INFO: task syz.3.318:7353 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.318       state:D stack:22192 pid:7353  tgid:7351  ppid:5831   task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 __wait_on_freeing_inode+0x1c7/0x2f0 fs/inode.c:2502
 find_inode_fast+0x2ab/0x480 fs/inode.c:1103
 iget_locked+0x96/0x5a0 fs/inode.c:1475
 __ext4_iget+0x25e/0x3f30 fs/ext4/inode.c:4760
 ext4_xattr_inode_cache_find fs/ext4/xattr.c:1548 [inline]
 ext4_xattr_inode_lookup_create+0x3c0/0x1c70 fs/ext4/xattr.c:1587
 ext4_xattr_ibody_set+0x214/0x730 fs/ext4/xattr.c:2269
 ext4_xattr_set_handle+0xba6/0x1580 fs/ext4/xattr.c:2446
 ext4_xattr_set+0x280/0x3e0 fs/ext4/xattr.c:2560
 __vfs_setxattr+0x46a/0x4a0 fs/xattr.c:200
 __vfs_setxattr_noperm+0x12e/0x660 fs/xattr.c:234
 vfs_setxattr+0x221/0x430 fs/xattr.c:321
 do_setxattr fs/xattr.c:636 [inline]
 filename_setxattr+0x2af/0x430 fs/xattr.c:665
 path_setxattrat+0x440/0x510 fs/xattr.c:713
 __do_sys_setxattr fs/xattr.c:747 [inline]
 __se_sys_setxattr fs/xattr.c:743 [inline]
 __x64_sys_setxattr+0xbc/0xe0 fs/xattr.c:743
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f556af8d169
RSP: 002b:00007f5568df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 00007f556b1a5fa0 RCX: 00007f556af8d169
RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000380
RBP: 00007f556b00e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f556b1a5fa0 R15: 00007fff8d51ea28
 </TASK>
INFO: task syz.3.318:7362 blocked for more than 144 seconds.
      Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.318       state:D stack:25936 pid:7362  tgid:7351  ppid:5831   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 mb_cache_entry_wait_unused+0x166/0x250 fs/mbcache.c:148
 ext4_evict_ea_inode+0x14a/0x2f0 fs/ext4/xattr.c:480
 ext4_evict_inode+0x194/0xf50 fs/ext4/inode.c:185
 evict+0x4ea/0x9a0 fs/inode.c:796
 ext4_xattr_set_entry+0x183b/0x1fa0 fs/ext4/xattr.c:1847
 ext4_xattr_block_set+0x789/0x32d0 fs/ext4/xattr.c:1959
 ext4_xattr_set_handle+0xf89/0x1580 fs/ext4/xattr.c:2449
 ext4_xattr_set+0x280/0x3e0 fs/ext4/xattr.c:2560
 __vfs_setxattr+0x46a/0x4a0 fs/xattr.c:200
 __vfs_setxattr_noperm+0x12e/0x660 fs/xattr.c:234
 vfs_setxattr+0x221/0x430 fs/xattr.c:321
 do_setxattr fs/xattr.c:636 [inline]
 filename_setxattr+0x2af/0x430 fs/xattr.c:665
 path_setxattrat+0x440/0x510 fs/xattr.c:713
 __do_sys_setxattr fs/xattr.c:747 [inline]
 __se_sys_setxattr fs/xattr.c:743 [inline]
 __x64_sys_setxattr+0xbc/0xe0 fs/xattr.c:743
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f556af8d169
RSP: 002b:00007f5568dd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 00007f556b1a6080 RCX: 00007f556af8d169
RDX: 0000200000000800 RSI: 00002000000007c0 RDI: 0000200000000840
RBP: 00007f556b00e2a0 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f556b1a6080 R15: 00007fff8d51ea28
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8eb393e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8eb393e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8eb393e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6746
3 locks held by kworker/u8:4/62:
 #0: ffff88801b081148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b081148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000213fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000213fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:285
2 locks held by getty/5589:
 #0: ffff8880314920a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:3/5848:
 #0: ffff88801b079d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b079d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc900039f7c60 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc900039f7c60 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x99/0xfb0 net/wireless/reg.c:2481
3 locks held by kworker/0:4/5892:
 #0: ffff88801b078d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b078d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90004037c60 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90004037c60 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
2 locks held by syz-executor/6062:
 #0: ffffffff8f269d28 (bio_slab_lock){+.+.}-{4:4}, at: bio_put_slab block/bio.c:140 [inline]
 #0: ffffffff8f269d28 (bio_slab_lock){+.+.}-{4:4}, at: bioset_exit+0x42f/0x650 block/bio.c:1662
 #1: ffffffff8eb3e780 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 kernel/rcu/tree.c:3741
5 locks held by kworker/u8:14/6548:
 #0: ffff88801beee148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801beee148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90003207c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90003207c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fec9710 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
 #3: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x880 net/core/dev.c:12420
 #4: ffffffff8eb3e8b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:302 [inline]
 #4: ffffffff8eb3e8b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x381/0x820 kernel/rcu/tree_exp.h:996
3 locks held by syz.3.318/7353:
 #0: ffff888057082420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:547
 #1: ffff888077ede708 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock include/linux/fs.h:877 [inline]
 #1: ffff888077ede708 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: vfs_setxattr+0x1e1/0x430 fs/xattr.c:320
