INFO: task syz.1.14:6011 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.14        state:D stack:24360 pid:6011  tgid:6010  ppid:5838   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b33/0x51f0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0xedd/0x1420 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1da/0x220 kernel/locking/rwsem.c:1578
 f2fs_down_write fs/f2fs/f2fs.h:2213 [inline]
 f2fs_balance_fs+0x636/0x8c0 fs/f2fs/segment.c:454
 f2fs_setattr+0xf1e/0x12f0 fs/f2fs/file.c:1144
 notify_change+0xbca/0xe90 fs/attr.c:552
 do_truncate+0x222/0x310 fs/open.c:65
 handle_truncate fs/namei.c:3501 [inline]
 do_open fs/namei.c:3884 [inline]
 path_openat+0x2e4f/0x35d0 fs/namei.c:4039
 do_filp_open+0x284/0x4e0 fs/namei.c:4066
 do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_creat fs/open.c:1522 [inline]
 __se_sys_creat fs/open.c:1516 [inline]
 __x64_sys_creat+0x124/0x170 fs/open.c:1516
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4ae3f8e969
RSP: 002b:00007f4ae4edb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f4ae41b5fa0 RCX: 00007f4ae3f8e969
RDX: 0000000000000000 RSI: 00000000000000ec RDI: 0000200000000e00
RBP: 00007f4ae4010ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f4ae41b5fa0 R15: 00007ffd7cc14e28
 </TASK>
INFO: task syz.1.14:6045 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.14        state:D stack:25640 pid:6045  tgid:6010  ppid:5838   task_flags:0x400040 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b33/0x51f0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0xedd/0x1420 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write_nested+0x1e2/0x220 kernel/locking/rwsem.c:1694
 vfs_rename+0x686/0xf10 fs/namei.c:5092
 do_renameat2+0xdbc/0x1410 fs/namei.c:5270
 __do_sys_rename fs/namei.c:5317 [inline]
 __se_sys_rename fs/namei.c:5315 [inline]
 __x64_sys_rename+0x82/0x90 fs/namei.c:5315
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4ae3f8e969
RSP: 002b:00007f4ae4e99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
RAX: ffffffffffffffda RBX: 00007f4ae41b6160 RCX: 00007f4ae3f8e969
RDX: 0000000000000000 RSI: 0000200000000100 RDI: 00002000000000c0
RBP: 00007f4ae4010ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f4ae41b6160 R15: 00007ffd7cc14e28
 </TASK>

Showing all locks held in the system:
1 lock held by pool_workqueue_/3:
 #0: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
 #0: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x454/0x830 kernel/rcu/tree_exp.h:998
1 lock held by khungtaskd/31:
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 kernel/locking/lockdep.c:6764
6 locks held by kworker/u8:2/36:
 #0: ffff88801bef3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801bef3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90000ad7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90000ad7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff900dea10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 net/core/net_namespace.c:608
 #3: ffff88805d2300e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
 #3: ffff88805d2300e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
 #3: ffff88805d2300e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x13d/0x450 net/devlink/core.c:506
 #4: ffff88805d231250 (&devlink->lock_key#7){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
 #4: ffff88805d231250 (&devlink->lock_key#7){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
 #4: ffff88805d231250 (&devlink->lock_key#7){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x14f/0x450 net/devlink/core.c:506
 #5: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
 #5: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x454/0x830 kernel/rcu/tree_exp.h:998
4 locks held by kworker/u8:5/1317:
 #0: ffff88801e69a148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801e69a148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000476fc60 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000476fc60 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffff888012d7c0e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_trylock_shared+0x22/0xf0 fs/super.c:562
 #3: ffff8880569053b0 (&sbi->gc_lock){+.+.}-{4:4}, at: f2fs_down_write fs/f2fs/f2fs.h:2213 [inline]
 #3: ffff8880569053b0 (&sbi->gc_lock){+.+.}-{4:4}, at: f2fs_balance_fs+0x636/0x8c0 fs/f2fs/segment.c:454
2 locks held by getty/5584:
 #0: ffff88803639a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000334b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x5bb/0x1700 drivers/tty/n_tty.c:2222
6 locks held by kworker/u9:3/5839:
