INFO: task syz-executor.4:7605 blocked for more than 143 seconds.
      Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28256 pid:7605  ppid:5122   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 rwsem_down_read_slowpath+0x5a7/0xb20 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe6/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fd8042276c6
RSP: 002b:00007ffe1bf49f48 EFLAGS: 00010287
RAX: 0000001b33122000 RBX: 00007fd8043ac018 RCX: 0000001b33120000
RDX: 0000001b33122004 RSI: 0000001b3312168c RDI: 00000000a1dac68f
RBP: 00000000a1dac68f R08: 0000001b33520000 R09: 00000000a1dac693
R10: 00007ffe1bf5b090 R11: 0000000000017e26 R12: 00007fd8043a0000
R13: 0000000000000001 R14: 000000000000491e R15: ffffffff8479424b
 </TASK>

Showing all threads with locks held in the system:
task:kworker/u4:1    state:I stack:23016 pid:11    ppid:2      flags:0x00004000
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
 <TASK>
 find_held_lock+0x2d/0x110 kernel/locking/lockdep.c:5159
 </TASK>
no locks held by kworker/u4:1/11.
task:rcu_tasks_kthre state:I stack:29040 pid:12    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 rcu_tasks_one_gp+0x484/0xcd0 kernel/rcu/tasks.h:517
 rcu_tasks_kthread+0x77/0xa0 kernel/rcu/tasks.h:555
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8c793470 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xcd0 kernel/rcu/tasks.h:510
task:rcu_tasks_trace state:I stack:29208 pid:13    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 rcu_tasks_one_gp+0x484/0xcd0 kernel/rcu/tasks.h:517
 rcu_tasks_kthread+0x77/0xa0 kernel/rcu/tasks.h:555
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8c793170 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xcd0 kernel/rcu/tasks.h:510
task:kworker/0:1     state:D stack:24152 pid:14    ppid:2      flags:0x00004000
Workqueue: rcu_gp wait_rcu_exp_gp
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 schedule_timeout+0x14e/0x2a0 kernel/time/timer.c:2167
 synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:572 [inline]
 synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:624 [inline]
 rcu_exp_wait_wake+0x2ab/0x1220 kernel/rcu/tree_exp.h:693
 process_one_work+0x9bf/0x1750 kernel/workqueue.c:2293
 worker_thread+0x669/0x1090 kernel/workqueue.c:2440
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
2 locks held by kworker/0:1/14:
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 kernel/workqueue.c:2264
 #1: ffffc90000137da8 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 kernel/workqueue.c:2268
task:getty           state:S stack:23336 pid:4757  ppid:1      flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 schedule_timeout+0x1e1/0x2a0 kernel/time/timer.c:2143
 wait_woken+0x197/0x200 kernel/sched/wait.c:463
 n_tty_read+0x1055/0x13e0 drivers/tty/n_tty.c:2243
 iterate_tty_read drivers/tty/tty_io.c:852 [inline]
 tty_read+0x30e/0x5a0 drivers/tty/tty_io.c:927
 call_read_iter include/linux/fs.h:1846 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x681/0x930 fs/read_write.c:470
 ksys_read+0x12b/0x250 fs/read_write.c:613
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f75a70718fe
RSP: 002b:00007fffb4228978 EFLAGS: 00000246
 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000055b527997910 RCX: 00007f75a70718fe
RDX: 0000000000000001 RSI: 00007fffb4228990 RDI: 0000000000000000
RBP: 000055b527997970 R08: 0000000000000007 R09: 000055b527998cd0
R10: 0000000000000063 R11: 0000000000000246 R12: 000055b5279979ac
R13: 00007fffb4228990 R14: 0000000000000000 R15: 000055b5279979ac
 </TASK>
2 locks held by getty/4757:
 #0: 
ffff888028181098
 (
