INFO: task syz.0.17:5918 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:25832 pid:5918  tgid:5911  ppid:5833   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0x17b4/0x5680 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7282
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7339
 rwsem_down_read_slowpath+0x6d9/0x940 kernel/locking/rwsem.c:1114
 __down_read_common kernel/locking/rwsem.c:1291 [inline]
 __down_read kernel/locking/rwsem.c:1304 [inline]
 down_read+0x99/0x2e0 kernel/locking/rwsem.c:1570
 nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
 nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 notify_change+0xc1a/0xf40 fs/attr.c:556
 chmod_common+0x273/0x4a0 fs/open.c:637
 do_fchmodat+0x12d/0x230 fs/open.c:682
 __do_sys_fchmodat fs/open.c:701 [inline]
 __se_sys_fchmodat fs/open.c:698 [inline]
 __x64_sys_fchmodat+0x7d/0x90 fs/open.c:698
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc71999cdd9
RSP: 002b:00007fc71a8fe028 EFLAGS: 00000246
 ORIG_RAX: 000000000000010c
RAX: ffffffffffffffda RBX: 00007fc719c16090 RCX: 00007fc71999cdd9
RDX: 000000000000017f RSI: 0000200000000300 RDI: ffffffffffffff9c
RBP: 00007fc719a32d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc719c16128 R14: 00007fc719c16090 R15: 00007fffbf6a8c68
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5375:
 #0: ffff888035c970a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000321e2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0 drivers/tty/n_tty.c:2211
2 locks held by syz.0.17/5912:
4 locks held by syz.0.17/5918:
 #0: ffff888079e74410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: ffff88805f4f0ec0 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: inode_lock_killable include/linux/fs.h:1034 [inline]
 #1: ffff88805f4f0ec0 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: ffff888079e74600 (sb_internal#2){.+.+}-{0:0}, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: ffff888078880288 (&nilfs->ns_segctor_sem){++++}-{4:4}, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
3 locks held by syz.1.18/6027:
4 locks held by syz.1.18/6029:
 #0: ffff888076484410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: ffff88805f41ddf8 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: inode_lock_killable include/linux/fs.h:1034 [inline]
 #1: ffff88805f41ddf8 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: ffff888076484600 (sb_internal#2){.+.+}-{0:0}, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: ffff8880316d2288 (&nilfs->ns_segctor_sem){++++}-{4:4}, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
2 locks held by syz.2.19/6067:
4 locks held by syz.2.19/6069:
 #0: 
ffff888032d1a410
 (
sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: ffff88805f4f3968 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: inode_lock_killable include/linux/fs.h:1034 [inline]
 #1: ffff88805f4f3968 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: ffff888032d1a600 (sb_internal#2
){.+.+}-{0:0}
, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: 
ffff888079970288
 (
&nilfs->ns_segctor_sem
){++++}-{4:4}
, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
2 locks held by syz.3.20/6113:
4 locks held by syz.3.20/6115:
 #0: 
ffff88802539c410
 (
sb_writers
#12
){.+.+}-{0:0}
, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: 
ffff88806f1d0290
 (
&type->i_mutex_dir_key
#8
){++++}-{4:4}
, at: inode_lock_killable include/linux/fs.h:1034 [inline]
, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: 
ffff88802539c600
 (sb_internal#2){.+.+}-{0:0}, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: 
ffff88802512c288
 (
&nilfs->ns_segctor_sem
){++++}-{4:4}, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
7 locks held by syz.4.21/6161:
4 locks held by syz.4.21/6163:
 #0: ffff888067cac410
 (sb_writers
#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: ffff88806f1d5df8
 (&type->i_mutex_dir_key
#8
){++++}-{4:4}
, at: inode_lock_killable include/linux/fs.h:1034 [inline]
, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: 
ffff888067cac600
 (
sb_internal
#2){.+.+}-{0:0}, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: 
ffff888076c65288
 (
&nilfs->ns_segctor_sem
){++++}-{4:4}
, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
2 locks held by syz.5.22/6208:
4 locks held by syz.5.22/6210:
 #0: 
ffff88807c43a410
 (
sb_writers
#12
){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: ffff88806f01a720 (&type->i_mutex_dir_key#8
){++++}-{4:4}
, at: inode_lock_killable include/linux/fs.h:1034 [inline]
, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: 
ffff88807c43a600
 (
sb_internal
#2
){.+.+}-{0:0}
, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: ffff88802990c288 (
