INFO: task syz-executor.2:8882 blocked for more than 144 seconds.
      Not tainted 6.4.0-rc1-syzkaller-00071-g105131df9c3b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:24640 pid:8882  ppid:5020   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5343 [inline]
 __schedule+0xc9a/0x5880 kernel/sched/core.c:6669
 schedule+0xde/0x1a0 kernel/sched/core.c:6745
 io_schedule+0xbe/0x130 kernel/sched/core.c:8979
 bit_wait_io+0x16/0xe0 kernel/sched/wait_bit.c:209
 __wait_on_bit_lock+0x11f/0x1a0 kernel/sched/wait_bit.c:90
 out_of_line_wait_on_bit_lock+0xd9/0x110 kernel/sched/wait_bit.c:117
 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline]
 __lock_buffer fs/buffer.c:70 [inline]
 lock_buffer include/linux/buffer_head.h:406 [inline]
 __sync_dirty_buffer+0x30e/0x380 fs/buffer.c:2807
 __ext4_handle_dirty_metadata+0x2b7/0x8e0 fs/ext4/ext4_jbd2.c:387
 ext4_convert_inline_data_nolock+0x6e6/0xf10 fs/ext4/inline.c:1252
 ext4_convert_inline_data+0x51a/0x5f0 fs/ext4/inline.c:2063
 ext4_page_mkwrite+0x360/0x1680 fs/ext4/inode.c:6044
 do_page_mkwrite+0x1a1/0x690 mm/memory.c:2931
 do_shared_fault mm/memory.c:4595 [inline]
 do_fault mm/memory.c:4663 [inline]
 do_pte_missing mm/memory.c:3647 [inline]
 handle_pte_fault mm/memory.c:4947 [inline]
 __handle_mm_fault+0x254b/0x41c0 mm/memory.c:5089
 handle_mm_fault+0x2af/0x9f0 mm/memory.c:5243
 faultin_page mm/gup.c:925 [inline]
 __get_user_pages+0x60a/0x10e0 mm/gup.c:1147
 __get_user_pages_locked mm/gup.c:1381 [inline]
 __gup_longterm_locked+0x720/0x2420 mm/gup.c:2079
 pin_user_pages_remote+0x101/0x160 mm/gup.c:3124
 process_vm_rw_single_vec mm/process_vm_access.c:105 [inline]
 process_vm_rw_core.constprop.0+0x43b/0x990 mm/process_vm_access.c:215
 process_vm_rw+0x29c/0x300 mm/process_vm_access.c:283
 __do_sys_process_vm_writev mm/process_vm_access.c:303 [inline]
 __se_sys_process_vm_writev mm/process_vm_access.c:298 [inline]
 __x64_sys_process_vm_writev+0xe3/0x1b0 mm/process_vm_access.c:298
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbd1fc8c169
RSP: 002b:00007fbd1e7fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
RAX: ffffffffffffffda RBX: 00007fbd1fdabf80 RCX: 00007fbd1fc8c169
RDX: 0000000000000001 RSI: 000000002001a580 RDI: 00000000000001f3
RBP: 00007fbd1fce7ca1 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcd064357f R14: 00007fbd1e7fe300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/0:1/9:
 #0: ffff8880156a8538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880156a8538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff8880156a8538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff8880156a8538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff8880156a8538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff8880156a8538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc900000e7db0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
 #2: ffff8881427b1190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline]
 #2: ffff8881427b1190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c0/0x4e40 drivers/usb/core/hub.c:5739
 #3: ffff8881427b44f8 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3147 [inline]
 #3: ffff8881427b44f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5303 [inline]
 #3: ffff8881427b44f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5551 [inline]
 #3: ffff8881427b44f8 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5711 [inline]
 #3: ffff8881427b44f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x278e/0x4e40 drivers/usb/core/hub.c:5793
 #4: ffff88802106f368 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5304 [inline]
 #4: ffff88802106f368 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5551 [inline]
 #4: ffff88802106f368 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5711 [inline]
 #4: ffff88802106f368 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x27c3/0x4e40 drivers/usb/core/hub.c:5793
 #5: ffffffff8d82f530 (ehci_cf_port_reset_rwsem){.+.+}-{3:3}, at: hub_port_reset+0x18a/0x1d70 drivers/usb/core/hub.c:2962
1 lock held by rcu_tasks_kthre/13:
