INFO: task syz.2.119:5004 blocked for more than 143 seconds.
      Not tainted 6.1.131-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.119       state:D
 stack:0     pid:5004  ppid:4304   flags:0x00000009
Call trace:
 __switch_to+0x308/0x598 arch/arm64/kernel/process.c:553
 context_switch kernel/sched/core.c:5243 [inline]
 __schedule+0xef4/0x1d44 kernel/sched/core.c:6560
 schedule+0xc4/0x170 kernel/sched/core.c:6636
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6695
 rwsem_down_read_slowpath+0x534/0x858 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read_nested+0xb0/0x30c kernel/locking/rwsem.c:1646
 xfs_ilock+0x1e0/0x4e4 fs/xfs/xfs_inode.c:206
 xfs_ilock_for_write_fault fs/xfs/xfs_file.c:244 [inline]
 __xfs_filemap_fault+0x43c/0xe0c fs/xfs/xfs_file.c:1363
 xfs_filemap_page_mkwrite+0x28/0x38 fs/xfs/xfs_file.c:1420
 do_page_mkwrite+0x144/0x37c mm/memory.c:3011
 wp_page_shared+0x148/0x550 mm/memory.c:3360
 do_wp_page+0xcbc/0xf44 mm/memory.c:3510
 handle_pte_fault mm/memory.c:5049 [inline]
 __handle_mm_fault mm/memory.c:5173 [inline]
 handle_mm_fault+0x19a4/0x3d38 mm/memory.c:5294
 faultin_page mm/gup.c:1026 [inline]
 __get_user_pages+0x3b0/0x968 mm/gup.c:1250
 faultin_vma_page_range+0x1d8/0x274 mm/gup.c:1670
 madvise_populate mm/madvise.c:928 [inline]
 madvise_vma_behavior mm/madvise.c:1037 [inline]
 madvise_walk_vmas mm/madvise.c:1259 [inline]
 do_madvise+0x1234/0x2f78 mm/madvise.c:1438
 __do_sys_madvise mm/madvise.c:1451 [inline]
 __se_sys_madvise mm/madvise.c:1449 [inline]
 __arm64_sys_madvise+0xa4/0xc0 mm/madvise.c:1449
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Showing all locks held in the system:
3 locks held by kworker/u4:1/11:
 #0: ffff0000c2e4d938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff80001d2e7c20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
 #2: ffff0000c94980e0 (&type->s_umount_key#54){++++}-{3:3}, at: trylock_super+0x28/0xf8 fs/super.c:415
1 lock held by rcu_tasks_kthre/12:
 #0: ffff800015cd79b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffff800015cd81b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
 #0: ffff800015cd77e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349
2 locks held by kworker/u4:3/55:
 #0: ffff0000c0029138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff80001d8e7c20 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
2 locks held by getty/4055:
 #0: ffff0000d6892098 (&tty->ldisc_sem
){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80001d9102f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198
2 locks held by kworker/u4:6/4358:
 #0: ffff0000c0029138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff8000216d7c20 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
3 locks held by kworker/1:10/4462:
 #0: ffff0000c0020938 ((wq_completion)events
){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff8000229a7c20 (fqdir_free_work){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
 #2: ffff800015cdccc0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x58/0x5c4 kernel/rcu/tree.c:4019
5 locks held by kworker/0:17/4595:
3 locks held by syz.2.119/5004:
 #0: ffff0000d4419348 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock+0x28/0x74 include/linux/mmap_lock.h:117
 #1: ffff0000c9498558 (sb_pagefaults#2){.+.+}-{0:0}, at: xfs_filemap_page_mkwrite+0x28/0x38 fs/xfs/xfs_file.c:1420
 #2: ffff0000e2b404d8 (mapping.invalidate_lock#3){++++}-{3:3}, at: xfs_ilock+0x1e0/0x4e4 fs/xfs/xfs_inode.c:206
5 locks held by syz.2.119/5027:
 #0: ffff0000c9498460 (
sb_writers#16){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3015 [inline]
sb_writers#16){.+.+}-{0:0}, at: vfs_fallocate+0x404/0x5b4 fs/open.c:322
 #1: ffff0000e2b40338 (&sb->s_type->i_mutex_key#24){+.+.}-{3:3}, at: xfs_ilock+0x148/0x4e4 fs/xfs/xfs_inode.c:195
 #2: ffff0000e2b404d8 (mapping.invalidate_lock#3){++++}-{3:3}, at: xfs_ilock+0x1b0/0x4e4 fs/xfs/xfs_inode.c:203
 #3: ffff0000c9498650 (sb_internal#3){.+.+}-{0:0}, at: xfs_bmapi_convert_delalloc+0x21c/0x10d4 fs/xfs/libxfs/xfs_bmap.c:4507
 #4: ffff0000e2b40118 (&xfs_nondir_ilock_class){++++}-{3:3}, at: mrupdate_nested fs/xfs/mrlock.h:36 [inline]
 #4: ffff0000e2b40118 (&xfs_nondir_ilock_class){++++}-{3:3}, at: xfs_ilock+0x218/0x4e4 fs/xfs/xfs_inode.c:211
3 locks held by kworker/u4:25/5740:
 #0: 
ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}
, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff800024b67c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
 #2: ffff80001817d750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x13c/0xaec net/core/net_namespace.c:594
1 lock held by syz.1.794/7424:
3 locks held by syz.4.796/7426:
2 locks held by syz.0.801/7438:

=============================================