INFO: task syz.5.1973:12705 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:28080 pid:12705 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d7d9df028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce15fa0 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce15fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce16038 R14: 00007f0d7ce15fa0 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12707 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:28080 pid:12707 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d7d9be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16090 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce16128 R14: 00007f0d7ce16090 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12709 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:28080 pid:12709 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d7d99d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16180 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16180 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce16218 R14: 00007f0d7ce16180 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12712 blocked for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:29168 pid:12712 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d7d97c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16270 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16270 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce16308 R14: 00007f0d7ce16270 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12715 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:28592 pid:12715 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d7a5f2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16360 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16360 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce163f8 R14: 00007f0d7ce16360 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12719 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:27896 pid:12719 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d7a1cf028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16450 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16450 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce164e8 R14: 00007f0d7ce16450 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12728 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:29008 pid:12728 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d79dac028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16540 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16540 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce165d8 R14: 00007f0d7ce16540 R15: 00007fff0421a138
 </TASK>
INFO: task syz.5.1973:12733 blocked for more than 148 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1973      state:D stack:29008 pid:12733 ppid:4664   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697
 rwsem_down_read_slowpath+0x516/0x870 kernel/locking/rwsem.c:1094
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x94/0x2d0 kernel/locking/rwsem.c:1522
 iterate_supers+0xa4/0x1d0 fs/super.c:755
 ksys_sync+0x9d/0x170 fs/sync.c:102
 __ia32_sys_sync+0xa/0x10 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d7cb9c799
RSP: 002b:00007f0d79989028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f0d7ce16630 RCX: 00007f0d7cb9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f0d7ce16630 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d7ce166c8 R14: 00007f0d7ce16630 R15: 00007fff0421a138
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8cb2dfb0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8cb2e7d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/27:
 #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6513
2 locks held by getty/4030:
 #0: ffff88814cf37098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390 drivers/tty/n_tty.c:2198
1 lock held by syz-executor/8364:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: deactivate_super+0xa0/0xd0 fs/super.c:362
1 lock held by syz.5.1973/12705:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12707:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12709:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12712:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12715:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12719:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12728:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by syz.5.1973/12733:
 #0: ffff8880578a40e0 (&type->s_umount_key#108){++++}-{3:3}, at: iterate_supers+0xa4/0x1d0 fs/super.c:755
1 lock held by rm/14388:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x24e lib/dump_stack.c:106
 nmi_cpu_backtrace+0x3e6/0x460 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1d4/0x450 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xeee/0xf30 kernel/hung_task.c:377
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 14390 Comm: dhcpcd-run-hook Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__kasan_check_read+0x0/0x10 mm/kasan/shadow.c:31
Code: 41 5c 41 5d 41 5e 41 5f 5d c3 48 c7 c7 ff c5 60 8c eb 0a 48 c7 c7 99 60 45 8c 48 89 de e8 78 6e 4e 08 31 ed eb d7 00 00 cc cc <89> f6 48 8b 0c 24 31 d2 e9 a3 ec ff ff 0f 1f 00 89 f6 48 8b 0c 24
RSP: 0000:ffffc90004957af8 EFLAGS: 00000093
RAX: ffffffff81b08c70 RBX: ffffea0000f82d40 RCX: ffff88805490d940
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea0000f82d40
RBP: ffffea0000f82d48 R08: ffffea0000f82d47 R09: 1ffffd40001f05a8
R10: dffffc0000000000 R11: fffff940001f05a9 R12: 1ffffd40001f05a9
R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffffd40001f05a8
FS:  00007fb716269c80(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a262722e38 CR3: 0000000057030000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 instrument_atomic_read include/linux/instrumented.h:72 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 folio_test_swapbacked include/linux/page-flags.h:502 [inline]
 folio_is_file_lru include/linux/mm_inline.h:29 [inline]
 folio_lru_list include/linux/mm_inline.h:95 [inline]
 lruvec_add_folio include/linux/mm_inline.h:320 [inline]
 lru_add_fn+0x5ed/0x17d0 mm/swap.c:220
 folio_batch_move_lru+0x2a4/0x680 mm/swap.c:238
 folio_add_lru+0x42a/0xd50 mm/swap.c:526
 do_anonymous_page mm/memory.c:4229 [inline]
 handle_pte_fault mm/memory.c:5027 [inline]
 __handle_mm_fault mm/memory.c:5171 [inline]
 handle_mm_fault+0x3575/0x3ee0 mm/memory.c:5292
 do_user_addr_fault+0x51f/0xb10 arch/x86/mm/fault.c:1338
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x60/0x100 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7fb7163cad34
Code: 8d 34 19 49 39 d0 49 89 70 60 0f 95 c2 48 29 d8 48 83 c1 10 0f b6 d2 48 83 c8 01 48 c1 e2 02 48 09 da 48 83 ca 01 48 89 51 f8 <48> 89 46 08 48 89 cf 4c 89 e6 48 89 4c 24 08 e8 18 c7 ff ff 48 8b
RSP: 002b:00007ffd63ed9070 EFLAGS: 00010202
RAX: 00000000000141d1 RBX: 0000000000001030 RCX: 000055a262721e10
RDX: 0000000000001031 RSI: 000055a262722e30 RDI: 0000000000000004
RBP: ffffffffffffffc0 R08: 00007fb716503ac0 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000001 R12: 000000000000101a
R13: 0000000000000000 R14: 0000000000000101 R15: 00007fb716503b20
 </TASK>