INFO: task kworker/u9:2:84 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:2    state:D
 stack:24704 pid:84    tgid:84    ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: writeback wb_workfn
 (flush-7:0)

Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 hfsplus_find_init+0x168/0x2d0
 hfsplus_cat_write_inode+0x22b/0x8e0
 __writeback_single_inode+0x75a/0x11a0
 writeback_sb_inodes+0x992/0x1a20
 __writeback_inodes_wb+0x111/0x240
 wb_writeback+0x46a/0xb70
 wb_workfn+0xb4c/0xf50
 process_scheduled_works+0xb6e/0x18c0
 worker_thread+0xa53/0xfc0
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task syz.3.351:7224 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.351       state:D stack:28800 pid:7224  tgid:7223  ppid:6430   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 wb_wait_for_completion+0x3e8/0x790
 sync_inodes_sb+0x1de/0xbd0
 __iterate_supers+0x13d/0x290
 __ia32_sys_sync+0xa0/0x120
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ff2f9c799
RSP: 002b:00007f8ff3da5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f8ff3215fa0 RCX: 00007f8ff2f9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8ff3215fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8ff3216038 R14: 00007f8ff3215fa0 R15: 00007ffc816ae5e8
 </TASK>
INFO: task syz.3.351:7226 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.351       state:D
 stack:28800 pid:7226  tgid:7223  ppid:6430   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_write_slowpath+0x899/0x1040
 down_write+0x1bc/0x200
 sync_inodes_sb+0x1c2/0xbd0
 __iterate_supers+0x13d/0x290
 __ia32_sys_sync+0xa0/0x120
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ff2f9c799
RSP: 002b:00007f8ff3d84028 EFLAGS: 00000246
 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f8ff3216090 RCX: 00007f8ff2f9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8ff3216090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8ff3216128 R14: 00007f8ff3216090 R15: 00007ffc816ae5e8
 </TASK>
INFO: task syz.3.351:7227 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.351       state:D stack:28800 pid:7227  tgid:7223  ppid:6430   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_write_slowpath+0x899/0x1040
 down_write+0x1bc/0x200
 sync_inodes_sb+0x1c2/0xbd0
 __iterate_supers+0x13d/0x290
 __ia32_sys_sync+0xa0/0x120
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ff2f9c799
RSP: 002b:00007f8ff11f6028 EFLAGS: 00000246
 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f8ff3216180 RCX: 00007f8ff2f9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8ff3216180 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8ff3216218 R14: 00007f8ff3216180 R15: 00007ffc816ae5e8
 </TASK>
INFO: task syz.3.351:7228 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.351       state:D
 stack:28800 pid:7228  tgid:7223  ppid:6430   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_write_slowpath+0x899/0x1040
 down_write+0x1bc/0x200
 sync_inodes_sb+0x1c2/0xbd0
 __iterate_supers+0x13d/0x290
 __ia32_sys_sync+0xa0/0x120
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ff2f9c799
RSP: 002b:00007f8ff0dd3028 EFLAGS: 00000246
 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f8ff3216270 RCX: 00007f8ff2f9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8ff3216270 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8ff3216308 R14: 00007f8ff3216270 R15: 00007ffc816ae5e8
 </TASK>
INFO: task syz.3.351:7229 blocked for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.351       state:D
 stack:28800 pid:7229  tgid:7223  ppid:6430   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_write_slowpath+0x899/0x1040
 down_write+0x1bc/0x200
 sync_inodes_sb+0x1c2/0xbd0
 __iterate_supers+0x13d/0x290
 __ia32_sys_sync+0xa0/0x120
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ff2f9c799
RSP: 002b:00007f8ff09b0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f8ff3216360 RCX: 00007f8ff2f9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8ff3216360 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8ff32163f8 R14: 00007f8ff3216360 R15: 00007ffc816ae5e8
 </TASK>
