syzbot

INFO: task jfsCommit:276 blocked for more than 143 seconds.
      Not tainted 5.15.176-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:jfsCommit       state:D stack:27896 pid:  276 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5027 [inline]
 __schedule+0x12c4/0x45b0 kernel/sched/core.c:6373
 schedule+0x11b/0x1f0 kernel/sched/core.c:6456
 io_schedule+0x88/0x100 kernel/sched/core.c:8481
 __lock_metapage+0x1ec/0x3c0 fs/jfs/jfs_metapage.c:49
 lock_metapage fs/jfs/jfs_metapage.c:63 [inline]
 __get_metapage+0x495/0x1070 fs/jfs/jfs_metapage.c:640
 dbUpdatePMap+0x365/0xf50 fs/jfs/jfs_dmap.c:490
 txAllocPMap+0x57b/0x6b0 fs/jfs/jfs_txnmgr.c:2459
 txUpdateMap+0x7c8/0x9e0 fs/jfs/jfs_txnmgr.c:2397
 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline]
 jfs_lazycommit+0x470/0xc30 fs/jfs/jfs_txnmgr.c:2766
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
INFO: task jfsCommit:277 blocked for more than 143 seconds.
      Not tainted 5.15.176-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:jfsCommit       state:D stack:27896 pid:  277 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5027 [inline]
 __schedule+0x12c4/0x45b0 kernel/sched/core.c:6373
 schedule+0x11b/0x1f0 kernel/sched/core.c:6456
 io_schedule+0x88/0x100 kernel/sched/core.c:8481
 __lock_metapage+0x1ec/0x3c0 fs/jfs/jfs_metapage.c:49
 lock_metapage fs/jfs/jfs_metapage.c:63 [inline]
 __get_metapage+0x495/0x1070 fs/jfs/jfs_metapage.c:640
 dbUpdatePMap+0x365/0xf50 fs/jfs/jfs_dmap.c:490
 txAllocPMap+0x57b/0x6b0 fs/jfs/jfs_txnmgr.c:2459
 txUpdateMap+0x7c8/0x9e0 fs/jfs/jfs_txnmgr.c:2397
 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline]
 jfs_lazycommit+0x470/0xc30 fs/jfs/jfs_txnmgr.c:2766
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8cb1fce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by udevd/3547:
2 locks held by getty/3931:
 #0: ffff88802c0b8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc900025c62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158
2 locks held by syz-executor263/5062:
2 locks held by syz-executor263/5064:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xe72/0xeb0 kernel/hung_task.c:295
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5064 Comm: syz-executor263 Not tainted 5.15.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:lookup_page_ext+0xdf/0x120 mm/page_ext.c:216
Code: eb 0e e8 24 07 ae ff eb 05 e8 1d 07 ae ff 31 db 48 83 c3 10 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 31 ef f7 ff <48> 8b 1b 48 85 db 74 12 e8 f4 06 ae ff 4c 0f af 3d ac 5a ee 0a 4c
RSP: 0018:ffffc9000401f088 EFLAGS: 00000246
RAX: 1ffff11027fff432 RBX: ffff88813fffa190 RCX: ffff888027a25940
RDX: 0000000000000000 RSI: 0000000001954dc0 RDI: 000000ffffffffc0
RBP: ffffea0001954dc0 R08: ffffffff81d27d42 R09: ffffed100caa6e00
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88813fffb768 R14: 0000000000000180 R15: 0000000000065537
FS:  0000555579983480(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff07dd35000 CR3: 000000001fe15000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 __set_page_owner+0x23/0x300 mm/page_owner.c:175
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x3b78/0x3d40 mm/page_alloc.c:4192
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5465
 alloc_pages_vma+0x39a/0x800 mm/mempolicy.c:2146
 shmem_alloc_page mm/shmem.c:1586 [inline]
 shmem_alloc_and_acct_page+0x4d1/0xd10 mm/shmem.c:1611
 shmem_getpage_gfp+0x17b1/0x3190 mm/shmem.c:1906
 shmem_getpage mm/shmem.c:151 [inline]
 shmem_write_begin+0xce/0x1a0 mm/shmem.c:2474
 generic_perform_write+0x2bf/0x5b0 mm/filemap.c:3785
 __generic_file_write_iter+0x243/0x4f0 mm/filemap.c:3912
 generic_file_write_iter+0xa7/0x1b0 mm/filemap.c:3944
 call_write_iter include/linux/fs.h:2174 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0xacd/0xe50 fs/read_write.c:594
 ksys_write+0x1a2/0x2c0 fs/read_write.c:647
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7ff085174690
Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 11 fa 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
RSP: 002b:00007ffced382808 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007ffced382820 RCX: 00007ff085174690
RDX: 0000000001000000 RSI: 00007ff07cd36000 RDI: 0000000000000003
RBP: 00007ff07cd36000 R08: 0000000000005f14 R09: 0000000000005f10
R10: 0000000000000774 R11: 0000000000000202 R12: 00000000000f4240
R13: 00007ffced382860 R14: 0000000000000003 R15: 0000000001000000
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.212 msecs