 #0: ffff88802860b948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88802860b948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000417fc60 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000417fc60 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffff888052fe0d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff888052fe0078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1f1/0xeb0 net/bluetooth/hci_sync.c:5597
 #4: ffffffff902516a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #4: ffffffff902516a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x15d/0x300 net/bluetooth/hci_conn.c:1269
 #5: ffff888027793b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x71/0x690 net/bluetooth/l2cap_core.c:1761
2 locks held by kworker/0:3/5886:
 #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000446fc60 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000446fc60 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
3 locks held by syz.1.14/6011:
 #0: ffff888012d7c420 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:556
 #1: ffff8880578f9328 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff8880578f9328 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x20e/0x310 fs/open.c:63
 #2: ffff8880569053b0 (&sbi->gc_lock){+.+.}-{4:4}, at: f2fs_down_write fs/f2fs/f2fs.h:2213 [inline]
 #2: ffff8880569053b0 (&sbi->gc_lock){+.+.}-{4:4}, at: f2fs_balance_fs+0x636/0x8c0 fs/f2fs/segment.c:454
7 locks held by syz.1.14/6043:
3 locks held by syz.1.14/6045:
 #0: ffff888012d7c420 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:556
 #1: ffff88805b27f578 (&type->i_mutex_dir_key#10/1){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:902 [inline]
 #1: ffff88805b27f578 (&type->i_mutex_dir_key#10/1){+.+.}-{4:4}, at: lock_rename fs/namei.c:3265 [inline]
 #1: ffff88805b27f578 (&type->i_mutex_dir_key#10/1){+.+.}-{4:4}, at: do_renameat2+0x653/0x1410 fs/namei.c:5216
 #2: ffff8880578f8148 (&sb->s_type->i_mutex_key#20/4){+.+.}-{4:4}, at: vfs_rename+0x686/0xf10 fs/namei.c:5092
3 locks held by syz.7.253/8603:
 #0: ffff88807f020d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:481 [inline]
 #0: ffff88807f020d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2678
 #1: ffff88807f020078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x60f/0x1260 net/bluetooth/hci_sync.c:5213
 #2: ffffffff902516a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2066 [inline]
 #2: ffffffff902516a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2701
3 locks held by syz.4.258/8576:
 #0: ffff888056b28d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:481 [inline]
 #0: ffff888056b28d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2678
 #1: ffff888056b28078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x60f/0x1260 net/bluetooth/hci_sync.c:5213
 #2: ffffffff902516a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2066 [inline]
 #2: ffffffff902516a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2701
2 locks held by dhcpcd-run-hook/8639:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x4ab/0x4e0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:437
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:lockdep_hardirqs_off+0x84/0x110 kernel/locking/lockdep.c:4513
Code: 8b 05 78 85 3d 07 85 c0 74 54 65 48 8b 1c 25 08 10 65 93 48 c7 c7 79 56 63 8e e8 67 1c 00 00 65 c7 05 54 85 3d 07 00 00 00 00 <4c> 89 bb 98 0a 00 00 8b 83 88 0a 00 00 ff c0 89 83 88 0a 00 00 89
RSP: 0018:ffffc900001178c8 EFLAGS: 00000082
RAX: 0000000000000001 RBX: ffff88801c2fda00 RCX: 0000000000000000
RDX: ffff88804e8ae000 RSI: ffffffff8e635679 RDI: ffffffff8ca0e2c0
RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88801b042140
R13: ffff88804e8ae000 R14: ffffffff93651020 R15: ffffffff822a71cd
FS:  0000000000000000(0000) GS:ffff8881250cf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdb1b82888 CR3: 00000000331ee000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 trace_hardirqs_off+0x12/0x40 kernel/trace/trace_preemptirq.c:104
 kasan_quarantine_put+0x3d/0x230 mm/kasan/quarantine.c:207
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2398 [inline]
 slab_free mm/slub.c:4656 [inline]
 kfree+0x198/0x430 mm/slub.c:4855
 skb_kfree_head net/core/skbuff.c:1058 [inline]
 skb_free_head net/core/skbuff.c:1070 [inline]
 skb_release_data+0x6a3/0x8b0 net/core/skbuff.c:1097
 skb_release_all net/core/skbuff.c:1162 [inline]
 __kfree_skb net/core/skbuff.c:1176 [inline]
 consume_skb+0x9f/0xf0 net/core/skbuff.c:1408
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:821 [inline]
 nsim_dev_trap_report_work+0x7d1/0xb50 drivers/net/netdevsim/dev.c:851
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd50 kernel/workqueue.c:3400
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>