INFO: task syz.6.22:6850 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-next-20250714-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.22        state:D stack:28936 pid:6850  tgid:6847  ppid:6765   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5314 [inline]
 __schedule+0x16f5/0x4d00 kernel/sched/core.c:6697
 __schedule_loop kernel/sched/core.c:6775 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6790
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6847
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x724/0xe80 kernel/locking/mutex.c:747
 blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
 sg_ioctl_common drivers/scsi/sg.c:1122 [inline]
 sg_ioctl+0x47b/0x2230 drivers/scsi/sg.c:1156
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f286978e929
RSP: 002b:00007f286a640038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f28699b6080 RCX: 00007f286978e929
RDX: 0000000020000000 RSI: 0000000000001276 RDI: 0000000000000003
RBP: 00007f2869810b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f28699b6080 R15: 00007ffcc4133c18
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e53eca0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e53eca0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e53eca0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770
3 locks held by kworker/u8:4/59:
 #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:606
 #1: ffff8880b8624008 (per_cpu_ptr(&psi_seq, cpu)){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:937
 #2: ffffffff8e3d6ab0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_disable+0x12/0x20 kernel/jump_label.c:247
2 locks held by kswapd0/86:
2 locks held by kworker/u8:5/1004:
 #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:606
 #1: ffff8880b8724008 (per_cpu_ptr(&psi_seq, cpu)){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:937
2 locks held by getty/5611:
 #0: ffff88814cd6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
2 locks held by syz.6.22/6848:
1 lock held by syz.6.22/6850:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.7.23/7036:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.7.23/7037:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.8.24/7190:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.8.24/7192:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.9.25/7403:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.9.25/7404:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.0.26/7536:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.0.26/7539:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.1.27/7906:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.1.27/7907:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.2.28/8242:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.2.28/8244:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
1 lock held by syz.3.29/8570:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:613
1 lock held by syz.3.29/8572:
 #0: ffff888141ffc408 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 kernel/trace/blktrace.c:406
6 locks held by dhcpcd-run-hook/8694:
 #0: ffff8880b8739f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:606
 #1: ffff8880b8724008 (per_cpu_ptr(&psi_seq, cpu)){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:937
 #2: ffff888021768f78 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #2: ffff888021768f78 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: __pte_offset_map_lock+0x13e/0x210 mm/pgtable-generic.c:401
 #3: ffffffff8e53eca0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8e53eca0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #3: ffffffff8e53eca0 (rcu_read_lock){....}-{1:3}, at: page_table_check_set+0x18d/0x730 mm/page_table_check.c:112
 #4: ffff8880b8740018 (&pcp->lock){+.+.}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
 #4: ffff8880b8740018 (&pcp->lock){+.+.}-{3:3}, at: free_unref_folios+0x1173/0x1520 mm/page_alloc.c:3005
 #5: ffff8880b8724008 (per_cpu_ptr(&psi_seq, cpu)){-.-.}-{0:0}, at: psi_task_change+0xd9/0x340 kernel/sched/psi.c:923

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xfee/0x1030 kernel/hung_task.c:491
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6848 Comm: syz.6.22 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:should_drop_frame net/mac80211/rx.c:109 [inline]
RIP: 0010:ieee80211_rx_monitor net/mac80211/rx.c:836 [inline]
RIP: 0010:ieee80211_rx_list+0xb6e/0x2d50 net/mac80211/rx.c:5428
Code: 24 60 44 8d 24 08 41 83 c4 10 44 89 f7 44 89 e6 e8 37 e6 c5 f6 45 39 e6 0f 82 a7 19 00 00 4c 89 f8 48 c1 e8 03 42 0f b6 04 28 <84> c0 4c 8b 64 24 10 0f 85 47 1e 00 00 45 0f b7 37 45 89 f7 41 83
RSP: 0018:ffffc90000a08a00 EFLAGS: 00000a06
RAX: 0000000000000000 RBX: 0000000000020000 RCX: 0000000000000100
RDX: ffff88802ba80000 RSI: 0000000000000010 RDI: 000000000000004c
RBP: ffffc90000a08c10 R08: ffff8880b19e8e9f R09: 1ffff1101633d1d3
R10: dffffc0000000000 R11: ffffed101633d1d4 R12: 0000000000000010
R13: dffffc0000000000 R14: 000000000000004c R15: ffff88818f829d90
FS:  00007f286a6616c0(0000) GS:ffff8881258b4000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563cc6b34950 CR3: 000000004a630000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 ieee80211_rx_napi+0x1a8/0x3d0 net/mac80211/rx.c:5460
 ieee80211_rx include/net/mac80211.h:5206 [inline]
 ieee80211_handle_queued_frames+0xe8/0x1f0 net/mac80211/main.c:442
 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:80 [inline]
RIP: 0010:__orc_find arch/x86/kernel/unwind_orc.c:102 [inline]
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:227 [inline]
RIP: 0010:unwind_next_frame+0x130a/0x2390 arch/x86/kernel/unwind_orc.c:494
Code: c1 f9 02 48 c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 27 49 63 07 4c 01 f8 49 8d 4f 04 4c 39 e0 48
RSP: 0018:ffffc90003db7218 EFLAGS: 00000a02
RAX: 1ffffffff200394a RBX: ffffffff9001ca6c RCX: dffffc0000000000
RDX: ffffffff9001ca38 RSI: ffffffff908366a8 RDI: ffffffff8c04df60
RBP: ffffffff9001ca38 R08: 000000000000000e R09: ffffffff8172fea5
R10: ffffc90003db7338 R11: ffffffff81acd930 R12: ffffffff823bbb1b
R13: ffffffff9001ca38 R14: ffffc90003db72e8 R15: ffffffff9001ca50
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 save_stack+0xf5/0x1f0 mm/page_owner.c:156
 __set_page_owner+0x8d/0x4a0 mm/page_owner.c:329
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851
 prep_new_page mm/page_alloc.c:1859 [inline]
 get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416
 alloc_frozen_pages_noprof mm/mempolicy.c:2487 [inline]
 alloc_pages_noprof+0xa9/0x190 mm/mempolicy.c:2507
 relay_alloc_buf kernel/relay.c:121 [inline]
 relay_create_buf kernel/relay.c:161 [inline]
 relay_open_buf+0x283/0xe50 kernel/relay.c:389
 relay_open+0x427/0x920 kernel/relay.c:518
 do_blk_trace_setup+0x561/0x980 kernel/trace/blktrace.c:572
 blk_trace_setup+0x116/0x1f0 kernel/trace/blktrace.c:614
 sg_ioctl_common drivers/scsi/sg.c:1114 [inline]
 sg_ioctl+0xaf3/0x2230 drivers/scsi/sg.c:1156
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f286978e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f286a661038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f28699b5fa0 RCX: 00007f286978e929
RDX: 0000200000000b40 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007f2869810b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f28699b5fa0 R15: 00007ffcc4133c18
 </TASK>