INFO: task syz-executor.2:7066 blocked for more than 143 seconds.
Not tainted 6.9.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2 state:D stack:21104 pid:7066 tgid:7065 ppid:5100 flags:0x00004002
Call Trace:
context_switch kernel/sched/core.c:5409 [inline]
__schedule+0xf15/0x5d00 kernel/sched/core.c:6746
__schedule_loop kernel/sched/core.c:6823 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6838
io_schedule+0xbf/0x130 kernel/sched/core.c:9044
bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:209
__wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
wait_on_bit_io include/linux/wait_bit.h:101 [inline]
__wait_on_buffer fs/buffer.c:123 [inline]
wait_on_buffer include/linux/buffer_head.h:389 [inline]
__sync_dirty_buffer+0x261/0x370 fs/buffer.c:2848
ntfs_write_bh+0x61c/0x740 fs/ntfs3/fsntfs.c:1481
mi_write+0xc4/0x1e0 fs/ntfs3/record.c:388
ni_write_inode+0x10a3/0x2920 fs/ntfs3/frecord.c:3372
ntfs_set_state+0x3fb/0x6a0 fs/ntfs3/fsntfs.c:991
ntfs_sync_fs+0x387/0x4f0 fs/ntfs3/super.c:768
sync_filesystem+0x10d/0x290 fs/sync.c:56
generic_shutdown_super+0x7e/0x3d0 fs/super.c:620
kill_block_super+0x3b/0x90 fs/super.c:1675
ntfs3_kill_sb+0x3f/0xf0 fs/ntfs3/super.c:1798
deactivate_locked_super+0xbe/0x1a0 fs/super.c:472
deactivate_super+0xde/0x100 fs/super.c:505
cleanup_mnt+0x222/0x450 fs/namespace.c:1267
task_work_run+0x14e/0x250 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa7d/0x2c10 kernel/exit.c:878
do_group_exit+0xd3/0x2a0 kernel/exit.c:1027
get_signal+0x2616/0x2710 kernel/signal.c:2911
arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x14a/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xdc/0x260 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8af3a7dea9
RSP: 002b:00007f8af35ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: fffffffffffffff4 RBX: 00007f8af3babf80 RCX: 00007f8af3a7dea9
RDX: 00000000000026e1 RSI: 00000000200000c0 RDI: ffffffffffffff9c
RBP: 00007f8af3aca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f8af3babf80 R15: 00007fffcf706bb8
Showing all locks held in the system:
4 locks held by kworker/u8:1/11:
1 lock held by khungtaskd/29:
#0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 kernel/locking/lockdep.c:6614
4 locks held by kworker/u8:2/34:
#0: ffff888059e32148 ((wq_completion)loop2){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
#1: ffffc90000aa7d80 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
#2: ffff888015eea420 (sb_writers#6){.+.+}-{0:0}, at: lo_write_bvec drivers/block/loop.c:246 [inline]
#2: ffff888015eea420 (sb_writers#6){.+.+}-{0:0}, at: lo_write_simple drivers/block/loop.c:267 [inline]
#2: ffff888015eea420 (sb_writers#6){.+.+}-{0:0}, at: do_req_filebacked drivers/block/loop.c:491 [inline]
#2: ffff888015eea420 (sb_writers#6){.+.+}-{0:0}, at: loop_handle_cmd drivers/block/loop.c:1907 [inline]
#2: ffff888015eea420 (sb_writers#6){.+.+}-{0:0}, at: loop_process_work+0x1577/0x20c0 drivers/block/loop.c:1942
#3: ffff8880297630c0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:795 [inline]
#3: ffff8880297630c0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x8c/0x140 mm/shmem.c:2910
4 locks held by kworker/u8:3/50:
4 locks held by kswapd1/88:
2 locks held by klogd/4515:
#0: ffff888015076a20 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
#0: ffff888015076a20 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5633 [inline]
#0: ffff888015076a20 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x580 mm/memory.c:5693
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
2 locks held by udevd/4526:
#0: ffff88805ffbb7a0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#0: ffff88805ffbb7a0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0x5cb/0x38c0 mm/filemap.c:3296
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
2 locks held by getty/4830:
#0: ffff88802ea290a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 drivers/tty/n_tty.c:2201
2 locks held by sshd/5066:
#0: ffff8880606b73a0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
#0: ffff8880606b73a0 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5633 [inline]
#0: ffff8880606b73a0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x580 mm/memory.c:5693
