INFO: task syz.5.706:8679 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.706       state:D stack:25608 pid:8679  tgid:8649  ppid:6683   task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7058
 io_schedule+0x81/0xe0 kernel/sched/core.c:7903
 TXN_SLEEP_DROP_LOCK fs/jfs/jfs_txnmgr.c:125 [inline]
 txBegin+0x26e/0xb10 fs/jfs/jfs_txnmgr.c:374
 jfs_mkdir+0x1e5/0xa70 fs/jfs/namei.c:231
 vfs_mkdir+0x306/0x510 fs/namei.c:4366
 ovl_do_mkdir fs/overlayfs/overlayfs.h:251 [inline]
 ovl_workdir_create+0x4c3/0x8b0 fs/overlayfs/super.c:330
 ovl_make_workdir fs/overlayfs/super.c:669 [inline]
 ovl_get_workdir+0x32f/0x17c0 fs/overlayfs/super.c:827
 ovl_fill_super+0x1365/0x35b0 fs/overlayfs/super.c:1406
 vfs_get_super fs/super.c:1325 [inline]
 get_tree_nodev+0xbb/0x150 fs/super.c:1344
 vfs_get_tree+0x92/0x2b0 fs/super.c:1815
 do_new_mount+0x2a2/0x9e0 fs/namespace.c:3808
 do_mount fs/namespace.c:4136 [inline]
 __do_sys_mount fs/namespace.c:4347 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4324
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2f2490ebe9
RSP: 002b:00007f2f22b55038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f2f24b36090 RCX: 00007f2f2490ebe9
RDX: 0000200000000b80 RSI: 0000200000000100 RDI: 0000000000000000
RBP: 00007f2f24991e19 R08: 0000200000000180 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2f24b36128 R14: 00007f2f24b36090 R15: 00007ffd6437a4e8
 </TASK>

Showing all locks held in the system:
5 locks held by kworker/u8:0/12:
1 lock held by khungtaskd/39:
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
4 locks held by kworker/u8:4/68:
7 locks held by udevd/5204:
2 locks held by getty/5596:
 #0: ffff88823bf7c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 drivers/tty/n_tty.c:2222
3 locks held by syz.5.706/8679:
 #0: ffff8880278780d0 (&type->s_umount_key#74/1){+.+.}-{4:4}, at: alloc_super+0x204/0x990 fs/super.c:345
 #1: ffff88803d79a488 (sb_writers#15){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:557
 #2: ffff88805de3b6c8 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:914 [inline]
 #2: ffff88805de3b6c8 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: ovl_workdir_create+0x14e/0x8b0 fs/overlayfs/super.c:303
1 lock held by syz.2.878/9471:
 #0: ffff888032446488 (sb_writers#3){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
2 locks held by syz-executor/9594:
2 locks held by udevd/9751:
 #0: ffff8880353f2f50 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:415 [inline]
 #0: ffff8880353f2f50 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x214/0x4d0 mm/util.c:578
 #1: ffff8880368deb68 (&anon_vma->rwsem){++++}-{4:4}, at: anon_vma_lock_read include/linux/rmap.h:137 [inline]
 #1: ffff8880368deb68 (&anon_vma->rwsem){++++}-{4:4}, at: validate_mm+0x1d4/0x4b0 mm/vma.c:679
1 lock held by udevd/9786:
 #0: ffff888037d08a18 (&ep->lock){++++}-{3:3}, at: write_lock_irq include/linux/rwlock_rt.h:104 [inline]
 #0: ffff888037d08a18 (&ep->lock){++++}-{3:3}, at: ep_poll fs/eventpoll.c:2127 [inline]
 #0: ffff888037d08a18 (&ep->lock){++++}-{3:3}, at: do_epoll_wait+0x84d/0xbb0 fs/eventpoll.c:2560
1 lock held by udevd/9789:
4 locks held by udevd/9932:
1 lock held by syz.9.961/10100:
2 locks held by syz.3.962/10104:
 #0: ffff88806b300930 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_alloc fs/bcachefs/super.c:917 [inline]
 #0: ffff88806b300930 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_open+0x1245/0x26e0 fs/bcachefs/super.c:2433
 #1: ffff88806b304d38 (&c->mark_lock){++++}-{0:0}, at: bch2_sb_replicas_to_cpu_replicas+0x117/0x1a0 fs/bcachefs/replicas.c:600
1 lock held by syz.6.960/10107:
2 locks held by syz.7.963/10109:
 #0: ffff888027d2c0d0 (&type->s_umount_key#49/1){+.+.}-{4:4}, at: alloc_super+0x204/0x990 fs/super.c:345
 #1: ffffffff8d852438 (wq_pool_mutex){+.+.}-{4:4}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline]
 #1: ffffffff8d852438 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9ef/0x1b70 kernel/workqueue.c:5734
1 lock held by sed/10136:
4 locks held by udevd/10148:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 68 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__lock_acquire+0x87c/0xd20 kernel/locking/lockdep.c:5233
Code: f7 01 c1 44 29 f8 44 01 f9 41 c1 c7 04 41 31 c7 49 c1 e7 20 49 09 cf 83 3d 04 5a 81 0d 00 0f 85 36 02 00 00 48 83 7c 24 28 00 <0f> 84 bc 01 00 00 41 8b 46 f8 25 ff 1f 00 00 48 0f a3 05 1d 87 61
RSP: 0018:ffffc9000153f710 EFLAGS: 00000002
RAX: 00000000d1b703e5 RBX: 0000000000000002 RCX: 000000002ea25a4a
RDX: 000000006b7b0330 RSI: 000000006a1ebecc RDI: ffff88801c7b9dc0
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8184ca61
R10: dffffc0000000000 R11: fffffbfff1e3a8a7 R12: 00000000b7e88a3b
R13: ffff88801c7ba8e0 R14: ffff88801c7ba930 R15: 87d5e05f2ea25a4a
FS:  0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95c0838f50 CR3: 000000003f3d2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __local_bh_disable_ip+0xc3/0x400 kernel/softirq.c:163
 local_bh_disable include/linux/bottom_half.h:20 [inline]
 spin_lock_bh include/linux/spinlock_rt.h:87 [inline]
 batadv_nc_purge_paths+0xf7/0x3f0 net/batman-adv/network-coding.c:442
 batadv_nc_worker+0x8c8/0xbc0 net/batman-adv/network-coding.c:722
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>