&nilfs->ns_segctor_sem
){++++}-{4:4}
, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
3 locks held by syz.6.23/6263:
4 locks held by syz.6.23/6265:
 #0: 
ffff88802ba72410
 (
sb_writers
#12
){.+.+}-{0:0}
, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
 #1: 
ffff88806f01a108 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: inode_lock_killable include/linux/fs.h:1034 [inline]
ffff88806f01a108 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: chmod_common+0x191/0x4a0 fs/open.c:629
 #2: ffff88802ba72600 (sb_internal#2){.+.+}-{0:0}, at: nilfs_setattr+0x124/0x2c0 fs/nilfs2/inode.c:921
 #3: ffff88802877f288 (&nilfs->ns_segctor_sem){++++}-{4:4}, at: nilfs_transaction_begin+0x364/0x710 fs/nilfs2/segment.c:221
1 lock held by modprobe/6273:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xfd3/0x1030 kernel/hung_task.c:561
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6113 Comm: syz.3.20 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:srso_alias_safe_ret+0x0/0x7 arch/x86/lib/retpoline.S:210
Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <48> 8d 64 24 08 c3 cc e8 f4 ff ff ff 0f 0b cc cc cc cc cc cc cc cc
RSP: 0018:ffffc900000075d8 EFLAGS: 00000292
RAX: 0000000091643301 RBX: ffffc900000076a0 RCX: 0000000000000102
RDX: 0000000000000007 RSI: ffffffff8e216b62 RDI: ffff88802e838000
RBP: ffffc90000007670 R08: ffffc90000007d98 R09: ffffc90000007638
R10: dffffc0000000000 R11: fffff52000000ec9 R12: ffff88802e838000
R13: 00000000000000f0 R14: ffffffff81b0d880 R15: ffffc900000075e8
FS:  00007faaf1ac36c0(0000) GS:ffff888125295000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7ac9347e20 CR3: 0000000077017000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 srso_alias_return_thunk+0x5/0xfbef5 arch/x86/lib/retpoline.S:220
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4569 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 kmem_cache_alloc_node_noprof+0x384/0x690 mm/slub.c:4950
 __alloc_skb+0x1d0/0x7d0 net/core/skbuff.c:702
 skb_copy+0x188/0x800 net/core/skbuff.c:2182
 mac80211_hwsim_tx_frame_no_nl+0xe82/0x1650 drivers/net/wireless/virtual/mac80211_hwsim.c:1991
 mac80211_hwsim_tx_frame+0x1b5/0x200 drivers/net/wireless/virtual/mac80211_hwsim.c:2400
 mac80211_hwsim_beacon_tx+0x3e8/0x870 drivers/net/wireless/virtual/mac80211_hwsim.c:2501
 __iterate_interfaces+0x2ab/0x590 net/mac80211/util.c:772
 ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 net/mac80211/util.c:808
 mac80211_hwsim_beacon+0xbb/0x180 drivers/net/wireless/virtual/mac80211_hwsim.c:2531
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x3c0/0xa20 kernel/time/hrtimer.c:1994
 hrtimer_run_softirq+0x17a/0x240 kernel/time/hrtimer.c:2011
 handle_softirqs+0x22a/0x840 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:console_flush_one_record arch/x86/include/asm/irqflags.h:-1 [inline]
RIP: 0010:console_flush_all+0x801/0xb20 kernel/printk/printk.c:3343
Code: ff ff e8 42 e1 20 00 90 0f 0b 90 e9 85 fc ff ff e8 34 e1 20 00 e8 9f f2 02 0a 48 85 db 74 c0 e8 25 e1 20 00 fb 48 8b 5c 24 08 <48> 8b 44 24 20 42 80 3c 20 00 4c 8b 74 24 18 74 08 4c 89 f7 e8 f6
RSP: 0018:ffffc90003236c40 EFLAGS: 00000293
RAX: ffffffff81a4c28b RBX: ffffc90003236da0 RCX: ffff88802e838000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003236d50 R08: ffffffff903096f7 R09: 1ffffffff20612de
R10: dffffc0000000000 R11: fffffbfff20612df R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff8f2195a0
 __console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
 console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3413
 vprintk_emit+0x485/0x560 kernel/printk/printk.c:2479
 _printk+0xdd/0x130 kernel/printk/printk.c:2504
 __nilfs_msg+0x373/0x450 fs/nilfs2/super.c:78
 nilfs_sufile_updatev+0x21c/0x6d0 fs/nilfs2/sufile.c:186
 nilfs_sufile_freev fs/nilfs2/sufile.h:93 [inline]
 nilfs_free_segments fs/nilfs2/segment.c:1140 [inline]
 nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1261 [inline]
 nilfs_segctor_collect fs/nilfs2/segment.c:1547 [inline]
 nilfs_segctor_do_construct+0x1f55/0x76c0 fs/nilfs2/segment.c:2122
 nilfs_segctor_construct+0x17b/0x690 fs/nilfs2/segment.c:2462
 nilfs_clean_segments+0x3bd/0xa50 fs/nilfs2/segment.c:2536
 nilfs_ioctl_clean_segments fs/nilfs2/ioctl.c:922 [inline]
 nilfs_ioctl+0x261f/0x2780 fs/nilfs2/ioctl.c:1352
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faaf0b9cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faaf1ac3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007faaf0e15fa0 RCX: 00007faaf0b9cdd9
RDX: 0000200000000640 RSI: 0000000040786e88 RDI: 0000000000000004
RBP: 00007faaf0c32d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faaf0e16038 R14: 00007faaf0e15fa0 R15: 00007ffe90caddb8
 </TASK>