INFO: task udevd:8643 blocked for more than 143 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D stack:23480 pid:8643  tgid:8643  ppid:5191   task_flags:0x40054c flags:0x00080003
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 io_schedule+0x7f/0xd0 kernel/sched/core.c:7791
 folio_wait_bit_common+0x6d8/0xbc0 mm/filemap.c:1323
 __folio_lock mm/filemap.c:1699 [inline]
 folio_lock include/linux/pagemap.h:1170 [inline]
 __filemap_get_folio_mpol+0x13e/0xb00 mm/filemap.c:1954
 __filemap_get_folio include/linux/pagemap.h:774 [inline]
 truncate_inode_pages_range+0x48b/0xe30 mm/truncate.c:413
 kill_bdev block/bdev.c:91 [inline]
 blkdev_flush_mapping+0x109/0x2f0 block/bdev.c:729
 blkdev_put_whole block/bdev.c:736 [inline]
 bdev_release+0x417/0x650 block/bdev.c:1161
 blkdev_release+0x15/0x20 block/fops.c:706
 __fput+0x44f/0xa70 fs/file_table.c:468
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x69b/0x2310 kernel/exit.c:971
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 get_signal+0x1284/0x1330 kernel/signal.c:3034
 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3f66ea7407
RSP: 002b:00007fffecffeea0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: fffffffffffffffc RBX: 00007f3f67600880 RCX: 00007f3f66ea7407
RDX: 0000000000000200 RSI: 00007f3f675ff000 RDI: 0000000000000009
RBP: 000055f1ee7ef050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 000055f1ee803c78 R15: 00007f3f6772739c
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/32:
 #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5582:
 #0: ffff88814d3b60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:12/24965:
 #0: ffff88813fe55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88813fe55948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc9000d0e7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc9000d0e7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffffffff8e560c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #2: ffffffff8e560c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 kernel/rcu/tree_exp.h:956
7 locks held by kworker/u8:3/7944:
6 locks held by kworker/u8:5/7947:
7 locks held by kworker/u8:9/7951:
 #0: ffff8880b873a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639
 #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
 #2: ffff888065ad2820 (k-slock-AF_INET){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #2: ffff888065ad2820 (k-slock-AF_INET){+.-.}-{3:3}, at: release_sock+0x2f/0x1f0 net/core/sock.c:3793
 #3: ffffffff9a2a6590 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x83/0x580 lib/debugobjects.c:818
 #4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rds_tcp_write_space+0x1a0/0x5b0 net/rds/tcp_send.c:201
 #5: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #5: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #5: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: __queue_work+0x1a1/0xf90 kernel/workqueue.c:2255
 #6: ffff88813fec0018 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x7ea/0xf90 kernel/workqueue.c:-1
1 lock held by udevd/8643:
 #0: ffff8880256ab358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650 block/bdev.c:1145
2 locks held by syz-executor/10559:
 #0: ffff88805f090ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:500 [inline]
 #0: ffff88805f090ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0 net/bluetooth/hci_core.c:2716
 #1: ffff88805f0900c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 net/bluetooth/hci_sync.c:5346
4 locks held by syz-executor/10895:
 #0: ffff8880ac4e0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:500 [inline]
 #0: ffff8880ac4e0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0 net/bluetooth/hci_core.c:2716
 #1: ffff8880ac4e00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 net/bluetooth/hci_sync.c:5346
 #2: ffffffff8fb38f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2151 [inline]
 #2: ffffffff8fb38f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 net/bluetooth/hci_conn.c:2644
 #3: ffff88805a8b9af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0 net/bluetooth/l2cap_core.c:1755
3 locks held by syz-executor/11217:
 #0: ffff888095b50ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:500 [inline]
 #0: ffff888095b50ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0 net/bluetooth/hci_core.c:2716
 #1: ffff888095b500c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 net/bluetooth/hci_sync.c:5346
