INFO: task syz.3.358:8420 blocked for more than 143 seconds. Not tainted 6.12.0-rc2-syzkaller-00260-g9e4c6c1ad9a1 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.358 state:D stack:25120 pid:8420 tgid:8420 ppid:8038 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:5322 [inline] __schedule+0xef5/0x5750 kernel/sched/core.c:6682 __schedule_loop kernel/sched/core.c:6759 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831 rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084 __down_read_common kernel/locking/rwsem.c:1248 [inline] __down_read kernel/locking/rwsem.c:1261 [inline] down_read+0x124/0x330 kernel/locking/rwsem.c:1526 filemap_invalidate_lock_shared include/linux/fs.h:870 [inline] filemap_fault+0x62e/0x2820 mm/filemap.c:3350 __do_fault+0x10a/0x490 mm/memory.c:4876 do_shared_fault mm/memory.c:5346 [inline] do_fault mm/memory.c:5420 [inline] do_pte_missing+0x1a8/0x3e50 mm/memory.c:3965 handle_pte_fault mm/memory.c:5751 [inline] __handle_mm_fault+0x100a/0x2a10 mm/memory.c:5894 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6062 do_user_addr_fault+0x60d/0x13f0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7f7c5fa51629 RSP: 002b:00007ffed5bfa880 EFLAGS: 00010246 RAX: 0000000000008400 RBX: 0000000000000002 RCX: fffffffffffffcff RDX: e9a6d95871171feb RSI: 0000000020000300 RDI: 00005555663e63c8 RBP: 00007f7c5fd37a80 R08: 00007f7c5fa00000 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000001 R12: 00000000000c1476 R13: 00007ffed5bfa980 R14: 0000000000000032 R15: fffffffffffffffe Showing all locks held in the system: 1 lock held by khungtaskd/30: #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720 3 locks held by kworker/0:1H/40: #0: ffff8880b863ee98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:601 [inline] #0: ffff8880b863ee98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 kernel/sched/core.c:586 #1: ffffc90000b07d80 ((work_completion)(&(&hctx->run_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205 #2: ffffffff8e1c34d8 (rcu_node_0){-.-.}-{2:2}, at: rcu_preempt_deferred_qs_irqrestore+0x1b2/0xb80 kernel/rcu/tree_plugin.h:529 3 locks held by kworker/u8:8/3005: #0: ffff88801beeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204 #1: ffffc90009cafd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205 #2: ffffffff8e1c3b00 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x48/0x700 kernel/rcu/tree.c:4562 1 lock held by klogd/4664: 2 locks held by getty/4980: #0: ffff888033a920a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243 #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211 2 locks held by syz.4.247/7567: 2 locks held by syz.3.358/8420: #0: ffff8880323dab68 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ffff8880323dab68 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x13e/0x980 mm/memory.c:6228 #1: ffff888023887c40 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:870 [inline] #1: ffff888023887c40 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_fault+0x62e/0x2820 mm/filemap.c:3350 3 locks held by syz-executor/9078: #0: ffff88805e478d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 net/bluetooth/hci_core.c:481 #1: ffff88805e478078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x346/0x1110 net/bluetooth/hci_sync.c:5183