&tty->ldisc_sem
){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x26/0x80 drivers/tty/tty_ldisc.c:244
 #1: 
ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 drivers/tty/n_tty.c:2177
task:syz-executor.4  state:D
 stack:28256 pid:7605  ppid:5122   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 rwsem_down_read_slowpath+0x5a7/0xb20 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe6/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fd8042276c6
RSP: 002b:00007ffe1bf49f48 EFLAGS: 00010287

RAX: 0000001b33122000 RBX: 00007fd8043ac018 RCX: 0000001b33120000
RDX: 0000001b33122004 RSI: 0000001b3312168c RDI: 00000000a1dac68f
RBP: 00000000a1dac68f R08: 0000001b33520000 R09: 00000000a1dac693
R10: 00007ffe1bf5b090 R11: 0000000000017e26 R12: 00007fd8043a0000
R13: 0000000000000001 R14: 000000000000491e R15: ffffffff8479424b
 </TASK>
1 lock held by syz-executor.4/7605:
 #0: ffff888088676498 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 #0: ffff888088676498 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
task:syz-executor.4  state:R  running task     stack:27224 pid:7609  ppid:5122   flags:0x00004006
Call Trace:
 <TASK>
 </TASK>
5 locks held by syz-executor.4/7609:
task:syz-executor.4  state:D stack:24520 pid:7657  ppid:7656   flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6754
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
 synchronize_rcu_expedited+0x400/0x770 kernel/rcu/tree_exp.h:992
 namespace_unlock+0x1af/0x410 fs/namespace.c:1602
 do_umount fs/namespace.c:1825 [inline]
 path_umount+0x67b/0x10b0 fs/namespace.c:1907
 ksys_umount fs/namespace.c:1930 [inline]
 __do_sys_umount fs/namespace.c:1935 [inline]
 __se_sys_umount fs/namespace.c:1933 [inline]
 __x64_sys_umount+0x15d/0x190 fs/namespace.c:1933
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa26568d537
RSP: 002b:00007fff5c7a5978 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa26568d537
RDX: 00007fff5c7a5a48 RSI: 000000000000000a RDI: 00007fff5c7a5a40
RBP: 00007fff5c7a5a40 R08: 00000000ffffffff R09: 00007fff5c7a5810
R10: 0000555556f7f903 R11: 0000000000000246 R12: 00007fa2656e6b24
R13: 00007fff5c7a6b00 R14: 0000555556f7f810 R15: 00007fff5c7a6b40
 </TASK>
1 lock held by syz-executor.4/7657:
 #0: 
ffffffff8c79f138 (rcu_state.exp_mutex){+.+.}-{3:3}
, at: exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
, at: synchronize_rcu_expedited+0x400/0x770 kernel/rcu/tree_exp.h:992
task:syz-executor.3  state:D
 stack:28112 pid:9024  ppid:5135   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 synchronize_rcu_expedited+0x5e2/0x770 kernel/rcu/tree_exp.h:1007
 synchronize_rcu+0x302/0x3b0 kernel/rcu/tree.c:3482
 synchronize_net+0x4e/0x60 net/core/dev.c:10749
 packet_release+0xa6e/0xd00 net/packet/af_packet.c:3158
 __sock_release+0xcd/0x280 net/socket.c:650
 sock_close+0x1c/0x20 net/socket.c:1365
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb98d43df7b
RSP: 002b:00007ffd967a41b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fb98d43df7b
RDX: 00007fb98d000368 RSI: ffffffffffffffff RDI: 0000000000000003
RBP: 00007fb98d5ad980 R08: 0000000000000000 R09: 00007fb98d000000
R10: 00007fb98d000370 R11: 0000000000000293 R12: 00000000000adbe1
R13: 00007ffd967a42b0 R14: 00007fb98d5abf80 R15: 0000000000000032
 </TASK>
2 locks held by syz-executor.3/9024:
 #0: ffff88808493f410 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #0: ffff88808493f410 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:649
 #1: 
ffffffff8c79f138
 (
rcu_state.exp_mutex
){+.+.}-{3:3}
, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
, at: synchronize_rcu_expedited+0x658/0x770 kernel/rcu/tree_exp.h:992
