INFO: task syz.0.17:4463 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:29064 pid: 4463 ppid:  4355 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 rwsem_down_write_slowpath+0xc46/0x11f0 kernel/locking/rwsem.c:1165
 inode_lock include/linux/fs.h:787 [inline]
 ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
 vfs_fallocate+0x587/0x6f0 fs/open.c:308
 ksys_fallocate fs/open.c:331 [inline]
 __do_sys_fallocate fs/open.c:339 [inline]
 __se_sys_fallocate fs/open.c:337 [inline]
 __x64_sys_fallocate+0xbd/0x100 fs/open.c:337
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fd5de907749
RSP: 002b:00007fd5ddf55038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fd5deb5e090 RCX: 00007fd5de907749
RDX: 000000000000000a RSI: 0000000000000001 RDI: 0000000000000005
RBP: 00007fd5de98bf91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fd5deb5e128 R14: 00007fd5deb5e090 R15: 00007fffbcc03e28
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8c11c720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3944:
 #0: ffff88802c316098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30 drivers/tty/n_tty.c:2158
3 locks held by kworker/u4:6/4435:
3 locks held by syz.0.17/4457:
2 locks held by syz.0.17/4463:
 #0: ffff88807bfe4460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff88807bfe4460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff888068eb83a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff888068eb83a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
3 locks held by syz.1.18/4563:
2 locks held by syz.1.18/4564:
 #0: ffff888077e4e460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff888077e4e460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff888068c76380 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff888068c76380 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
3 locks held by syz.2.19/4591:
2 locks held by syz.2.19/4592:
 #0: ffff88807bae8460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff88807bae8460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff888068d0dc20 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff888068d0dc20 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
3 locks held by syz.3.20/4613:
2 locks held by syz.3.20/4614:
 #0: ffff8880794b8460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff8880794b8460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff888068ebf9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff888068ebf9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
4 locks held by syz.4.21/4644:
2 locks held by syz.4.21/4645:
 #0: ffff88805ae92460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff88805ae92460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff888068c72fe0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff888068c72fe0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
3 locks held by syz.5.22/4679:
2 locks held by syz.5.22/4680:
 #0: ffff88807a638460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff88807a638460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff8880727e83a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff8880727e83a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
4 locks held by syz.6.23/4710:
2 locks held by syz.6.23/4711:
 #0: ffff88807b4f6460 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3043 [inline]
 #0: ffff88807b4f6460 (sb_writers#13){.+.+}-{0:0}, at: vfs_fallocate+0x4f4/0x6f0 fs/open.c:307
 #1: ffff8880727ef9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff8880727ef9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_fallocate+0x1a9/0xcc0 fs/ntfs3/file.c:558
1 lock held by udevd/4739:
 #0: ffff888020e97118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 block/bdev.c:820
2 locks held by syz.7.24/4741:
 #0: ffff888020e97118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 block/bdev.c:915
 #1: ffff888021103468 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_release+0x4d/0x1f0 drivers/block/loop.c:2071
2 locks held by dhcpcd/4742:
 #0: ffff888078226120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1731 [inline]
 #0: ffff888078226120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xce0 net/packet/af_packet.c:3212
 #1: ffffffff8c1211a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
 #1: ffffffff8c1211a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x347/0x6b0 kernel/rcu/tree_exp.h:845
2 locks held by dhcpcd/4743:
 #0: ffff8880592fc120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1731 [inline]
 #0: ffff8880592fc120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xce0 net/packet/af_packet.c:3212
 #1: ffffffff8c1211a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline]
 #1: ffffffff8c1211a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x320/0x6b0 kernel/rcu/tree_exp.h:845
1 lock held by dhcpcd/4744:
 #0: ffff88807570a120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1731 [inline]
 #0: ffff88807570a120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xce0 net/packet/af_packet.c:3212

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x397/0x3d0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xe0f/0xe50 kernel/hung_task.c:369
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4739 Comm: udevd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:psi_task_switch+0x293/0x810 kernel/sched/psi.c:851
Code: 33 52 61 00 48 ba 00 00 00 00 00 fc ff df 49 8b 04 24 4e 8d 74 30 3c 4c 89 f0 48 c1 e8 03 0f b6 04 10 84 c0 75 29 41 83 3e 00 <0f> 84 92 fe ff ff eb 41 48 c7 c7 80 9c fe 8b 48 8b 74 24 10 e8 d4
RSP: 0018:ffffc90003a3f540 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff88805b270000 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000001224 RDI: ffff88805b270110
RBP: 000000000000000c R08: 0000000000000004 R09: ffffffff8eebf058
R10: ffffffff8eebf050 R11: ffffffff8eebf043 R12: ffffffff8bbc0828
R13: ffff88805b270548 R14: ffffe8ffffda2c3c R15: 000000000000000c
FS:  00007fcc2f83a880(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcc2eee3000 CR3: 000000005cc58000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 psi_sched_switch kernel/sched/stats.h:148 [inline]
 __schedule+0x1cd5/0x4390 kernel/sched/core.c:6390
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 io_schedule+0x7c/0xd0 kernel/sched/core.c:8503
 wait_on_page_bit_common+0x90d/0xe00 mm/filemap.c:1356
 put_and_wait_on_page_locked mm/filemap.c:1447 [inline]
 filemap_update_page mm/filemap.c:2444 [inline]
 filemap_get_pages mm/filemap.c:2574 [inline]
 filemap_read+0xc82/0x2480 mm/filemap.c:2634
 blkdev_read_iter+0x11d/0x150 block/fops.c:563
 call_read_iter include/linux/fs.h:2167 [inline]
 new_sync_read fs/read_write.c:404 [inline]
 vfs_read+0x725/0xcf0 fs/read_write.c:485
 ksys_read+0x14d/0x250 fs/read_write.c:623
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fcc2f928407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007fff1d009ad0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007fcc2f83a880 RCX: 00007fcc2f928407
RDX: 0000000000000200 RSI: 00007fcc2eee2000 RDI: 0000000000000009
RBP: 0000562af6d81050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 000000000018e200 R14: 0000562af6d8ca28 R15: 00007fcc3007e39c
 </TASK>