INFO: task syz-executor.4:3533 blocked for more than 143 seconds.
      Not tainted 5.15.151-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:20792 pid: 3533 ppid:     1 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5030 [inline]
 __schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
 schedule+0x11b/0x1f0 kernel/sched/core.c:6459
 rwsem_down_write_slowpath+0xebb/0x15c0 kernel/locking/rwsem.c:1157
 __down_write_common kernel/locking/rwsem.c:1284 [inline]
 __down_write kernel/locking/rwsem.c:1293 [inline]
 down_write+0x164/0x170 kernel/locking/rwsem.c:1542
 inode_lock include/linux/fs.h:789 [inline]
 vfs_unlink+0xe0/0x5f0 fs/namei.c:4269
 do_unlinkat+0x4a3/0x950 fs/namei.c:4348
 __do_sys_unlink fs/namei.c:4396 [inline]
 __se_sys_unlink fs/namei.c:4394 [inline]
 __x64_sys_unlink+0x45/0x50 fs/namei.c:4394
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f971e28b557
RSP: 002b:00007fff1abd9698 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f971e28b557
RDX: 00007fff1abd96c0 RSI: 00007fff1abd9750 RDI: 00007fff1abd9750
RBP: 00007fff1abd9750 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007fff1abda810
R13: 00007f971e2d73b9 R14: 00007f971e2eb618 R15: 000000000000000d
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3263:
 #0: ffff88814b462098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc9000249b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158
3 locks held by syz-executor.4/3533:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:377
 #1: ffff8880382ee7a0 (&type->i_mutex_dir_key#4/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:824 [inline]
 #1: ffff8880382ee7a0 (&type->i_mutex_dir_key#4/1){+.+.}-{3:3}, at: do_unlinkat+0x266/0x950 fs/namei.c:4331
 #2: ffff888072c203f0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #2: ffff888072c203f0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: vfs_unlink+0xe0/0x5f0 fs/namei.c:4269
3 locks held by kworker/u4:7/5643:
3 locks held by syz-executor.0/12820:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff888043e567a0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff888043e567a0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.3/12830:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff88805526a1d8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff88805526a1d8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.2/12831:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff888072f87198 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff888072f87198 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.0/12832:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff888072f849b8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff888072f849b8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.3/12842:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff888029fd5da8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff888029fd5da8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.0/12852:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff888032412bd0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff888032412bd0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.1/12858:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff8880382ea1d8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff8880382ea1d8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.4/12869:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff88802580b5c8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff88802580b5c8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
3 locks held by syz-executor.4/12887:
 #0: ffff88814b4cc460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0 fs/coredump.c:825
 #1: ffff888072c203f0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:789 [inline]
 #1: ffff888072c203f0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360 fs/ext4/file.c:262
 #2: ffff88814b4cc0e0 (&type->s_umount_key#32){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x1d/0xb0 fs/fs-writeback.c:2729
1 lock held by syz-executor.3/12935:
3 locks held by syz-executor.3/12944:
3 locks held by syz-executor.3/12958:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.151-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xe72/0xeb0 kernel/hung_task.c:295
 kthread+0x3f6/0x4f0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5643 Comm: kworker/u4:7 Not tainted 5.15.151-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:rcu_preempt_read_enter kernel/rcu/tree_plugin.h:375 [inline]
RIP: 0010:__rcu_read_lock+0x2b/0xb0 kernel/rcu/tree_plugin.h:398
Code: 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 4c 8b 3d 68 ce 96 7e 49 81 c7 3c 04 00 00 4c 89 fb 48 c1 eb 03 42 0f b6 04 33 <84> c0 75 2f 41 8b 2f ff c5 42 0f b6 04 33 84 c0 75 38 41 89 2f 42
RSP: 0018:ffffc9000687ed78 EFLAGS: 00000a07
RAX: 0000000000000000 RBX: 1ffff1100ecdabaf RCX: ffff8880766d5940
RDX: 0000000000000000 RSI: 0000000000040000 RDI: 000000000003acd4
RBP: 0000000000040000 R08: ffffffff82142342 R09: ffffed1005ec02c0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88814b4ce000
R13: 000000000003acd3 R14: dffffc0000000000 R15: ffff8880766d5d7c
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b7f64c19b8 CR3: 000000001eab6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 rcu_read_lock include/linux/rcupdate.h:694 [inline]
 ext4_sb_block_valid+0x196/0x590 fs/ext4/block_validity.c:314
 __check_block_validity fs/ext4/inode.c:416 [inline]
 ext4_map_blocks+0x1080/0x1e00 fs/ext4/inode.c:715
 mpage_map_one_extent fs/ext4/inode.c:2396 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2449 [inline]
 ext4_writepages+0x160e/0x3d10 fs/ext4/inode.c:2817
 do_writepages+0x481/0x730 mm/page-writeback.c:2364
 __writeback_single_inode+0x15b/0xe30 fs/fs-writeback.c:1647
 writeback_sb_inodes+0xbce/0x1a40 fs/fs-writeback.c:1930
 wb_writeback+0x451/0xc50 fs/fs-writeback.c:2104
 wb_do_writeback fs/fs-writeback.c:2247 [inline]
 wb_workfn+0x46c/0x1130 fs/fs-writeback.c:2288
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>