INFO: task syz-executor.4:30593 can't die for more than 143 seconds.
task:syz-executor.4  state:D stack:24920 pid:30593 ppid:  3650 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4986 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881
 reclaim_throttle+0x1ce/0x5e0 mm/vmscan.c:1072
 consider_reclaim_throttle mm/vmscan.c:3399 [inline]
 shrink_zones mm/vmscan.c:3486 [inline]
 do_try_to_free_pages+0x7cd/0x1620 mm/vmscan.c:3541
 try_to_free_mem_cgroup_pages+0x2cd/0x840 mm/vmscan.c:3855
 try_charge_memcg+0x298/0x10f0 mm/memcontrol.c:2598
 try_charge mm/memcontrol.c:2723 [inline]
 charge_memcg+0x2a8/0x400 mm/memcontrol.c:6695
 __mem_cgroup_charge+0x27/0x90 mm/memcontrol.c:6716
 mem_cgroup_charge include/linux/memcontrol.h:666 [inline]
 __filemap_add_folio+0x5a3/0x11b0 mm/filemap.c:869
 filemap_add_folio+0xab/0x1d0 mm/filemap.c:962
 page_cache_ra_unbounded+0x3d3/0x740 mm/readahead.c:221
 do_page_cache_ra+0xf9/0x140 mm/readahead.c:268
 do_sync_mmap_readahead mm/filemap.c:3035 [inline]
 filemap_fault+0x1603/0x22b0 mm/filemap.c:3127
 __do_fault+0x10d/0x790 mm/memory.c:3844
 do_shared_fault mm/memory.c:4214 [inline]
 do_fault mm/memory.c:4292 [inline]
 handle_pte_fault mm/memory.c:4546 [inline]
 __handle_mm_fault+0x242b/0x4160 mm/memory.c:4681
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4779
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1484 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0010:__put_user_nocheck_8+0x3/0x21
Code: 00 00 48 39 d9 73 34 0f 01 cb 89 01 31 c9 0f 01 ca c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f 00 00 48 39 d9 73 14 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 0f 1f 44 00 00 0f 01 ca b9 f2 ff ff ff
RSP: 0018:ffffc90003e97e68 EFLAGS: 00050293
RAX: 0000000020000000 RBX: 00007fffffffeff9 RCX: 0000000020000000
RDX: 0000000000040000 RSI: ffffffff83d6cefd RDI: 0000000000000000
RBP: 1ffff920007d2fce R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000001263 R12: 0000000020000000
R13: 0000000020000000 R14: ffff888145aeaf00 R15: 00000000480e001f
 put_ulong block/ioctl.c:190 [inline]
 blkdev_ioctl+0x538/0x800 block/ioctl.c:565
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f8d94cc8e99
RSP: 002b:00007f8d9363e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8d94ddbf60 RCX: 00007f8d94cc8e99
RDX: 0000000020000000 RSI: 0000000000001263 RDI: 0000000000000003
RBP: 00007f8d94d23031 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff2abcb83f R14: 00007f8d9363e300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
2 locks held by getty/3287:
 #0: ffff88814a15d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc90002ba32e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077
3 locks held by kworker/u4:19/30477:
 #0: ffff8880b9d39c98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:489
 #1: ffff8880b9d27988 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x176/0x4e0 kernel/sched/psi.c:882
 #2: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:410 [inline]
 #2: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xf3/0xfa0 net/batman-adv/network-coding.c:723
1 lock held by syz-executor.4/30593:
 #0: ffff888145aeb888 (mapping.invalidate_lock#2){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:832 [inline]
 #0: ffff888145aeb888 (mapping.invalidate_lock#2){.+.+}-{3:3}, at: page_cache_ra_unbounded+0x1b7/0x740 mm/readahead.c:194

=============================================

----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	48 39 d9             	cmp    %rbx,%rcx
   5:	73 34                	jae    0x3b
   7:	0f 01 cb             	stac
   a:	89 01                	mov    %eax,(%rcx)
   c:	31 c9                	xor    %ecx,%ecx
   e:	0f 01 ca             	clac
  11:	c3                   	retq
  12:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  18:	48 bb f9 ef ff ff ff 	movabs $0x7fffffffeff9,%rbx
  1f:	7f 00 00
  22:	48 39 d9             	cmp    %rbx,%rcx
  25:	73 14                	jae    0x3b
  27:	0f 01 cb             	stac
* 2a:	48 89 01             	mov    %rax,(%rcx) <-- trapping instruction
  2d:	31 c9                	xor    %ecx,%ecx
  2f:	0f 01 ca             	clac
  32:	c3                   	retq
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	0f 01 ca             	clac
  3b:	b9 f2 ff ff ff       	mov    $0xfffffff2,%ecx