INFO: task syz.2.18:7713 blocked for more than 143 seconds.
      Not tainted 6.6.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.18        state:D stack:12920 pid:7713  ppid:5767   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x742/0x1510 kernel/sched/core.c:6695
 schedule+0x68/0xc0 kernel/sched/core.c:6771
 schedule_preempt_disabled+0x32/0x60 kernel/sched/core.c:6830
 rwsem_down_read_slowpath kernel/locking/rwsem.c:1086 [inline]
 __down_read_common kernel/locking/rwsem.c:1250 [inline]
 __down_read kernel/locking/rwsem.c:1263 [inline]
 down_read+0x2e3/0x440 kernel/locking/rwsem.c:1522
 i_mmap_lock_read include/linux/fs.h:532 [inline]
 rmap_walk_file+0x28c/0x3f0 mm/rmap.c:2533
 remove_migration_ptes mm/migrate.c:295 [inline]
 unmap_and_move_huge_page mm/migrate.c:1441 [inline]
 migrate_hugetlbs mm/migrate.c:1557 [inline]
 migrate_pages+0x71b/0x1a20 mm/migrate.c:1920
 do_mbind mm/mempolicy.c:1295 [inline]
 kernel_mbind mm/mempolicy.c:1437 [inline]
 __do_sys_mbind mm/mempolicy.c:1511 [inline]
 __se_sys_mbind+0xa78/0xc90 mm/mempolicy.c:1507
 do_syscall_64+0x48/0xc0
 entry_SYSCALL_64_after_hwframe+0x6f/0xd9
RIP: 0033:0x7fa6c1185d19
RSP: 002b:00007fa6c2059038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
RAX: ffffffffffffffda RBX: 00007fa6c1375fa0 RCX: 00007fa6c1185d19
RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
RBP: 00007fa6c1201a20 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa6c1375fa0 R15: 00007ffd0cc3b7a8
 </TASK>
INFO: task syz.2.18:7724 blocked for more than 143 seconds.
      Not tainted 6.6.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.18        state:D stack:14336 pid:7724  ppid:5767   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x742/0x1510 kernel/sched/core.c:6695
 schedule+0x68/0xc0 kernel/sched/core.c:6771
 io_schedule+0x3e/0x60 kernel/sched/core.c:9026
 folio_wait_bit_common+0x484/0x950 mm/filemap.c:1273
 __folio_lock mm/filemap.c:1611 [inline]
 folio_lock include/linux/pagemap.h:1014 [inline]
 __filemap_get_folio+0xf6/0x770 mm/filemap.c:1864
 filemap_lock_folio include/linux/pagemap.h:637 [inline]
 filemap_lock_hugetlb_folio include/linux/hugetlb.h:848 [inline]
 hugetlbfs_zero_partial_page+0x40/0x1f0 fs/hugetlbfs/inode.c:722
 hugetlbfs_punch_hole fs/hugetlbfs/inode.c:776 [inline]
 hugetlbfs_fallocate+0x66e/0x820 fs/hugetlbfs/inode.c:809
 vfs_fallocate+0x313/0x370 fs/open.c:324
 madvise_remove mm/madvise.c:990 [inline]
 madvise_vma_behavior mm/madvise.c:1014 [inline]
 madvise_walk_vmas mm/madvise.c:1249 [inline]
 do_madvise+0xd4a/0x2790 mm/madvise.c:1429
 __do_sys_madvise mm/madvise.c:1442 [inline]
 __se_sys_madvise mm/madvise.c:1440 [inline]
 __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1440
 do_syscall_64+0x48/0xc0
 entry_SYSCALL_64_after_hwframe+0x6f/0xd9
RIP: 0033:0x7fa6c1185d19
RSP: 002b:00007fa6c2005038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007fa6c1376080 RCX: 00007fa6c1185d19
RDX: 0000000000000009 RSI: 0000000000600002 RDI: 0000000020000000
RBP: 00007fa6c1201a20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fa6c1376080 R15: 00007ffd0cc3b7a8
 </TASK>

Showing all locks held in the system:
2 locks held by kworker/u4:0/11:
 #0: ffff88813bc2de18 (&rq->__lock){....}-{2:2}, at: raw_spin_rq_lock_nested+0x23/0xf0 kernel/sched/core.c:558
 #1: ffffc900000abe48 ((work_completion)(&ctx->exit_work)){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #1: ffffc900000abe48 ((work_completion)(&ctx->exit_work)){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
3 locks held by kworker/1:0/22:
 #0: ffff88810006c738 ((wq_completion)events){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #0: ffff88810006c738 ((wq_completion)events){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
 #1: ffff88813bd1c748 (&per_cpu_ptr(group->pcpu, cpu)->seq){....}-{0:0}, at: psi_task_switch+0x266/0x2c0 kernel/sched/psi.c:999
 #2: ffffffff85b3af20 (pool_lock){....}-{2:2}, at: free_obj_work+0x4a/0x210 lib/debugobjects.c:293
1 lock held by khungtaskd/28:
 #0: ffffffff859fcbf0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