 #0: ffffffff8c798430 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:518
1 lock held by rcu_tasks_trace/14:
 #0: ffffffff8c798130 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:518
2 locks held by kworker/1:0/22:
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc900001c7db0 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
1 lock held by khungtaskd/28:
 #0: ffffffff8c799040 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 kernel/locking/lockdep.c:6545
2 locks held by getty/4756:
 #0: ffff88802cbea098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 drivers/tty/n_tty.c:2176
1 lock held by syz-executor.5/5027:
 #0: ffffffff8c7a44b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline]
 #0: ffffffff8c7a44b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3e8/0x770 kernel/rcu/tree_exp.h:992
2 locks held by kworker/0:11/7589:
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc90005ce7db0 (key_gc_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
4 locks held by syz-executor.2/8882:
 #0: ffff8880196ad268 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:142 [inline]
 #0: ffff8880196ad268 (&mm->mmap_lock){++++}-{3:3}, at: process_vm_rw_single_vec mm/process_vm_access.c:104 [inline]
 #0: ffff8880196ad268 (&mm->mmap_lock){++++}-{3:3}, at: process_vm_rw_core.constprop.0+0x40a/0x990 mm/process_vm_access.c:215
 #1: ffff88804b280558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a1/0x690 mm/memory.c:2931
 #2: ffff888048a68fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:830 [inline]
 #2: ffff888048a68fa0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_page_mkwrite+0x358/0x1680 fs/ext4/inode.c:6042
 #3: 
ffff888048a68ac8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff888048a68ac8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_convert_inline_data+0x352/0x5f0 fs/ext4/inline.c:2061
1 lock held by syz-executor.2/8974:
7 locks held by kworker/1:8/9618:
2 locks held by syz-executor.3/10153:
 #0: ffffffff8e1149a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
 #0: ffffffff8e1149a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e8/0xd50 net/core/rtnetlink.c:6392
 #1: ffffffff8c7a44b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
 #1: ffffffff8c7a44b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x64a/0x770 kernel/rcu/tree_exp.h:992

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc1-syzkaller-00071-g105131df9c3b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x29c/0x350 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x2a4/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0xe16/0x1090 kernel/hung_task.c:379
 kthread+0x344/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5565 Comm: kworker/u4:16 Not tainted 6.4.0-rc1-syzkaller-00071-g105131df9c3b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Workqueue: bat_events batadv_purge_orig
RIP: 0010:check_preemption_disabled+0x4/0x170 lib/smp_processor_id.c:13
Code: 00 85 db 74 07 0f 1f 44 00 00 0f 0b 0f 1f 44 00 00 5b e9 6f fb ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 56 41 55 <49> 89 f5 41 54 55 48 89 fd 53 0f 1f 44 00 00 65 44 8b 25 01 5b f4
RSP: 0018:ffffc900067bfbb0 EFLAGS: 00000046
RAX: 42432a2b96192d0b RBX: ffff888023335940 RCX: 1ffffffff22af4b6
RDX: 0000000000000000 RSI: ffffffff8a4c6a00 RDI: ffffffff8aa70ee0
RBP: ffffffff814dd0c4 R08: 0000000000000001 R09: ffffffff91527ddf
R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88807ea9cdd0 R14: ffff8880290f8c00 R15: 0000000000000274
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c92a000 CR3: 0000000053b89000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 lockdep_hardirqs_on+0x7d/0x100 kernel/locking/lockdep.c:4394
 __local_bh_enable_ip+0xa4/0x130 kernel/softirq.c:401
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 batadv_purge_orig_ref+0xeb8/0x1590 net/batman-adv/originator.c:1259
 batadv_purge_orig+0x1b/0x60 net/batman-adv/originator.c:1272
 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
 kthread+0x344/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>