 #2: ffffffff8fb38f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2151 [inline]
 #2: ffffffff8fb38f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 net/bluetooth/hci_conn.c:2644
3 locks held by syz-executor/11545:
 #0: ffff8880270f4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:500 [inline]
 #0: ffff8880270f4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0 net/bluetooth/hci_core.c:2716
 #1: ffff8880270f40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 net/bluetooth/hci_sync.c:5346
 #2: ffffffff8fb38f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2151 [inline]
 #2: ffffffff8fb38f68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 net/bluetooth/hci_conn.c:2644

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf90/0xfe0 kernel/hung_task.c:515
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7944 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: krds_cp_wq#21/0 rds_connect_worker
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:400
Code: e8 6e c7 92 fc 44 89 f9 d3 e3 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 8f 13 fb fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f e9 4a 03 6a 06 cc 44 89 f9 80 e1 07
RSP: 0018:ffffc90000a07698 EFLAGS: 00000006
RAX: 1ffffffff3467c05 RBX: 00000000000003f9 RCX: 0000000000000000
RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
RBP: ffffc90000a07830 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: ffffffff85318f90 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff9a33e2a0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881257ed000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005616ed72dee8 CR3: 0000000085c24000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 serial_port_in include/linux/serial_core.h:806 [inline]
 serial8250_console_write+0x540/0x1ba0 drivers/tty/serial/8250/8250_port.c:3306
 console_emit_next_record kernel/printk/printk.c:3129 [inline]
 console_flush_one_record kernel/printk/printk.c:3215 [inline]
 console_flush_all+0x718/0xb20 kernel/printk/printk.c:3289
 __console_flush_and_unlock kernel/printk/printk.c:3319 [inline]
 console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3359
 vprintk_emit+0x485/0x560 kernel/printk/printk.c:2426
 _printk+0xdd/0x130 kernel/printk/printk.c:2451
 gred_dequeue+0x4e6/0x6f0 net/sched/sch_gred.c:273
 dequeue_skb net/sched/sch_generic.c:297 [inline]
 qdisc_restart net/sched/sch_generic.c:402 [inline]
 __qdisc_run+0x242/0x1540 net/sched/sch_generic.c:420
 qdisc_run include/net/pkt_sched.h:120 [inline]
 __dev_xmit_skb net/core/dev.c:4264 [inline]
 __dev_queue_xmit+0x1bbe/0x3850 net/core/dev.c:4797
 dev_queue_xmit include/linux/netdevice.h:3384 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0xb52/0xff0 net/ipv4/ip_output.c:237
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
 tcp_v4_send_synack+0x71c/0xb40 net/ipv4/tcp_ipv4.c:1218
 tcp_conn_request+0x24ce/0x3650 net/ipv4/tcp_input.c:7789
 tcp_rcv_state_process+0x1ab4/0x46c0 net/ipv4/tcp_input.c:7197
 tcp_v4_do_rcv+0x6bb/0x1430 net/ipv4/tcp_ipv4.c:1904
 tcp_v4_rcv+0x27ed/0x3780 net/ipv4/tcp_ipv4.c:2314
 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207
 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241
 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:6151 [inline]
 __netif_receive_skb net/core/dev.c:6264 [inline]
 process_backlog+0xaa3/0x1950 net/core/dev.c:6616
 __napi_poll+0xae/0x340 net/core/dev.c:7680
 napi_poll net/core/dev.c:7743 [inline]
 net_rx_action+0x627/0xf70 net/core/dev.c:7895
 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x1e6c/0x3850 net/core/dev.c:4858
 dev_queue_xmit include/linux/netdevice.h:3384 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0xb52/0xff0 net/ipv4/ip_output.c:237
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
 ip_local_out net/ipv4/ip_output.c:131 [inline]
 __ip_queue_xmit+0x1198/0x1be0 net/ipv4/ip_output.c:534
 __tcp_transmit_skb+0x272b/0x3d90 net/ipv4/tcp_output.c:1666
 tcp_transmit_skb net/ipv4/tcp_output.c:1684 [inline]
 tcp_connect+0x1fba/0x4ff0 net/ipv4/tcp_output.c:4346
 tcp_v4_connect+0x11ea/0x1a90 net/ipv4/tcp_ipv4.c:347
 __inet_stream_connect+0x25a/0xdd0 net/ipv4/af_inet.c:679
 inet_stream_connect+0x66/0xa0 net/ipv4/af_inet.c:750
 kernel_connect+0x141/0x1c0 net/socket.c:3634
 rds_tcp_conn_path_connect+0x54f/0x6c0 net/rds/tcp_connect.c:176
 rds_connect_worker+0x1d8/0x290 net/rds/threads.c:176
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog