INFO: task syz.0.290:7998 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.290       state:D stack:23416 pid:7998  tgid:7996  ppid:7842   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x14ef/0x4fb0
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_read_slowpath+0x61e/0x920
 down_read+0x99/0x2e0
 super_lock+0x2d6/0x3d0
 __iterate_supers+0x126/0x290
 ksys_sync+0xa0/0x170
 __ia32_sys_sync+0xe/0x20
 do_syscall_64+0xe2/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f635879acb9
RSP: 002b:00007f6359710028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f6358a15fa0 RCX: 00007f635879acb9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f6358a15fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6358a16038 R14: 00007f6358a15fa0 R15: 00007ffe8625f7e8
 </TASK>
INFO: task syz.0.290:8023 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.290       state:D stack:28728 pid:8023  tgid:7996  ppid:7842   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x14ef/0x4fb0
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_read_slowpath+0x61e/0x920
 down_read+0x99/0x2e0
 super_lock+0x2d6/0x3d0
 __iterate_supers+0x126/0x290
 ksys_sync+0xa0/0x170
 __ia32_sys_sync+0xe/0x20
 do_syscall_64+0xe2/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f635879acb9
RSP: 002b:00007f63596ef028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f6358a16090 RCX: 00007f635879acb9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f6358a16090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6358a16128 R14: 00007f6358a16090 R15: 00007ffe8625f7e8
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
 #0: ffff888168561148 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0
 #1: ffffc90000117bc0 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0
 #2: ffff8881706c0a68 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x66/0x12a0
1 lock held by khungtaskd/35:
 #0: ffffffff8e35a2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
1 lock held by klogd/5267:
2 locks held by dhcpcd/5576:
 #0: ffff88812103a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
 #1: ffff888121024588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
2 locks held by getty/5657:
 #0: ffff888111e2d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc9000356b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
4 locks held by kworker/u8:3/5863:
 #0: ffff888100ef7948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0
 #1: ffffc90005037bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0
 #2: ffffffff8f799dd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xfe/0x7b0
 #3: ffffffff8e360ac0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
2 locks held by syz-executor/6649:
1 lock held by syz.0.290/7998:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.0.290/8023:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.2.330/8493:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.2.330/8514:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.6.393/9260:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.8.535/10215:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.8.535/10216:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
1 lock held by syz.3.746/11548:
 #0: ffff8881b961e0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2d6/0x3d0
3 locks held by kworker/1:11/11725:
 #0: ffff888100075948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0
 #1: ffffc900056f7bc0 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0
 #2: ffff8881af067240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x202/0x3d0
1 lock held by syz-executor/11772:
 #0: ffffffff8e360bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
1 lock held by syz-executor/11775:
 #0: ffffffff8e360bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
4 locks held by dhcpcd-run-hook/11783:
 #0: ffff88823c63a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
 #1: ffff88823c624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
 #2: ffff888113a39f78 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: handle_mm_fault+0x146c/0x32a0
 #3: ffff88823c63a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
1 lock held by rm/11786:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 35 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 nmi_cpu_backtrace+0x274/0x2d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 sys_info+0x135/0x170
 watchdog+0xf90/0xfe0
 kthread+0x726/0x8b0
 ret_from_fork+0x51b/0xa40
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 11787 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:lock_is_held_type+0x89/0x150
Code: 57 07 41 83 bd 28 0b 00 00 00 7e 48 4c 89 eb 48 81 c3 30 0b 00 00 45 31 ff 49 83 ff 31 73 24 48 89 df 4c 89 f6 e8 f7 01 00 00 <85> c0 75 2a 49 ff c7 49 63 85 28 0b 00 00 48 83 c3 28 49 39 c7 7c
RSP: 0000:ffffc90005757bc0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8881758962f0 RCX: 0000000000000046
RDX: ffff8881758957c0 RSI: ffffffff8e35a2e0 RDI: ffff8881758962f0
RBP: 00000000ffffffff R08: ffffffff820fbbe1 R09: ffffffff8e35a2e0
R10: dffffc0000000000 R11: fffff94000de60ff R12: 0000000000000246
R13: ffff8881758957c0 R14: ffffffff8e35a2e0 R15: 0000000000000000
FS:  00007f8b6a152380(0000) GS:ffff8882a992c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056375200be48 CR3: 00000001b2880000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 count_memcg_event_mm+0x103/0x260
 handle_mm_fault+0x2b96/0x32a0
 do_user_addr_fault+0xa73/0x1360
 exc_page_fault+0x6a/0xc0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f8b6a3d59d6
Code: 5c 25 28 49 8b 57 10 48 85 db 74 27 8b 74 24 0c 23 73 08 44 39 f6 75 16 48 39 c2 75 05 e8 62 ff ff ff 48 8b 53 10 48 83 c0 08 <48> 89 50 f8 48 8b 1b eb d0 49 83 c4 08 49 81 fc 38 01 00 00 75 be
RSP: 002b:00007fff418c0a70 EFLAGS: 00010216
RAX: 000056375200be50 RBX: 0000563751ffb4c0 RCX: 0000000000000002
RDX: 00007fff418c3ea1 RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f8b6a267be0 R11: 0000000000000246 R12: 0000000000000010
R13: 0000563751ffae60 R14: 0000000000000001 R15: 0000563751ffac30
 </TASK>
