INFO: task syz.3.17:3528 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.17        state:D stack:13576 pid:3528  tgid:3527  ppid:3110   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x4c4/0xac0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x25/0x110 kernel/sched/core.c:6848
 bit_wait+0xc/0x60 kernel/sched/wait_bit.c:237
 __wait_on_bit+0x46/0x150 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0x92/0xb0 kernel/sched/wait_bit.c:64
 wait_on_bit include/linux/wait_bit.h:77 [inline]
 netfs_unbuffered_write_iter_locked+0x31e/0x340 fs/netfs/direct_write.c:105
 netfs_unbuffered_write_iter+0x113/0x1e0 fs/netfs/direct_write.c:193
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0x2b0/0x4b0 fs/read_write.c:679
 ksys_write+0x6f/0xf0 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x6d/0x170 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9d2e18d169
RSP: 002b:00007f9d2ef41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f9d2e3a5fa0 RCX: 00007f9d2e18d169
RDX: 0000000000007fec RSI: 0000400000000540 RDI: 0000000000000007
RBP: 00007f9d2e20e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f9d2e3a5fa0 R15: 00007ffeae22a848
 </TASK>

Showing all locks held in the system:
2 locks held by kworker/u8:0/11:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc90000063e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
1 lock held by khungtaskd/30:
 #0: ffffffff835e34c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff835e34c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff835e34c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6744
2 locks held by kworker/u8:2/38:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc90000147e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
2 locks held by kworker/u8:3/52:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc900001cfe58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
2 locks held by kworker/u8:4/62:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc900001e7e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
2 locks held by kworker/u8:6/1456:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc90002dabe58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
2 locks held by getty/1631:
 #0: ffff888102b398a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243
 #1: ffffc900001fb2f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x54b/0x6a0 drivers/tty/n_tty.c:2211
3 locks held by syz.3.17/3528:
 #0: ffff888104bf4878 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff88810570e410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cdf0148 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
3 locks held by syz.4.19/3949:
 #0: ffff888105f746f8 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff88810c7f6410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cfb8148 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
3 locks held by syz.5.21/4370:
 #0: ffff888103fc5ef8 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff8881037bf410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cfb8730 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
3 locks held by syz.6.23/4791:
 #0: ffff8881740a72f8 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff88810b2e7410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cfb8d18 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
3 locks held by syz.7.25/5212:
 #0: ffff888102bad5f8 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff88816bc4c410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cdf0730 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
2 locks held by kworker/u8:8/5214:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc900044b3e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
3 locks held by syz.8.27/5635:
 #0: ffff88810a3aee78 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff888104f13410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cdf0d18 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
2 locks held by kworker/u8:9/5636:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc90004d53e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
3 locks held by syz.9.29/6057:
 #0: ffff888105f74278 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff88810cf22410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cdf1300 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
2 locks held by kworker/u8:10/6058:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc9000553be58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
3 locks held by syz.0.31/6479:
 #0: ffff888100efa578 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff88810cf24410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cfb9300 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
2 locks held by kworker/u8:11/6481:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc90005d53e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
3 locks held by syz.1.33/6902:
 #0: ffff88810a3aeff8 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff888111b7c410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cfb98e8 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188
2 locks held by kworker/u8:12/7260:
 #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x43e/0x6b0 kernel/workqueue.c:3204
 #1: ffffc90006c8be58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205
3 locks held by syz.2.35/7324:
 #0: ffff8881747d4878 (&f->f_pos_lock){....}-{3:3}, at: fdget_pos+0xb2/0x1b0 fs/file.c:1191
 #1: ffff8881746fc410 (sb_writers#14){....}-{0:0}, at: ksys_write+0x6f/0xf0 fs/read_write.c:731
 #2: ffff88817cdf18e8 (&sb->s_type->i_mutex_key#20){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:120
 nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
 watchdog+0x63b/0x670 kernel/hung_task.c:397
 kthread+0xd6/0x100 kernel/kthread.c:389
 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 7358 Comm: modprobe Not tainted 6.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:folio_put include/linux/mm.h:1487 [inline]
RIP: 0010:filemap_map_pages+0x21b/0x6b0 mm/filemap.c:3686
Code: e3 08 48 83 44 24 28 01 f0 41 ff 45 34 09 5c 24 58 4c 89 ef e8 a6 cf ff ff 41 8b 45 34 85 c0 0f 84 73 01 00 00 f0 41 ff 4d 34 <0f> 84 4d 02 00 00 48 8b 54 24 20 48 8d 7c 24 68 48 8b 74 24 18 e8
RSP: 0000:ffffc90006da3d00 EFLAGS: 00000206
RAX: 0000000000000018 RBX: 0000000000000000 RCX: ffffc90006da3c7c
RDX: 0000000000000005 RSI: ffffffff83245c7f RDI: ffffea0008df3240
RBP: 0000000000000029 R08: 0000000000000001 R09: ffff888174114e58
R10: 0000000000000001 R11: ffff88817417e90c R12: ffffc90006da3e10
R13: ffffea0008df3240 R14: 0000000000000029 R15: 0000000000000000
FS:  00007fca346eb500(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fca347aa9d3 CR3: 000000010d7d4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 do_fault_around mm/memory.c:5280 [inline]
 do_read_fault mm/memory.c:5313 [inline]
 do_fault mm/memory.c:5456 [inline]
 do_pte_missing mm/memory.c:3979 [inline]
 handle_pte_fault mm/memory.c:5801 [inline]
 __handle_mm_fault+0x1264/0x1820 mm/memory.c:5944
 handle_mm_fault+0x1db/0x360 mm/memory.c:6112
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x256/0x6e0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fca347aa9d3
Code: Unable to access opcode bytes at 0x7fca347aa9a9.
RSP: 002b:00007ffc1e6ef9d8 EFLAGS: 00010202
RAX: 0000008c00000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 00007fca3487fd22 RSI: 00007fca34a166ed RDI: 0000000000000001
RBP: 00007ffc1e6efca0 R08: 000000000000ffff R09: 000000000000000d
R10: 00007fca34779b74 R11: 0000000000000206 R12: 0000000000000000
R13: 0000008c9cc2cbfc R14: 0000000000000000 R15: 00007fca34a242a0
 </TASK>