INFO: task syz.3.351:7232 blocked for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.351       state:D
 stack:28800 pid:7232  tgid:7223  ppid:6430   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x5300
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_write_slowpath+0x899/0x1040
 down_write+0x1bc/0x200
 sync_inodes_sb+0x1c2/0xbd0
 __iterate_supers+0x13d/0x290
 __ia32_sys_sync+0xa0/0x120
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ff2f9c799
RSP: 002b:00007f8ff058d028 EFLAGS: 00000246
 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f8ff3216450 RCX: 00007f8ff2f9c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8ff3216450 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8ff32164e8 R14: 00007f8ff3216450 R15: 00007ffc816ae5e8
 </TASK>

Showing all locks held in the system:
1 lock held by pool_workqueue_/3:
 #0: ffffffff8e7647f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
1 lock held by khungtaskd/34:
 #0: ffffffff8e75e560 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
4 locks held by kworker/u9:2/84:
 #0: ffff8881622f6148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0
 #1: ffffc9000242fc40 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0
 #2: ffff8881bb1f40e0 (&type->s_umount_key#64){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0
 #3: ffff8881b824a0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0
1 lock held by dhcpcd/5552:
 #0: ffffffff8fbd1a08 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x65f/0xe30
2 locks held by getty/5629:
 #0: ffff888171db70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: 
ffffc9000356b2f0
 (
&ldata->atomic_read_lock
){+.+.}-{4:4}
, at: n_tty_read+0x45c/0x13c0
5 locks held by kworker/u8:2/5824:
 #0: 
ffff8881012ae148
 (
(wq_completion)netns
){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0
 #1: ffffc90006a2fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0
 #2: ffffffff8fbc3270 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800
 #3: ffff88801fbf1528 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_destruct+0x116/0x310
 #4: 
ffffffff8e7646c0
 (
rcu_state.barrier_mutex
){+.+.}-{4:4}
, at: rcu_barrier+0x4c/0x580
9 locks held by syz.0.202/6609:
2 locks held by syz.3.351/7224:
 #0: 
ffff8881bb1f40e0
 (
&type->s_umount_key
#64
){++++}-{4:4}
, at: super_lock+0x2d6/0x3d0
 #1: 
ffff88816a80c820
 (
&bdi->wb_switch_rwsem
){+.+.}-{4:4}
, at: sync_inodes_sb+0x1c2/0xbd0
2 locks held by syz.3.351/7226:
 #0: ffff8881bb1f40e0 (&type->s_umount_key#64
){++++}-{4:4}
, at: super_lock+0x2d6/0x3d0
 #1: 
ffff88816a80c820
 (
&bdi->wb_switch_rwsem
){+.+.}-{4:4}
, at: sync_inodes_sb+0x1c2/0xbd0
2 locks held by syz.3.351/7227:
 #0: ffff8881bb1f40e0 (&type->s_umount_key#64){++++}-{4:4}
, at: super_lock+0x2d6/0x3d0
 #1: 
ffff88816a80c820 (
&bdi->wb_switch_rwsem
){+.+.}-{4:4}
, at: sync_inodes_sb+0x1c2/0xbd0
2 locks held by syz.3.351/7228:
 #0: ffff8881bb1f40e0
 (
&type->s_umount_key
#64
){++++}-{4:4}
, at: super_lock+0x2d6/0x3d0
 #1: ffff88816a80c820 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x1c2/0xbd0
2 locks held by syz.3.351/7229:
 #0: 
ffff8881bb1f40e0
 (
&type->s_umount_key
#64
){++++}-{4:4}
, at: super_lock+0x2d6/0x3d0
 #1: 
ffff88816a80c820
 (
&bdi->wb_switch_rwsem
){+.+.}-{4:4}
, at: sync_inodes_sb+0x1c2/0xbd0
2 locks held by syz.3.351/7232:
 #0: 
ffff8881bb1f40e0
 (
&type->s_umount_key
#64
){++++}-{4:4}
, at: super_lock+0x2d6/0x3d0
 #1: 
ffff88816a80c820
 (&bdi->wb_switch_rwsem
){+.+.}-{4:4}
, at: sync_inodes_sb+0x1c2/0xbd0
8 locks held by syz-executor/9009:
 #0: ffff888170b80420
 (
sb_writers
#7){.+.+}-{0:0}
, at: vfs_write+0x227/0xb90
 #1: 
ffff8881942f8c88
 (&of->mutex){+.+.}-{4:4}
, at: kernfs_fop_write_iter+0x1de/0x540
 #2: ffff88810acc05a8 (kn->active#48){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x231/0x540
 #3: ffffffff8f445d08 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370
 #4: ffff88816b87a0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860
 #5: ffff8881b8039250 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x170
 #6: ffffffff8fbd1a08 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x10b/0x730
