INFO: task syz-executor.5:8074 blocked for more than 143 seconds.
      Not tainted 6.2.0-rc3-next-20230109-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D
 stack:28256 pid:8074  ppid:5128   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 rwsem_down_read_slowpath+0x5a7/0xb20 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe6/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f9f6c2276c6
RSP: 002b:00007ffe5f22e728 EFLAGS: 00010287
RAX: 0000001b33922000 RBX: 00007f9f6c3ac018 RCX: 0000001b33920000
RDX: 0000001b33922004 RSI: 0000001b33921824 RDI: 0000000054ac3b9b
RBP: 0000000054ac3b9b R08: 0000001b33d20000 R09: 0000000054ac3b9f
R10: 00007ffe5f3d6090 R11: 0000000000018df6 R12: 00007f9f6c3a0000
R13: 0000000000000001 R14: 00000000000031c0 R15: ffffffff8166ab1f
 </TASK>

Showing all threads with locks held in the system:
task:rcu_tasks_kthre state:I stack:29056 pid:12    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 rcu_tasks_one_gp+0x484/0xcd0 kernel/rcu/tasks.h:517
 rcu_tasks_kthread+0x77/0xa0 kernel/rcu/tasks.h:555
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8c7929f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xcd0 kernel/rcu/tasks.h:510
task:rcu_tasks_trace state:I stack:29224 pid:13    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 rcu_tasks_one_gp+0x484/0xcd0 kernel/rcu/tasks.h:517
 rcu_tasks_kthread+0x77/0xa0 kernel/rcu/tasks.h:555
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8c7926f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xcd0 kernel/rcu/tasks.h:510
task:kworker/u4:4    state:D stack:23472 pid:63    ppid:2      flags:0x00004000
Workqueue: events_unbound bpf_map_free_deferred
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 exp_funnel_lock kernel/rcu/tree_exp.h:316 [inline]
 synchronize_rcu_expedited+0x706/0x770 kernel/rcu/tree_exp.h:990
 synchronize_rcu+0x302/0x3b0 kernel/rcu/tree.c:3481
 lockdep_unregister_key+0x282/0x460 kernel/locking/lockdep.c:6362
 htab_map_free+0x448/0x8f0 kernel/bpf/hashtab.c:1522
 bpf_map_free_deferred+0x1c0/0x430 kernel/bpf/syscall.c:686
 process_one_work+0x9bf/0x1750 kernel/workqueue.c:2293
 worker_thread+0x669/0x1090 kernel/workqueue.c:2440
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
2 locks held by kworker/u4:4/63:
 #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 kernel/workqueue.c:2264
 #1: ffffc90001587da8 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 kernel/workqueue.c:2268
task:getty           state:S
 stack:23336 pid:4748  ppid:1      flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 schedule_timeout+0x1e1/0x2a0 kernel/time/timer.c:2143
 wait_woken+0x197/0x200 kernel/sched/wait.c:463
 n_tty_read+0x1055/0x13e0 drivers/tty/n_tty.c:2243
 iterate_tty_read drivers/tty/tty_io.c:852 [inline]
 tty_read+0x30e/0x5a0 drivers/tty/tty_io.c:927
 call_read_iter include/linux/fs.h:2185 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x681/0x930 fs/read_write.c:470
 ksys_read+0x12b/0x250 fs/read_write.c:613
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb37bfcb8fe
RSP: 002b:00007fff670a7a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000561072a97910 RCX: 00007fb37bfcb8fe
RDX: 0000000000000001 RSI: 00007fff670a7a90 RDI: 0000000000000000
RBP: 0000561072a97970 R08: 0000000000000007 R09: 0000561072a98cd0
R10: 0000000000000063 R11: 0000000000000246 R12: 0000561072a979ac
R13: 00007fff670a7a90 R14: 0000000000000000 R15: 0000561072a979ac
 </TASK>
2 locks held by getty/4748:
 #0: ffff888027a19098 (&tty->ldisc_sem){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x26/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 drivers/tty/n_tty.c:2177
task:syz-executor.0  state:D stack:24232 pid:5129  ppid:5112   flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6705
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
 synchronize_rcu_expedited+0x400/0x770 kernel/rcu/tree_exp.h:990
 namespace_unlock+0x1af/0x410 fs/namespace.c:1602
 do_umount fs/namespace.c:1825 [inline]
 path_umount+0x67b/0x10b0 fs/namespace.c:1907
 ksys_umount fs/namespace.c:1930 [inline]
 __do_sys_umount fs/namespace.c:1935 [inline]
 __se_sys_umount fs/namespace.c:1933 [inline]
 __x64_sys_umount+0x15d/0x190 fs/namespace.c:1933
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f462c48d537
RSP: 002b:00007fff072ca148 EFLAGS: 00000246
 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f462c48d537
RDX: 00007fff072ca21b RSI: 000000000000000a RDI: 00007fff072ca210
RBP: 00007fff072ca210 R08: 00000000ffffffff R09: 00007fff072c9fe0
R10: 00005555563aa8b3 R11: 0000000000000246 R12: 00007f462c4e6b24
R13: 00007fff072cb2d0 R14: 00005555563aa810 R15: 00007fff072cb310
 </TASK>
1 lock held by syz-executor.0/5129:
 #0: ffffffff8c79e6b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
 #0: ffffffff8c79e6b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x400/0x770 kernel/rcu/tree_exp.h:990
task:kworker/u4:3    state:D stack:26080 pid:5163  ppid:2      flags:0x00004000
Workqueue: events_unbound bpf_map_free_deferred

