syz.0.186/15858:
[  216.672677][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.681973][  T217]  #1: ffff888222e09f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.693042][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.704424][  T217] 3 locks held by syz.2.189/16121:
[  216.709507][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.718802][  T217]  #1: ffff888222ea5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.729744][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.740953][  T217] 3 locks held by syz.1.252/16650:
[  216.746053][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.755343][  T217]  #1: ffff888222c3e7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.766276][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.777481][  T217] 3 locks held by syz.3.259/17172:
[  216.782660][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.791951][  T217]  #1: ffff888222dc3d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.802888][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.814265][  T217] 3 locks held by syz.4.268/18196:
[  216.819346][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.828657][  T217]  #1: ffff888222d756d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.839762][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.851403][  T217] 3 locks held by syz.0.271/18241:
[  216.856504][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.865796][  T217]  #1: ffff888222e0ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.876819][  T217]  #2: ffff8882333e6848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.888029][  T217] 3 locks held by syz.2.284/18583:
[  216.893157][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.902415][  T217]  #1: ffff888222e738d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.913355][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.924561][  T217] 3 locks held by syz.1.314/19140:
[  216.929658][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.939124][  T217]  #1: ffff888222c3f8d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.950150][  T217]  #2: ffff8882333e6338 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.961355][  T217] 3 locks held by syz.3.320/19714:
[  216.966463][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  216.975870][  T217]  #1: ffff888222d916d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  216.986805][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  216.998087][  T217] 3 locks held by syz.0.342/21644:
[  217.003187][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  217.012453][  T217]  #1: ffff888222f15b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  217.023471][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  217.034665][  T217] 3 locks held by syz.4.345/21776:
[  217.039763][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  217.049485][  T217]  #1: ffff888222c7fd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  217.060516][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  217.074578][  T217] 3 locks held by syz.2.367/22389:
[  217.079662][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  217.088945][  T217]  #1: ffff888222e70e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  217.099879][  T217]  #2: ffff8882333e6218 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  217.111091][  T217] 3 locks held by syz.1.492/24892:
[  217.116194][  T217]  #0: ffff8882345fd438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270
[  217.125471][  T217]  #1: ffff888222c3c5d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530
[  217.136411][  T217]  #2: ffff8882333e6608 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530
[  217.147690][  T217] 1 lock held by syz-executor/5841:
[  217.153105][  T217]  #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x2c4/0x360
[  217.163960][  T217] 1 lock held by kworker/u4:1/7688:
[  217.169135][  T217] 
[  217.171445][  T217] =============================================
[  217.171445][  T217] 
[  217.180026][  T217] NMI backtrace for cpu 1
[  217.184369][  T217] CPU: 1 PID: 217 Comm: khungtaskd Not tainted 5.7.0-syzkaller #0
[  217.192325][  T217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  217.202361][  T217] Call Trace:
[  217.205643][  T217]  dump_stack+0x50/0x70
[  217.209782][  T217]  nmi_cpu_backtrace.cold.7+0x13/0x50
[  217.215301][  T217]  ? lapic_can_unplug_cpu.cold.31+0x40/0x40
[  217.221262][  T217]  nmi_trigger_cpumask_backtrace+0x9b/0x9d
[  217.227141][  T217]  watchdog+0x327/0x4b0
[  217.231276][  T217]  ? hungtask_pm_notify+0x40/0x40
[  217.236281][  T217]  kthread+0x10e/0x130
[  217.240334][  T217]  ? kthread_park+0x60/0x60
[  217.244818][  T217]  ret_from_fork+0x22/0x30
[  217.249251][  T217] Sending NMI from CPU 1 to CPUs 0:
[  217.254587][    C0] NMI backtrace for cpu 0
[  217.254588][    C0] CPU: 0 PID: 7869 Comm: modprobe Not tainted 5.7.0-syzkaller #0
[  217.254589][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  217.254589][    C0] RIP: 0010:page_remove_rmap+0x105/0x2a0
[  217.254591][    C0] Code: 89 df e8 7e 3e ff ff e9 4e ff ff ff 40 84 ed 0f 85 e5 00 00 00 48 89 df e8 f8 a9 01 00 85 c0 0f 85 50 01 00 00 f0 83 43 30 ff <0f> 89 2a ff ff ff 48 8b 53 08 48 8d 42 ff 83 e2 01 48 0f 44 c3 48
[  217.254591][    C0] RSP: 0018:ffffc9000535fcd0 EFLAGS: 00000213
[  217.254593][    C0] RAX: 0000000000000000 RBX: ffffea0008df2c00 RCX: 0000000082092f8a
[  217.254593][    C0] RDX: 0000000000000000 RSI: 0000000052133621 RDI: ffffea0008df2c00
[  217.254594][    C0] RBP: 0000000000000000 R08: 0000000000000002 R09: ffff88821db7cfc0
[  217.254595][    C0] R10: 0000000000000001 R11: ffff88821db7c740 R12: ffffea0008df2c00
[  217.254595][    C0] R13: 0000000237cb0025 R14: 00007f7289e65000 R15: ffffc9000535fde0
[  217.254596][    C0] FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[  217.254597][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  217.254597][    C0] CR2: 00007f7289ed6440 CR3: 000000021db82000 CR4: 00000000003406f0
[  217.254598][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  217.254598][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  217.254599][    C0] Call Trace:
[  217.254599][    C0]  unmap_page_range+0x51e/0x9a0
[  217.254600][    C0]  unmap_vmas+0x37/0x50
[  217.254600][    C0]  exit_mmap+0xa4/0x180
[  217.254601][    C0]  mmput+0x2e/0xe0
[  217.254601][    C0]  do_exit+0x32c/0xb60
[  217.254602][    C0]  ? __context_tracking_exit.part.6+0x40/0xa0
[  217.254602][    C0]  do_group_exit+0x42/0xb0
[  217.254603][    C0]  __x64_sys_exit_group+0xf/0x10
[  217.254603][    C0]  do_syscall_64+0x50/0x180
[  217.254604][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  217.254604][    C0] RIP: 0033:0x7f7289f94a90
[  217.254606][    C0] Code: 0f 05 57 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 ba e7 00 00 00 be 3c 00 00 00 89 d0 0f 05 <48> 3d 00 f0 ff ff 76 0c 48 8b 0d 69 43 0f 00 f7 d8 64 89 01 89 f0
[  217.254606][    C0] RSP: 002b:00007ffe7963f4a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  217.254607][    C0] RAX: ffffffffffffffda RBX: 00007f728a085860 RCX: 00007f7289f94a90
[  217.254608][    C0] RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
[  217.254609][    C0] RBP: 00007f728a085860 R08: 0000000000000000 R09: 8ada9396961be19c
[  217.254609][    C0] R10: 00007ffe7963f360 R11: 0000000000000246 R12: 0000000000000000
[  217.254610][    C0] R13: 0000000000000001 R14: 00007f728a089658 R15: 0000000000000001
[  217.255520][  T217] Kernel panic - not syncing: hung_task: blocked tasks
[  217.517030][  T217] Kernel Offset: disabled
[  217.521510][  T217] Rebooting in 86400 seconds..