 #7: ffff888114a64d40 (&dev_instance_lock_key#24){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x583/0x2370
5 locks held by syz.0.691/9044:
 #0: 
ffff8881953f4ec0
 (
&hdev->req_lock
){+.+.}-{4:4}
, at: hci_unregister_dev+0x212/0x5a0
 #1: 
ffff8881953f40c0 (
&hdev->lock
){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0
 #2: 
ffffffff8fd5e6a8
 (hci_cb_list_lock){+.+.}-{4:4}
, at: hci_conn_hash_flush+0xa1/0x260
 #3: 
ffff88810a3a5af8
 (
&conn->lock
#2
){+.+.}-{4:4}
, at: l2cap_conn_del+0x7b/0x5c0
 #4: ffffffff8e7647f8
 (
rcu_state.exp_mutex
){+.+.}-{4:4}
, at: synchronize_rcu_expedited+0x38d/0x770
1 lock held by syz-executor/9069:
 #0: 
ffffffff8fbd1a08
 (
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_newlink+0x8a1/0x1be0
1 lock held by dhcpcd/9130:
 #0: ffff888020eb8260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 nmi_cpu_backtrace+0x274/0x2d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 sys_info+0x135/0x170
 watchdog+0xfd9/0x1030
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6609 Comm: syz.0.202 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__lock_acquire+0xa54/0x2cf0
Code: c7 c6 89 8f 01 8e 67 48 0f b9 3a 90 31 c0 48 83 78 40 00 0f 84 5f 1d 00 00 41 8b 45 20 25 ff 1f 00 00 48 0f a3 05 cc 15 82 12 <73> 10 48 69 c0 c8 00 00 00 48 8d 80 10 a4 c4 93 eb 32 83 3d 93 a5
RSP: 0018:ffffc90000a08530 EFLAGS: 00000003
RAX: 0000000000000007 RBX: 0000000041178ce3 RCX: 00000000e61b7dd1
RDX: 000000008eba6367 RSI: 0000000006fa0785 RDI: ffff888109b83a80
RBP: f501fefe00000000 R08: ffffffff81d53e66 R09: ffffffff8e75e560
R10: ffffc90000a087d8 R11: ffffffff81b0b8d0 R12: ffff888109b846a0
R13: ffff888109b846a0 R14: ffff888109b83a80 R15: 0000000000000005
FS:  00007effbfbb96c0(0000) GS:ffff8882a9463000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055558709ca28 CR3: 00000001bb302000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
 lock_acquire+0xf0/0x2e0
 is_bpf_text_address+0x47/0x2b0
 kernel_text_address+0xa5/0xe0
 __kernel_text_address+0xd/0x30
 unwind_get_return_address+0x4d/0x90
 arch_stack_walk+0xfb/0x150
 stack_trace_save+0xa9/0x100
 kasan_save_track+0x3e/0x80
 kasan_save_free_info+0x46/0x50
 __kasan_slab_free+0x5c/0x80
 kmem_cache_free+0x189/0x630
 skb_release_data+0x81c/0xa80
 __kfree_skb+0x5d/0x210
 mac80211_hwsim_beacon_tx+0x3e8/0x870
 __iterate_interfaces+0x2ab/0x590
 ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
 mac80211_hwsim_beacon+0xbb/0x180
 __hrtimer_run_queues+0x53a/0xcc0
 hrtimer_run_softirq+0x182/0x5a0
 handle_softirqs+0x22a/0x870
 __irq_exit_rcu+0x5f/0x150
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:vprintk_emit+0x45d/0x560
Code: 0f 84 44 ff ff ff e8 e2 2c 21 00 fb eb 44 e8 da 2c 21 00 e8 e5 a8 07 0a 4d 85 f6 74 94 e8 cb 2c 21 00 fb 48 c7 c7 a0 09 75 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 3b 17
RSP: 0018:ffffc9000243eee0 EFLAGS: 00000293
RAX: ffffffff81a469b5 RBX: ffffffff81a4682f RCX: ffff888109b83a80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e7509a0
RBP: ffffc9000243ef90 R08: ffffffff9011e3b7 R09: 1ffffffff2023c76
R10: dffffc0000000000 R11: fffffbfff2023c77 R12: 0000000000000000
R13: 0000000000000065 R14: 0000000000000200 R15: 1ffff92000487de0
 _printk+0xdd/0x130
 hfsplus_bnode_dump+0x189/0xa40
 hfsplus_brec_remove+0x617/0x700
 __hfsplus_delete_attr+0x1e0/0x380
 hfsplus_replace_attr+0x1ff/0x3d0
 __hfsplus_setxattr+0x3a8/0x2520
 hfsplus_setxattr+0x124/0x340
 hfsplus_trusted_setxattr+0x40/0x60
 __vfs_setxattr+0x43c/0x480
 __vfs_setxattr_noperm+0x12d/0x660
 vfs_setxattr+0x163/0x360
 filename_setxattr+0x296/0x630
 path_setxattrat+0x3eb/0x440
 __x64_sys_lsetxattr+0xbf/0xe0
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7effbed9c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007effbfbb9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
RAX: ffffffffffffffda RBX: 00007effbf016090 RCX: 00007effbed9c799
RDX: 0000200000000940 RSI: 0000200000000180 RDI: 00002000000001c0
RBP: 00007effbee32c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000
R13: 00007effbf016128 R14: 00007effbf016090 R15: 00007ffe42429e08
 </TASK>
