INFO: task syz.2.146:6517 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.146       state:D stack:8832  pid:6517  tgid:6516  ppid:2958   task_flags:0x440140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x756/0xc10 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xac/0x140 kernel/sched/core.c:6860
 __bch2_two_state_lock+0xa2/0x100 fs/bcachefs/two_state_shared_lock.c:7
 bch2_two_state_lock fs/bcachefs/two_state_shared_lock.h:55 [inline]
 bch2_readahead+0x2d6/0x5a0 fs/bcachefs/fs-io-buffered.c:296
 read_pages+0x8a/0x160 mm/readahead.c:160
 page_cache_ra_unbounded+0x1ac/0x230 mm/readahead.c:297
 filemap_get_pages+0x166/0x810 mm/filemap.c:2591
 filemap_splice_read+0x1b2/0x3b0 mm/filemap.c:2981
 do_splice_read fs/splice.c:979 [inline]
 splice_direct_to_actor+0xe8/0x2e0 fs/splice.c:1083
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x6f/0xb0 fs/splice.c:1227
 vfs_copy_file_range+0x517/0x6b0 fs/read_write.c:1625
 __do_sys_copy_file_range fs/read_write.c:1675 [inline]
 __se_sys_copy_file_range+0x167/0x200 fs/read_write.c:1642
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fce4e34eba9
RSP: 002b:00007fce4d9be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
RAX: ffffffffffffffda RBX: 00007fce4e595fa0 RCX: 00007fce4e34eba9
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fce4e3d1e19 R08: 0000000000000101 R09: 0000000000000000
R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fce4e596038 R14: 00007fce4e595fa0 R15: 00007ffe78667588
 </TASK>
INFO: task syz.2.146:6536 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.146       state:D stack:10944 pid:6536  tgid:6516  ppid:2958   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x756/0xc10 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xac/0x140 kernel/sched/core.c:6860
 io_schedule+0x3f/0x60 kernel/sched/core.c:7742
 folio_wait_bit_common+0x1d9/0x390 mm/filemap.c:1317
 __folio_lock mm/filemap.c:1664 [inline]
 folio_lock include/linux/pagemap.h:1137 [inline]
 __filemap_get_folio+0x146/0x3f0 mm/filemap.c:1917
 folio_hole_offset fs/bcachefs/fs-io-pagecache.c:756 [inline]
 bch2_seek_pagecache_hole+0x49/0x1e0 fs/bcachefs/fs-io-pagecache.c:793
 bch2_clamp_data_hole+0x2d/0x90 fs/bcachefs/fs-io-pagecache.c:808
 __bchfs_fallocate+0x538/0x960 fs/bcachefs/fs-io.c:697
 bchfs_fallocate+0x128/0x270 fs/bcachefs/fs-io.c:789
 bch2_fallocate_dispatch+0x100/0x190 fs/bcachefs/fs-io.c:836
 vfs_fallocate+0x19c/0x1c0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x44/0x70 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fce4e34eba9
RSP: 002b:00007fce4d99d038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fce4e596090 RCX: 00007fce4e34eba9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fce4e3d1e19 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000001001ec R11: 0000000000000246 R12: 0000000000000000
R13: 00007fce4e596128 R14: 00007fce4e596090 R15: 00007ffe78667588
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff83b84b30 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff83b84b30 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff83b84b30 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x2e/0x100 kernel/locking/lockdep.c:6764
2 locks held by kworker/u8:6/370:
2 locks held by getty/1453:
 #0: ffff888102f640a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x20/0x40 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002be72f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x1c9/0x6f0 drivers/tty/n_tty.c:2222
1 lock held by syz.2.146/6517:
 #0: ffff888125c61ee8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:922 [inline]
 #0: ffff888125c61ee8 (mapping.invalidate_lock#3){....}-{3:3}, at: page_cache_ra_unbounded+0x61/0x230 mm/readahead.c:228
3 locks held by syz.2.146/6536:
 #0: ffff88812ef8c3f8 (sb_writers#12){....}-{0:0}, at: vfs_fallocate+0x183/0x1c0 fs/open.c:337
 #1: ffff888125c61d48 (&sb->s_type->i_mutex_key#18){....}-{3:3}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff888125c61d48 (&sb->s_type->i_mutex_key#18){....}-{3:3}, at: bch2_fallocate_dispatch+0x75/0x190 fs/bcachefs/fs-io.c:827
