INFO: task syz-executor:5808 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:21256 pid:5808  tgid:5808  ppid:1      task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 io_schedule+0x80/0xd0
 folio_wait_bit_common+0x6b0/0xb80
 __filemap_get_folio+0x139/0xaf0
 truncate_inode_pages_range+0x3ed/0xda0
 evict+0x517/0x9c0
 evict_inodes+0x64c/0x6d0
 generic_shutdown_super+0x9a/0x2c0
 kill_block_super+0x44/0x90
 deactivate_locked_super+0xbc/0x130
 cleanup_mnt+0x425/0x4c0
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xe9/0x130
 do_syscall_64+0x2bd/0xfa0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f71bdb90a77
RSP: 002b:00007ffc6ffb27c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f71bdc13d7d RCX: 00007f71bdb90a77
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6ffb2880
RBP: 00007ffc6ffb2880 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc6ffb3910
R13: 00007f71bdc13d7d R14: 000000000001c502 R15: 00007ffc6ffb3950
 </TASK>
INFO: task syz.2.796:8028 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.796       state:D stack:28456 pid:8028  tgid:8027  ppid:5816   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_read_slowpath+0x5fd/0x8f0
 down_read+0x98/0x2e0
 super_lock+0x2a9/0x3b0
 __iterate_supers+0x126/0x290
 ksys_sync+0x94/0x150
 __ia32_sys_sync+0xe/0x20
 do_syscall_64+0xfa/0xfa0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa780f8f749
RSP: 002b:00007fa781d8c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007fa7811e5fa0 RCX: 00007fa780f8f749
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fa7811e5fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa7811e6038 R14: 00007fa7811e5fa0 R15: 00007ffd1e159598
 </TASK>
INFO: task syz.2.796:8029 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.796       state:D stack:28744 pid:8029  tgid:8027  ppid:5816   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_read_slowpath+0x5fd/0x8f0
 down_read+0x98/0x2e0
 super_lock+0x2a9/0x3b0
 __iterate_supers+0x126/0x290
 ksys_sync+0x94/0x150
 __ia32_sys_sync+0xe/0x20
 do_syscall_64+0xfa/0xfa0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa780f8f749
RSP: 002b:00007fa781d6b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007fa7811e6090 RCX: 00007fa780f8f749
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fa7811e6090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa7811e6128 R14: 00007fa7811e6090 R15: 00007ffd1e159598
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/35:
 #0: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
7 locks held by kworker/u10:5/1093:
2 locks held by getty/5640:
 #0: ffff888171ff30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc9000357b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
1 lock held by syz-executor/5808:
 #0: ffff888112c160e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xa9/0xe0
1 lock held by syz.2.796/8028:
 #0: ffff888112c160e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
1 lock held by syz.2.796/8029:
 #0: ffff888112c160e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
1 lock held by syz.6.1720/10624:
 #0: ffff888112c160e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
1 lock held by syz-executor/10944:
 #0: ffff8881b52480e0 (&type->s_umount_key#75){++++}-{4:4}, at: deactivate_super+0xa9/0xe0

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 35 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 nmi_cpu_backtrace+0x39e/0x3d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 watchdog+0xf60/0xfa0
 kthread+0x711/0x8a0
 ret_from_fork+0x4bc/0x870
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 37 Comm: kworker/u10:1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:lock_is_held_type+0x119/0x190
Code: 00 00 00 48 c7 c7 de 58 8f 8d e8 82 16 00 00 b8 ff ff ff ff 65 0f c1 05 85 6a 27 07 83 f8 01 75 44 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb
RSP: 0018:ffffc90000a08160 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 07ec94b541863700
RDX: 0000000000000100 RSI: ffffffff8d8f58de RDI: ffffffff8bbf0f60
RBP: 00000000ffffffff R08: ffffc90000a084c0 R09: ffffc90000a084d0
R10: ffffc90000a08320 R11: fffff52000141066 R12: 0000000000000246
R13: ffff888161afd700 R14: ffffffff8f2cc7c8 R15: 0000000000000005
FS:  0000000000000000(0000) GS:ffff8882a9f36000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31120ff8 CR3: 000000000dd38000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
 lockdep_rtnl_is_held+0x1b/0x40
 find_match+0xd0/0xc90
 __find_rr_leaf+0x23a/0x6d0
 fib6_table_lookup+0x39f/0xa80
 ip6_pol_route+0x222/0x1180
 fib6_rule_lookup+0x52f/0x6f0
 ip6_route_input+0x6de/0xad0
 ip6_rcv_finish+0x141/0x2e0
 NF_HOOK+0x30c/0x3a0
 __netif_receive_skb+0xd3/0x380
 process_backlog+0x60e/0x14f0
 __napi_poll+0xc7/0x360
 net_rx_action+0x5f7/0xdf0
 handle_softirqs+0x286/0x870
 do_softirq+0xec/0x180
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x17d/0x1c0
 ieee80211_ibss_work+0x300/0x1060
 cfg80211_wiphy_work+0x2bb/0x470
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x4bc/0x870
 ret_from_fork_asm+0x1a/0x30
 </TASK>
net_ratelimit: 17328 callbacks suppressed
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:a2:04:47:27:f0:19, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:a2:04:47:27:f0:19, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:a2:04:47:27:f0:19, vlan:0)
net_ratelimit: 17243 callbacks suppressed
bridge0: received packet on veth1_to_bridge with own address as source address (addr:a2:04:47:27:f0:19, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:a2:04:47:27:f0:19, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:a2:04:47:27:f0:19, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