 #0: ffffffff859fcbf0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:749 [inline]
 #0: ffffffff859fcbf0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x30/0x100 kernel/locking/lockdep.c:6613
2 locks held by kworker/u4:6/2203:
 #0: ffff88810006cd38 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #0: ffff88810006cd38 ((wq_completion)events_unbound){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
 #1: ffffc900053b3e48 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #1: ffffc900053b3e48 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
3 locks held by kworker/u4:10/2405:
 #0: ffff88810006df38 ((wq_completion)netns){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #0: ffff88810006df38 ((wq_completion)netns){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
 #1: ffffc900058e3e48 (net_cleanup_work){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #1: ffffc900058e3e48 (net_cleanup_work){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
 #2: ffffffff859fda80 (rcu_state.barrier_mutex){....}-{3:3}, at: rcu_barrier+0x38/0x280 kernel/rcu/tree.c:3994
2 locks held by getty/3501:
 #0: ffff888141bfe8a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x50 drivers/tty/tty_ldisc.c:243
 #1: ffffc90006fd72f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x31f/0xf00 drivers/tty/n_tty.c:2206
2 locks held by kworker/0:6/6407:
 #0: ffff88810006d538 ((wq_completion)rcu_gp){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #0: ffff88810006d538 ((wq_completion)rcu_gp){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
 #1: ffffc90002f47e48 ((work_completion)(&rew->rew_work)){....}-{0:0}, at: process_one_work kernel/workqueue.c:2605 [inline]
 #1: ffffc90002f47e48 ((work_completion)(&rew->rew_work)){....}-{0:0}, at: process_scheduled_works+0x26e/0x770 kernel/workqueue.c:2703
1 lock held by syz.2.18/7713:
 #0: ffff888141670d08 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:532 [inline]
 #0: ffff888141670d08 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: rmap_walk_file+0x28c/0x3f0 mm/rmap.c:2533
3 locks held by syz.2.18/7724:
 #0: ffff88810666d410 (sb_writers#13){....}-{0:0}, at: vfs_fallocate+0x2f4/0x370 fs/open.c:323
 #1: ffff888141670a90 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
 #1: ffff888141670a90 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: hugetlbfs_punch_hole fs/hugetlbfs/inode.c:751 [inline]
 #1: ffff888141670a90 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: hugetlbfs_fallocate+0x173/0x820 fs/hugetlbfs/inode.c:809
 #2: ffff888141670d08 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:512 [inline]
 #2: ffff888141670d08 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlbfs_punch_hole fs/hugetlbfs/inode.c:759 [inline]
 #2: ffff888141670d08 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlbfs_fallocate+0x215/0x820 fs/hugetlbfs/inode.c:809
1 lock held by syz-executor/22045:
 #0: ffffffff85d35858 (rtnl_mutex){....}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
 #0: ffffffff85d35858 (rtnl_mutex){....}-{3:3}, at: rtnetlink_rcv_msg+0x48e/0x7c0 net/core/rtnetlink.c:6441
1 lock held by syz.5.20160/22652:
 #0: ffffffff859fdbb8 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
 #0: ffffffff859fdbb8 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x240/0x700 kernel/rcu/tree_exp.h:992
1 lock held by syz.1.20162/22660:
 #0: ffffffff859fdbb8 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
 #0: ffffffff859fdbb8 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x240/0x700 kernel/rcu/tree_exp.h:992

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.6.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xf4/0x180 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x234/0x250 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x102/0x220 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0x8b9/0x8f0 kernel/hung_task.c:379
 kthread+0x115/0x140 kernel/kthread.c:388
 ret_from_fork+0x4d/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:304
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x20/0x30 drivers/acpi/processor_idle.c:112