INFO: task syz.2.1270:10168 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.1270      state:D stack:25712 pid:10168 ppid:  4198 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 rwsem_down_read_slowpath+0x548/0x9d0 kernel/locking/rwsem.c:1055
 __down_read_common kernel/locking/rwsem.c:1239 [inline]
 __down_read kernel/locking/rwsem.c:1252 [inline]
 down_read+0x96/0x2e0 kernel/locking/rwsem.c:1500
 iterate_supers+0xa4/0x1d0 fs/super.c:716
 quota_sync_all fs/quota/quota.c:68 [inline]
 __do_sys_quotactl fs/quota/quota.c:936 [inline]
 __se_sys_quotactl+0x33b/0x6f0 fs/quota/quota.c:915
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f8933deff79
RSP: 002b:00007f893204b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
RAX: ffffffffffffffda RBX: 00007f893406afa0 RCX: 00007f8933deff79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000102
RBP: 00007f8933e866e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f893406b038 R14: 00007f893406afa0 R15: 00007ffdaebca508
 </TASK>
INFO: task syz.3.1277:10198 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.1277      state:D stack:25616 pid:10198 ppid:  7438 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 rwsem_down_read_slowpath+0x548/0x9d0 kernel/locking/rwsem.c:1055
 __down_read_common kernel/locking/rwsem.c:1239 [inline]
 __down_read kernel/locking/rwsem.c:1252 [inline]
 down_read+0x96/0x2e0 kernel/locking/rwsem.c:1500
 iterate_supers+0xa4/0x1d0 fs/super.c:716
 quota_sync_all fs/quota/quota.c:68 [inline]
 __do_sys_quotactl fs/quota/quota.c:936 [inline]
 __se_sys_quotactl+0x33b/0x6f0 fs/quota/quota.c:915
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbf18f13f79
RSP: 002b:00007fbf1716f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
RAX: ffffffffffffffda RBX: 00007fbf1918efa0 RCX: 00007fbf18f13f79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000101
RBP: 00007fbf18faa6e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbf1918f038 R14: 00007fbf1918efa0 R15: 00007ffcb148b398
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3948:
 #0: ffff88802ca16098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc900025ce2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 drivers/tty/n_tty.c:2158
1 lock held by syz-executor/4445:
 #0: ffff88807a8220e0 (&type->s_umount_key#51){++++}-{3:3}, at: deactivate_super+0xa0/0xd0 fs/super.c:365
2 locks held by kworker/u4:8/4461:
 #0: ffff8880b903a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
 #1: ffff8880b9027888 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x4fe/0x7d0 kernel/sched/psi.c:891
1 lock held by syz.2.1270/10168:
 #0: ffff88807a8220e0 (&type->s_umount_key#51){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:716
1 lock held by syz.3.1277/10198:
 #0: ffff88807a8220e0 (&type->s_umount_key#51){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:716
2 locks held by syz.8.1770/12497:
1 lock held by sed/12572:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x3a2/0x3d0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xe0f/0xe50 kernel/hung_task.c:369
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 12497 Comm: syz.8.1770 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:205
Code: 84 00 00 00 00 00 53 48 89 fb e8 17 00 00 00 48 8b 3d 90 bc 10 0c 48 89 de 5b e9 17 42 44 00 00 00 cc cc 00 00 cc 48 8b 04 24 <65> 48 8b 0d e4 4e 89 7e 65 8b 15 e5 4e 89 7e 81 e2 00 01 ff 00 74
RSP: 0018:ffffc9000393f528 EFLAGS: 00000297
RAX: ffffffff81b09fab RBX: ffff88803cd0b010 RCX: ffff88807bac0000
RDX: 0000000000000000 RSI: 00000000000001fe RDI: 0000000000000094
RBP: 0000000000000094 R08: ffffea00015dc033 R09: 1ffffd40002bb806
R10: dffffc0000000000 R11: fffff940002bb807 R12: dffffc0000000000
R13: 00000000000001fe R14: 00000000000001fe R15: ffff88803cd0b00c
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f47da90b6b0 CR3: 00000000734ab000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __tlb_remove_page_size+0x19b/0x3f0 mm/mmu_gather.c:87
 __tlb_remove_page include/asm-generic/tlb.h:444 [inline]
 zap_pte_range mm/memory.c:1387 [inline]
 zap_pmd_range mm/memory.c:1505 [inline]
 zap_pud_range mm/memory.c:1534 [inline]
 zap_p4d_range mm/memory.c:1555 [inline]
 unmap_page_range+0x1093/0x2500 mm/memory.c:1576
 unmap_vmas+0x131/0x250 mm/memory.c:1653
 exit_mmap+0x3b9/0x640 mm/mmap.c:3216
 __mmput+0x115/0x3b0 kernel/fork.c:1127
 exit_mm+0x588/0x6e0 kernel/exit.c:550
 do_exit+0x5a9/0x20c0 kernel/exit.c:870
 do_group_exit+0x12e/0x300 kernel/exit.c:997
 get_signal+0x6ca/0x12c0 kernel/signal.c:2900
 arch_do_signal_or_restart+0xe7/0x12c0 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 irqentry_exit_to_user_mode+0x5/0x30 kernel/entry/common.c:320
 exc_page_fault+0x88/0x100 arch/x86/mm/fault.c:1499
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:606
RIP: 0033:0x7fdb9e2d04f7
Code: Unable to access opcode bytes at RIP 0x7fdb9e2d04cd.
RSP: 002b:00007fdb9c656120 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fdb9e419f79
RDX: 00007fdb9c656140 RSI: 00007fdb9c656270 RDI: 000000000000000b
RBP: 00007fdb9e4b06e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007fdb9e695038 R14: 00007fdb9e694fa0 R15: 00007ffcdfad0ef8
 </TASK>