task:syz-executor.0  state:D
 stack:28256 pid:9042  ppid:5117   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6619
 schedule+0xde/0x1b0 kernel/sched/core.c:6695
 exp_funnel_lock kernel/rcu/tree_exp.h:316 [inline]
 synchronize_rcu_expedited+0x706/0x770 kernel/rcu/tree_exp.h:992
 synchronize_rcu+0x302/0x3b0 kernel/rcu/tree.c:3482
 synchronize_net+0x4e/0x60 net/core/dev.c:10749
 packet_release+0xa6e/0xd00 net/packet/af_packet.c:3158
 __sock_release+0xcd/0x280 net/socket.c:650
 sock_close+0x1c/0x20 net/socket.c:1365
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb94803df7b
RSP: 002b:00007ffc4e3f1de0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fb94803df7b
RDX: 00007fb947c00288 RSI: ffffffffffffffff RDI: 0000000000000003
RBP: 00007fb9481ad980 R08: 0000000000000000 R09: 00007fb947c00000
R10: 00007fb947c00290 R11: 0000000000000293 R12: 00000000000adcf6
R13: 00007ffc4e3f1ee0 R14: 00007fb9481abf80 R15: 0000000000000032
 </TASK>
1 lock held by syz-executor.0/9042:
 #0: ffff8880731ab810
 (&sb->s_type->i_mutex_key#10
){+.+.}-{3:3}
, at: inode_lock include/linux/fs.h:758 [inline]
, at: __sock_release+0x86/0x280 net/socket.c:649

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x24/0x18a lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x32f/0x3c0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xcae/0x1050 kernel/hung_task.c:377
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5150 Comm: kworker/u4:3 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: writeback wb_workfn (flush-7:4)
RIP: 0010:lockdep_hardirqs_off+0x81/0xd0 kernel/locking/lockdep.c:4407
Code: 48 c7 c6 e0 50 4c 8a 48 c7 c7 20 51 4c 8a e8 66 10 b9 ff 0f 0b eb cc 48 c7 c7 40 52 4c 8a e8 36 18 00 00 65 8b 05 bf bf fe 75 <85> c0 74 a0 5b 5d c3 48 c7 c7 00 52 4c 8a e8 1c 18 00 00 65 48 8b
RSP: 0018:ffffc9000418f288 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffffff81cf30a7 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88801c417140 R08: ffffe8ffffc098a0 R09: 0000000000000018
R10: 0000000000000001 R11: 0000000000000000 R12: 00000000ffffffff
R13: 0000000000000246 R14: ffffffff83a56721 R15: 0000000000000018
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6fb45a96a8 CR3: 0000000022138000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 trace_hardirqs_off+0x12/0x170 kernel/trace/trace_preemptirq.c:76
 ___slab_alloc+0x1c7/0x1400 mm/slub.c:3112
 __slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3292
 __slab_alloc_node mm/slub.c:3345 [inline]
 slab_alloc_node mm/slub.c:3442 [inline]
 slab_alloc mm/slub.c:3460 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3467 [inline]
 kmem_cache_alloc+0x30a/0x320 mm/slub.c:3476
 f2fs_kmem_cache_alloc_nofail fs/f2fs/f2fs.h:2788 [inline]
 f2fs_kmem_cache_alloc fs/f2fs/f2fs.h:2798 [inline]
 add_free_nid.isra.0+0x111/0x940 fs/f2fs/node.c:2285
 scan_free_nid_bits fs/f2fs/node.c:2436 [inline]
 __f2fs_build_free_nids+0xa7f/0xe00 fs/f2fs/node.c:2470
 f2fs_build_free_nids+0x5a/0xb0 fs/f2fs/node.c:2528
 f2fs_balance_fs_bg+0x173/0xf40 fs/f2fs/segment.c:468
 f2fs_write_node_pages+0x14b/0x750 fs/f2fs/node.c:2106
 do_writepages+0x1a8/0x640 mm/page-writeback.c:2549
 __writeback_single_inode+0x159/0x14d0 fs/fs-writeback.c:1598
 writeback_sb_inodes+0x54d/0xfb0 fs/fs-writeback.c:1889
 wb_writeback+0x2c5/0xdd0 fs/fs-writeback.c:2063
 wb_do_writeback fs/fs-writeback.c:2206 [inline]
 wb_workfn+0x2d4/0xdc0 fs/fs-writeback.c:2246
 process_one_work+0x9bf/0x1750 kernel/workqueue.c:2293
 worker_thread+0x669/0x1090 kernel/workqueue.c:2440
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>