INFO: task syz-executor.0:26567 blocked for more than 143 seconds.
      Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:27152 pid:26567 tgid:26563 ppid:5111   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0xf12/0x5c00 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0xe9/0x270 kernel/sched/core.c:6817
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6874
 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline]
 __down_write_common+0x948/0x1400 kernel/locking/rwsem.c:1306
 filemap_invalidate_lock include/linux/fs.h:847 [inline]
 blk_ioctl_zeroout block/ioctl.c:187 [inline]
 blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
 blkdev_ioctl+0x243/0x760 block/ioctl.c:630
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl fs/ioctl.c:857 [inline]
 __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f996767cda9
RSP: 002b:00007f99683580c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f99677ac050 RCX: 00007f996767cda9
RDX: 0000000020000080 RSI: 000000000000127f RDI: 0000000000000003
RBP: 00007f99676c947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f99677ac050 R15: 00007f99678cfa48
 </TASK>
INFO: task syz-executor.1:26570 blocked for more than 144 seconds.
      Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:29536 pid:26570 tgid:26568 ppid:5110   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0xf12/0x5c00 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0xe9/0x270 kernel/sched/core.c:6817
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6874
 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline]
 __down_write_common+0x948/0x1400 kernel/locking/rwsem.c:1306
 filemap_invalidate_lock include/linux/fs.h:847 [inline]
 blk_ioctl_zeroout block/ioctl.c:187 [inline]
 blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
 blkdev_ioctl+0x243/0x760 block/ioctl.c:630
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl fs/ioctl.c:857 [inline]
 __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fc70de7cda9
RSP: 002b:00007fc70ec2b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc70dfac050 RCX: 00007fc70de7cda9
RDX: 0000000020000080 RSI: 000000000000127f RDI: 0000000000000003
RBP: 00007fc70dec947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fc70dfac050 R15: 00007fc70e0cfa48
 </TASK>
INFO: task syz-executor.5:26586 blocked for more than 145 seconds.
      Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:28464 pid:26586 tgid:26584 ppid:11977  flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0xf12/0x5c00 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0xe9/0x270 kernel/sched/core.c:6817
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6874
 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline]
 __down_write_common+0x948/0x1400 kernel/locking/rwsem.c:1306
 filemap_invalidate_lock include/linux/fs.h:847 [inline]
 blk_ioctl_zeroout block/ioctl.c:187 [inline]
 blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
 blkdev_ioctl+0x243/0x760 block/ioctl.c:630
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl fs/ioctl.c:857 [inline]
 __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f926967cda9
RSP: 002b:00007f926a36b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f92697abf80 RCX: 00007f926967cda9
RDX: 0000000020000080 RSI: 000000000000127f RDI: 0000000000000003
RBP: 00007f92696c947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f92697abf80 R15: 00007f92698cfa48
 </TASK>
INFO: task syz-executor.2:26593 blocked for more than 146 seconds.
      Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:27216 pid:26593 tgid:26593 ppid:12422  flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0xf12/0x5c00 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0xe9/0x270 kernel/sched/core.c:6817
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6874
 rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1086
 __down_read_common kernel/locking/rwsem.c:1250 [inline]
 __down_read kernel/locking/rwsem.c:1263 [inline]
 down_read+0x120/0x330 kernel/locking/rwsem.c:1528
 filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
 page_cache_ra_unbounded+0x13a/0x5f0 mm/readahead.c:225
 do_page_cache_ra mm/readahead.c:299 [inline]
 page_cache_ra_order+0x7d7/0xaa0 mm/readahead.c:544
 do_sync_mmap_readahead mm/filemap.c:3153 [inline]
 filemap_fault+0x16a8/0x3570 mm/filemap.c:3245
 __do_fault+0x107/0x490 mm/memory.c:4376
 do_cow_fault mm/memory.c:4768 [inline]
 do_fault mm/memory.c:4870 [inline]
 do_pte_missing mm/memory.c:3745 [inline]
 handle_pte_fault mm/memory.c:5144 [inline]
 __handle_mm_fault+0x1090/0x4900 mm/memory.c:5285
 handle_mm_fault+0x47a/0xa10 mm/memory.c:5450
 do_user_addr_fault+0x3f8/0x1030 arch/x86/mm/fault.c:1415
 handle_page_fault arch/x86/mm/fault.c:1507 [inline]
 exc_page_fault+0x5d/0xc0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fe46f42b493
RSP: 002b:00007fe46f6cfaf0 EFLAGS: 00010246
RAX: 0000000020000380 RBX: 0000000000000008 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005555574c0360
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 000000008a8e0cb1 R11: 0000000000000246 R12: 00007fe46f001a80
R13: fffffffffffffffe R14: 00007fe46f000000 R15: 00007fe46f001a88
 </TASK>
INFO: task syz-executor.2:26595 blocked for more than 147 seconds.
      Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:26176 pid:26595 tgid:26593 ppid:12422  flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0xf12/0x5c00 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0xe9/0x270 kernel/sched/core.c:6817
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6874
 rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1086
 __down_read_common kernel/locking/rwsem.c:1250 [inline]
 __down_read kernel/locking/rwsem.c:1263 [inline]
 down_read+0x120/0x330 kernel/locking/rwsem.c:1528
 filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
 page_cache_ra_unbounded+0x13a/0x5f0 mm/readahead.c:225
 do_page_cache_ra mm/readahead.c:299 [inline]
 page_cache_ra_order+0x7d7/0xaa0 mm/readahead.c:544
 do_sync_mmap_readahead mm/filemap.c:3153 [inline]
 filemap_fault+0x16a8/0x3570 mm/filemap.c:3245
 __do_fault+0x107/0x490 mm/memory.c:4376
 do_cow_fault mm/memory.c:4768 [inline]
 do_fault mm/memory.c:4870 [inline]
 do_pte_missing mm/memory.c:3745 [inline]
 handle_pte_fault mm/memory.c:5144 [inline]
 __handle_mm_fault+0x1090/0x4900 mm/memory.c:5285
 handle_mm_fault+0x47a/0xa10 mm/memory.c:5450
 do_user_addr_fault+0x3f8/0x1030 arch/x86/mm/fault.c:1415
 handle_page_fault arch/x86/mm/fault.c:1507 [inline]
 exc_page_fault+0x5d/0xc0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0010:__put_user_4+0x11/0x20 arch/x86/lib/putuser.S:88
Code: 01 ca c3 66 0f 1f 44 00 00 f3 0f 1e fa 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 0f 1f 80 00 00 00 00 f3 0f 1e fa 0f 01 cb
RSP: 0018:ffffc90019c97ce0 EFLAGS: 00050206
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000020004eb8
RDX: 0000000000040000 RSI: ffffffff8871007e RDI: ffffffff8b2fd380
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff1e75d62
R10: ffffffff8f3aeb17 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000020004e80 R14: 0000000000000000 R15: 0000000000000001
 __sys_sendmmsg+0x1d9/0x450 net/socket.c:2729
 __do_sys_sendmmsg net/socket.c:2753 [inline]
 __se_sys_sendmmsg net/socket.c:2750 [inline]
 __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2750
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fe46f47cda9
RSP: 002b:00007fe47027c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007fe46f5abf80 RCX: 00007fe46f47cda9
RDX: 0000000000000001 RSI: 0000000020004e80 RDI: 0000000000000003
RBP: 00007fe46f4c947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fe46f5abf80 R15: 00007fe46f6cfa48
 </TASK>
INFO: task syz-executor.4:26598 blocked for more than 150 seconds.
      Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28464 pid:26598 tgid:26597 ppid:5115   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5400 [inline]
 __schedule+0xf12/0x5c00 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0xe9/0x270 kernel/sched/core.c:6817
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6874
 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline]
 __down_write_common+0x948/0x1400 kernel/locking/rwsem.c:1306
 filemap_invalidate_lock include/linux/fs.h:847 [inline]
 blk_ioctl_zeroout block/ioctl.c:187 [inline]
 blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
 blkdev_ioctl+0x243/0x760 block/ioctl.c:630
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl fs/ioctl.c:857 [inline]
 __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fbc5287cda9
RSP: 002b:00007fbc535ce0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbc529abf80 RCX: 00007fbc5287cda9
RDX: 0000000020000080 RSI: 000000000000127f RDI: 0000000000000003
RBP: 00007fbc528c947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fbc529abf80 R15: 00007fbc52acfa48
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/29:
 #0: ffffffff8d1acba0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #0: ffffffff8d1acba0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #0: ffffffff8d1acba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 kernel/locking/lockdep.c:6614
3 locks held by kworker/1:1H/97:
 #0: ffff8880b993ccd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:559
 #1: ffff8880b9928a08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2d9/0x900 kernel/sched/psi.c:988
 #2: ffffffff8d1acba0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #2: ffffffff8d1acba0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #2: ffffffff8d1acba0 (rcu_read_lock){....}-{1:2}, at: blk_mq_run_work_fn+0x1c7/0x380 block/blk-mq.c:2456
2 locks held by getty/4817:
 #0: ffff88802d8120a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc6/0x1490 drivers/tty/n_tty.c:2201
3 locks held by kworker/u5:3/5096:
 #0: ffff88808b777538 ((wq_completion)hci12){+.+.}-{0:0}, at: process_one_work+0x789/0x15d0 kernel/workqueue.c:2608
 #1: ffffc9000473fd80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x7eb/0x15d0 kernel/workqueue.c:2609
 #2: ffff8880827f5060 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x170/0x410 net/bluetooth/hci_sync.c:305
3 locks held by kworker/u5:8/5107:
 #0: ffff888081ba9538 ((wq_completion)hci10){+.+.}-{0:0}, at: process_one_work+0x789/0x15d0 kernel/workqueue.c:2608
 #1: ffffc9000481fd80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x7eb/0x15d0 kernel/workqueue.c:2609
 #2: ffff8880715f9060 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x170/0x410 net/bluetooth/hci_sync.c:305
2 locks held by kworker/0:4/5158:
4 locks held by kworker/u4:3/29668:
3 locks held by kworker/u4:0/13227:
1 lock held by syz-executor.3/26551:
1 lock held by syz-executor.0/26567:
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:847 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blk_ioctl_zeroout block/ioctl.c:187 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
1 lock held by syz-executor.1/26570:
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:847 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blk_ioctl_zeroout block/ioctl.c:187 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
1 lock held by syz-executor.5/26586:
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:847 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blk_ioctl_zeroout block/ioctl.c:187 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
1 lock held by syz-executor.2/26593:
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: page_cache_ra_unbounded+0x13a/0x5f0 mm/readahead.c:225
1 lock held by syz-executor.2/26595:
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: page_cache_ra_unbounded+0x13a/0x5f0 mm/readahead.c:225
1 lock held by syz-executor.4/26598:
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:847 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blk_ioctl_zeroout block/ioctl.c:187 [inline]
 #0: ffff88801b5494c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x1109/0x1cc0 block/ioctl.c:516
5 locks held by kworker/u5:0/26607:
 #0: ffff888072c0a138 ((wq_completion)hci11){+.+.}-{0:0}, at: process_one_work+0x789/0x15d0 kernel/workqueue.c:2608
 #1: ffffc90019d67d80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x7eb/0x15d0 kernel/workqueue.c:2609
 #2: ffff88806f1c5060 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x170/0x410 net/bluetooth/hci_sync.c:305