INFO: task syz.9.556:8378 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.556       state:D stack:28592 pid:8378  tgid:8376  ppid:7774   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 super_lock+0x2bb/0x3f0 fs/super.c:114
 super_lock_shared fs/super.c:139 [inline]
 iterate_supers+0xb9/0x240 fs/super.c:931
 ksys_sync+0x8a/0x150 fs/sync.c:102
 __do_sys_sync+0xe/0x20 fs/sync.c:113
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e07785d29
RSP: 002b:00007f6e085de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f6e07975fa0 RCX: 00007f6e07785d29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f6e07975fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f6e07975fa0 R15: 00007ffc45504f58
 </TASK>
INFO: task syz.3.565:8447 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.565       state:D stack:27648 pid:8447  tgid:8446  ppid:7848   flags:0x00404004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 super_lock+0x2bb/0x3f0 fs/super.c:114
 super_lock_shared fs/super.c:139 [inline]
 iterate_supers+0xb9/0x240 fs/super.c:931
 quota_sync_all fs/quota/quota.c:69 [inline]
 __do_sys_quotactl fs/quota/quota.c:938 [inline]
 __se_sys_quotactl fs/quota/quota.c:917 [inline]
 __x64_sys_quotactl+0x2b5/0x440 fs/quota/quota.c:917
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f293b185d29
RSP: 002b:00007f293c029038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
RAX: ffffffffffffffda RBX: 00007f293b375fa0 RCX: 00007f293b185d29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000102
RBP: 00007f293b201b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f293b375fa0 R15: 00007ffd6fbb57f8
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/0:0/8:
 #0: ffff88801b078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
 #1: ffffc900000d7d80 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
 #2: ffffffff9036d008 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x55/0x1d0 net/rfkill/core.c:462
 #3: ffff8880292d8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_poweroff net/bluetooth/hci_core.c:874 [inline]
 #3: ffff8880292d8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_rfkill_set_block+0x1a7/0x360 net/bluetooth/hci_core.c:901
1 lock held by khungtaskd/30:
 #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6744
2 locks held by getty/5586:
 #0: ffff888036b000a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
3 locks held by kworker/0:3/5826:
3 locks held by kworker/0:6/5865:
 #0: ffff88801b078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
 #1: ffffc9000390fd80 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
 #2: ffffffff9036d008 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x1b/0x160 net/rfkill/core.c:182
6 locks held by kworker/1:4/5877:
 #0: ffff888020ec3148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
 #1: ffffc90003a7fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
 #2: ffff88802927f190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #2: ffff88802927f190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c1/0x4e10 drivers/usb/core/hub.c:5851
 #3: ffff8880335ea190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #3: ffff8880335ea190 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
 #4: ffff88806234c160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #4: ffff88806234c160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
 #5: ffffffff9042dc08 (uevent_sock_mutex){+.+.}-{4:4}, at: uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline]
 #5: ffffffff9042dc08 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast lib/kobject_uevent.c:410 [inline]
 #5: ffffffff9042dc08 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_env+0xb35/0x1870 lib/kobject_uevent.c:608
1 lock held by syz.2.170/6553:
 #0: ffff888061faa0e0 (&type->s_umount_key#70/1){+.+.}-{4:4}, at: alloc_super+0x23d/0xbd0 fs/super.c:344
2 locks held by syz.1.1019/11077:
 #0: ffff8880344ac408 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
 #0: ffff8880344ac408 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: __sock_release+0x86/0x270 net/socket.c:639
 #1: ffffffff8e1c7238 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x282/0x3b0 kernel/rcu/tree_exp.h:297

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
 watchdog+0xf14/0x1240 kernel/hung_task.c:397
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__kasan_check_read+0xa/0x20 mm/kasan/shadow.c:31
Code: c7 c7 90 88 7c 8d 5b 5d 41 5c e9 01 85 7c ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 89 f6 <31> d2 e9 1f f1 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
RSP: 0018:ffffc900001e7a78 EFLAGS: 00000007
RAX: 0000000000000003 RBX: 00000000000000ea RCX: ffffffff8175e32e
RDX: 1ffff11003add160 RSI: 0000000000000008 RDI: ffffffff96e53cd8
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff2dca79b
R10: ffffffff96e53cdf R11: 0000000000000000 R12: 0000000000000000
R13: ffff88801d6e8000 R14: 00000000000000ea R15: ffff88801d6e8ae0
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560012e2f300 CR3: 000000000df7e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 hlock_class+0x4e/0x130 kernel/locking/lockdep.c:228
 check_wait_context kernel/locking/lockdep.c:4851 [inline]
 __lock_acquire+0x44d/0x3c40 kernel/locking/lockdep.c:5176
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_do_batch kernel/rcu/tree.c:2561 [inline]
 rcu_core+0x755/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
 run_ksoftirqd kernel/softirq.c:950 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:942
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>