 #2: ffff888077ede3d8 (&ei->xattr_sem){++++}-{4:4}, at: ext4_write_lock_xattr fs/ext4/xattr.h:154 [inline]
 #2: ffff888077ede3d8 (&ei->xattr_sem){++++}-{4:4}, at: ext4_xattr_set_handle+0x277/0x1580 fs/ext4/xattr.c:2373
3 locks held by syz.3.318/7362:
 #0: ffff888057082420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:547
 #1: ffff888057a617c8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock include/linux/fs.h:877 [inline]
 #1: ffff888057a617c8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: vfs_setxattr+0x1e1/0x430 fs/xattr.c:320
 #2: ffff888057a61498 (&ei->xattr_sem){++++}-{4:4}, at: ext4_write_lock_xattr fs/ext4/xattr.h:154 [inline]
 #2: ffff888057a61498 (&ei->xattr_sem){++++}-{4:4}, at: ext4_xattr_set_handle+0x277/0x1580 fs/ext4/xattr.c:2373
2 locks held by syz-executor/8451:
 #0: ffffffff8f676e00 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8f676e00 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8f676e00 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250 net/core/rtnetlink.c:564
 #1: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #1: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 #1: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc55/0x1d30 net/core/rtnetlink.c:4021
1 lock held by syz.8.609/8657:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:852
1 lock held by syz.8.609/8660:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:852
1 lock held by syz.8.609/8662:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x47a/0x2310 drivers/net/tun.c:3121
1 lock held by syz.8.609/8663:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x47a/0x2310 drivers/net/tun.c:3121
1 lock held by syz.8.609/8668:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x47a/0x2310 drivers/net/tun.c:3121
1 lock held by syz.8.609/8669:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:852
1 lock held by syz.1.616/8696:
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 #0: ffffffff8fed5f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc55/0x1d30 net/core/rtnetlink.c:4021
1 lock held by syz.2.623/8722:
 #0: ffffffff8f269d28 (bio_slab_lock){+.+.}-{4:4}, at: bio_find_or_create_slab block/bio.c:122 [inline]
 #0: ffffffff8f269d28 (bio_slab_lock){+.+.}-{4:4}, at: bioset_init+0x23f/0x820 block/bio.c:1703

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:236 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:399
 kthread+0x7ab/0x920 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: bat_events batadv_nc_worker
RIP: 0010:srso_alias_safe_ret+0x0/0x7 arch/x86/lib/retpoline.S:171
Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <48> 8d 64 24 08 c3 cc e8 f4 ff ff ff 0f 0b cc cc cc cc cc cc cc cc
RSP: 0018:ffffc90000006a50 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffc90000006ac8 RCX: ffffffff919e1000
RDX: ffffffff91b96c01 RSI: ffffc90000000000 RDI: ffffffff8b526933
RBP: ffffc90000006b10 R08: ffffc90000007250 R09: ffffc90000006ad0
R10: dffffc0000000000 R11: fffff52000000d5c R12: ffff88801d688000
R13: ffffffff81ad6c00 R14: dffffc0000000000 R15: 1ffff92000000d59
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f03c6779178 CR3: 00000000291c2000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 srso_alias_return_thunk+0x5/0xfbef5 arch/x86/lib/retpoline.S:181
 unwind_get_return_address+0x4d/0x90 arch/x86/kernel/unwind_orc.c:369
 arch_stack_walk+0xfd/0x150 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xaa/0xc0 mm/kasan/generic.c:548
 kvfree_call_rcu+0xa9/0x3e0 mm/slab_common.c:1949
 cfg80211_update_known_bss+0x7f3/0x1350 net/wireless/scan.c:1925
 __cfg80211_bss_update+0x153/0x2090 net/wireless/scan.c:1972
 cfg80211_inform_single_bss_data+0xe01/0x1ee0 net/wireless/scan.c:2363
 cfg80211_inform_bss_data+0x3c3/0x5820 net/wireless/scan.c:3222
 cfg80211_inform_bss_frame_data+0x3bb/0x720 net/wireless/scan.c:3317
 ieee80211_bss_info_update+0x8a7/0xbc0 net/mac80211/scan.c:226
 ieee80211_scan_rx+0x526/0x9c0 net/mac80211/scan.c:340
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5246 [inline]
 ieee80211_rx_list+0x2cc0/0x38f0 net/mac80211/rx.c:5483
 ieee80211_rx_napi+0x18a/0x3c0 net/mac80211/rx.c:5506
 ieee80211_rx include/net/mac80211.h:5172 [inline]
 ieee80211_handle_queued_frames+0xe7/0x1e0 net/mac80211/main.c:441
 tasklet_action_common+0x428/0x620 kernel/softirq.c:811
 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
RIP: 0010:rcu_is_watching+0x3a/0xb0 kernel/rcu/tree.c:716
Code: e8 4b dc 61 0a 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 50 2b 55 8e 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 <74> 08 4c 89 f7 e8 4c e0 81 00 48 c7 c3 98 79 03 00 49 03 1e 48 89
RSP: 0018:ffffc90000127a98 EFLAGS: 00000246
RAX: 1ffffffff1caa56a RBX: 0000000000000000 RCX: ffff88801d688000
RDX: ffff88801d688000 RSI: ffffffff8c810080 RDI: ffffffff8c810040
RBP: 0000000000000000 R08: ffffffff8bd46a9e R09: 1ffffffff28a9b08
R10: dffffc0000000000 R11: fffffbfff28a9b09 R12: ffff888054440d80
R13: 0000000000000356 R14: ffffffff8e552b50 R15: dffffc0000000000
 rcu_read_unlock include/linux/rcupdate.h:878 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:412 [inline]
 batadv_nc_worker+0x207/0x610 net/batman-adv/network-coding.c:719
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac0/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd30 kernel/workqueue.c:3400
 kthread+0x7ab/0x920 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>