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 synchronize_rcu_expedited+0x5e2/0x770 kernel/rcu/tree_exp.h:1005
 synchronize_rcu+0x302/0x3b0 kernel/rcu/tree.c:3481
 lockdep_unregister_key+0x282/0x460 kernel/locking/lockdep.c:6362
 htab_map_free+0x448/0x8f0 kernel/bpf/hashtab.c:1522
 bpf_map_free_deferred+0x1c0/0x430 kernel/bpf/syscall.c:686
 process_one_work+0x9bf/0x1750 kernel/workqueue.c:2293
 worker_thread+0x669/0x1090 kernel/workqueue.c:2440
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
3 locks held by kworker/u4:3/5163:
 #0: 
ffff888012479138
 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 kernel/workqueue.c:2264
 #1: 
ffffc9000458fda8
 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 kernel/workqueue.c:2268
 #2: ffffffff8c79e6b8 (
rcu_state.exp_mutex
){+.+.}-{3:3}
, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
, at: synchronize_rcu_expedited+0x658/0x770 kernel/rcu/tree_exp.h:990
task:kworker/1:7     state:D
 stack:23296 pid:5187  ppid:2      flags:0x00004000
Workqueue: rcu_gp wait_rcu_exp_gp

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 schedule_timeout+0x14e/0x2a0 kernel/time/timer.c:2167
 synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:572 [inline]
 synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:624 [inline]
 rcu_exp_wait_wake+0x28f/0x11c0 kernel/rcu/tree_exp.h:693
 process_one_work+0x9bf/0x1750 kernel/workqueue.c:2293
 worker_thread+0x669/0x1090 kernel/workqueue.c:2440
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
2 locks held by kworker/1:7/5187:
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 kernel/workqueue.c:2264
 #1: ffffc900046f7da8 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 kernel/workqueue.c:2268
task:syz-executor.5  state:D stack:28256 pid:8074  ppid:5128   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 rwsem_down_read_slowpath+0x5a7/0xb20 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe6/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f9f6c2276c6
RSP: 002b:00007ffe5f22e728 EFLAGS: 00010287
RAX: 0000001b33922000 RBX: 00007f9f6c3ac018 RCX: 0000001b33920000
RDX: 0000001b33922004 RSI: 0000001b33921824 RDI: 0000000054ac3b9b
RBP: 0000000054ac3b9b R08: 0000001b33d20000 R09: 0000000054ac3b9f
R10: 00007ffe5f3d6090 R11: 0000000000018df6 R12: 00007f9f6c3a0000
R13: 0000000000000001 R14: 00000000000031c0 R15: ffffffff8166ab1f
 </TASK>
1 lock held by syz-executor.5/8074:
 #0: ffff8880286c8198 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 #0: ffff8880286c8198 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
task:syz-executor.5  state:R  running task     stack:26944 pid:8075  ppid:5128   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6739
 </TASK>
3 locks held by syz-executor.5/8075:
task:syz-executor.5  state:D
 stack:28112 pid:8165  ppid:8146   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 rwsem_down_read_slowpath+0x5a7/0xb20 kernel/locking/rwsem.c:1095
 __down_read_common kernel/locking/rwsem.c:1260 [inline]
 __down_read kernel/locking/rwsem.c:1269 [inline]
 down_read+0xe6/0x450 kernel/locking/rwsem.c:1511
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f3dfb6276c6
RSP: 002b:00007ffe784e60e8 EFLAGS: 00010287
RAX: 0000001b30d23000 RBX: 00007f3dfb7ac018 RCX: 0000001b30d20000
RDX: 0000001b30d23004 RSI: 0000001b30d228fc RDI: 00000000a60e1c08
RBP: 00000000a60e1c08 R08: 0000001b31320000 R09: 00000000a60e1c0c
R10: 00007ffe78550090 R11: 000000000001b5c8 R12: 00007f3dfb7a0000
R13: 0000000000000001 R14: 0000000000002677 R15: ffffffff81667907
 </TASK>
1 lock held by syz-executor.5/8165:
 #0: 
ffff88801ffd8a98
 (
&mm->mmap_lock
){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
){++++}-{3:3}, at: do_user_addr_fault+0xa51/0x1210 arch/x86/mm/fault.c:1379
task:syz-executor.5  state:R  running task     stack:26944 pid:8166  ppid:8146   flags:0x00004006
Call Trace:
 <TASK>
 </TASK>
1 lock held by syz-executor.5/8166:
task:syz-executor.1  state:D
 stack:29536 pid:8842  ppid:5120   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5252 [inline]
 __schedule+0x25d0/0x5a70 kernel/sched/core.c:6570
 schedule+0xde/0x1b0 kernel/sched/core.c:6646
 exp_funnel_lock kernel/rcu/tree_exp.h:316 [inline]
 synchronize_rcu_expedited+0x706/0x770 kernel/rcu/tree_exp.h:990
 synchronize_rcu+0x302/0x3b0 kernel/rcu/tree.c:3481
 __sched_core_enable kernel/sched/core.c:383 [inline]
 sched_core_get+0x8b/0xa0 kernel/sched/core.c:402
 sched_core_alloc_cookie kernel/sched/core_sched.c:18 [inline]
 sched_core_share_pid+0x3f5/0x9d0 kernel/sched/core_sched.c:185
 __do_sys_prctl+0xacf/0x14c0 kernel/sys.c:2623
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f46ef28c0c9
RSP: 002b:00007f46eff48168 EFLAGS: 00000246 ORIG_RAX: 000000000000009d