 #2: ffff888134a04228 (&c->btree_trans_barrier){....}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #2: ffff888134a04228 (&c->btree_trans_barrier){....}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #2: ffff888134a04228 (&c->btree_trans_barrier){....}-{0:0}, at: __bch2_trans_get+0x270/0x3e0 fs/bcachefs/btree_iter.c:3430
3 locks held by syz.3.811/14938:
1 lock held by syz.4.812/14941:
1 lock held by syz.7.813/14943:
 #0: ffffffff83a984c0 (wq_pool_mutex){....}-{3:3}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline]
 #0: ffffffff83a984c0 (wq_pool_mutex){....}-{3:3}, at: __alloc_workqueue+0x310/0x8e0 kernel/workqueue.c:5734
2 locks held by syz.1.815/14965:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x109/0x170 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x8e/0x140 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x604/0x630 kernel/hung_task.c:437
 kthread+0x200/0x230 kernel/kthread.c:464
 ret_from_fork+0x32/0x40 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 14938 Comm: syz.3.811 Not tainted syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:lockdep_recursion_finish kernel/locking/lockdep.c:472 [inline]
RIP: 0010:lock_release+0x20f/0x2f0 kernel/locking/lockdep.c:5889
Code: d8 45 85 ed 41 89 c5 7f d0 4c 89 ff 4c 89 f6 48 8b 54 24 10 e8 c2 21 00 00 48 8b 5c 24 08 48 c7 c7 87 11 7b 83 e8 11 cf 85 01 <b8> ff ff ff ff 65 0f c1 05 1c 45 5e 03 83 f8 01 74 17 48 c7 c7 4e
RSP: 0018:ffffc90000003e10 EFLAGS: 00000086
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 27d18a952aa69d00
RDX: 0000000000000018 RSI: ffffffff837b1187 RDI: ffffffff836cca9e
RBP: ffff8881261241c8 R08: 0000000000000000 R09: 0000000000000008
R10: 0000000000000008 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffff8884b400 R15: ffff888126123780
FS:  00007f4640fce6c0(0000) GS:ffff8882b3257000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0389cb5000 CR3: 000000012cc98000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
 _raw_spin_unlock_irqrestore+0x2c/0xa0 kernel/locking/spinlock.c:194
 class_raw_spinlock_irqsave_destructor include/linux/spinlock.h:557 [inline]
 timekeeping_advance+0x439/0x5d0 kernel/time/timekeeping.c:2211
 update_wall_time+0xb/0x20 kernel/time/timekeeping.c:2219
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x48/0x120 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x16a/0x2e0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x104/0x230 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x81/0x200 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:2061 [inline]
RIP: 0010:vprintk_emit+0x21c/0x400 kernel/printk/printk.c:2449
Code: 24 08 00 00 00 00 9c 8f 44 24 08 f7 44 24 08 00 02 00 00 0f 85 cf 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 c7 88 31 b8 83 <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 41 56 e8 1b
RSP: 0018:ffffc90001347720 EFLAGS: 00000206
RAX: 27d18a952aa69d00 RBX: 0000000000000029 RCX: 27d18a952aa69d00
RDX: c572cac689f2b3dc RSI: ffffffff837b1187 RDI: ffffffff83b83188
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 00000000fffffe13 R12: 0000000000000000
R13: 00000000ffffffff R14: ffffffff813eecb4 R15: 0000000000000246
 bch2_print_maybe_redirect fs/bcachefs/super.c:112 [inline]
 __bch2_print+0xac/0xf0 fs/bcachefs/super.c:131
 bch2_fs_initialize+0x52f/0x8c0 fs/bcachefs/recovery.c:1166
 bch2_fs_start+0x2d3/0x440 fs/bcachefs/super.c:1127
 bch2_fs_get_tree+0x2d1/0x750 fs/bcachefs/fs.c:2483
 vfs_get_tree+0x26/0xb0 fs/super.c:1759
 do_new_mount+0x13f/0x380 fs/namespace.c:3884
 do_mount fs/namespace.c:4224 [inline]
 __do_sys_mount fs/namespace.c:4435 [inline]
 __se_sys_mount+0x147/0x1b0 fs/namespace.c:4412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x180 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f464196034a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4640fcde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4640fcdef0 RCX: 00007f464196034a
RDX: 0000200000000040 RSI: 00002000000003c0 RDI: 00007f4640fcdeb0
RBP: 0000200000000040 R08: 00007f4640fcdef0 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000246 R12: 00002000000003c0
R13: 00007f4640fcdeb0 R14: 0000000000005a9e R15: 00002000000002c0
 </TASK>