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
2 locks held by syz-fuzzer/5069:
#0: ffff88807df30fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#0: ffff88807df30fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0x5cb/0x38c0 mm/filemap.c:3296
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
2 locks held by syz-fuzzer/5072:
#0: ffff88807df30fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#0: ffff88807df30fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0x5cb/0x38c0 mm/filemap.c:3296
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
2 locks held by syz-fuzzer/5179:
#0: ffff88807df30fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#0: ffff88807df30fa0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0x5cb/0x38c0 mm/filemap.c:3296
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
2 locks held by syz-executor.2/7066:
#0: ffff88807a09c0e0 (&type->s_umount_key#98){++++}-{3:3}, at: __super_lock fs/super.c:56 [inline]
#0: ffff88807a09c0e0 (&type->s_umount_key#98){++++}-{3:3}, at: __super_lock_excl fs/super.c:71 [inline]
#0: ffff88807a09c0e0 (&type->s_umount_key#98){++++}-{3:3}, at: deactivate_super+0xd6/0x100 fs/super.c:504
#1: ffff8880795ae840 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_trylock fs/ntfs3/ntfs_fs.h:1143 [inline]
#1: ffff8880795ae840 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_write_inode+0x24a/0x2920 fs/ntfs3/frecord.c:3265
2 locks held by syz-executor.4/7216:
#0: ffff88807ac901a0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
#0: ffff88807ac901a0 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5633 [inline]
#0: ffff88807ac901a0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x580 mm/memory.c:5693
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#1: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
3 locks held by syz-executor.0/7788:
#0: ffff8880208f93e8 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_cleanup_begin kernel/futex/core.c:1091 [inline]
#0: ffff8880208f93e8 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_exit_release+0x2a/0x220 kernel/futex/core.c:1143
#1: ffff8880609bbaa0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
#1: ffff8880609bbaa0 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5633 [inline]
#1: ffff8880609bbaa0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x580 mm/memory.c:5693
#2: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3771 [inline]
#2: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
#2: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
#2: ffffffff8d9302e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages+0xaae/0x2460 mm/page_alloc.c:4588
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf86/0x1240 kernel/hung_task.c:380
kthread+0x2c1/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 11 Comm: kworker/u8:1 Not tainted 6.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: loop2 loop_workfn
RIP: 0010:zs_can_compact mm/zsmalloc.c:1914 [inline]
RIP: 0010:zs_shrinker_count+0x15f/0x240 mm/zsmalloc.c:2038
Code: 4c 29 f0 48 c1 ea 03 42 0f b6 34 22 48 89 fa 83 e2 07 83 c2 03 40 38 f2 7c 09 40 84 f6 0f 85 c8 00 00 00 49 63 b7 c4 00 00 00 <49> 8d bf c8 00 00 00 31 d2 48 f7 f6 48 89 fa 48 c1 ea 03 42 0f b6
RSP: 0000:ffffc90000106a30 EFLAGS: 00000246
RAX: 0000000000000057 RBX: 0000000000000009 RCX: ffffffff81f2ed6e
RDX: 0000000000000007 RSI: 000000000000005d RDI: ffff88802f14b8c4
RBP: ffff88802eb1c050 R08: 0000000000000006 R09: 000000000000005d
R10: 0000000000000006 R11: 0000000000000004 R12: dffffc0000000000
R13: 000000000000005d R14: 0000000000000006 R15: ffff88802f14b800
FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557e6c6760 CR3: 0000000023c9c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_shrink_slab+0x82/0x11c0 mm/shrinker.c:382
shrink_slab+0x18a/0x1310 mm/shrinker.c:662
shrink_one+0x493/0x7c0 mm/vmscan.c:4774
shrink_many mm/vmscan.c:4835 [inline]
lru_gen_shrink_node mm/vmscan.c:4935 [inline]
shrink_node+0x231f/0x3a80 mm/vmscan.c:5894
shrink_zones mm/vmscan.c:6152 [inline]
do_try_to_free_pages+0x361/0x1a20 mm/vmscan.c:6214
try_to_free_pages+0x2b6/0x720 mm/vmscan.c:6449
__perform_reclaim mm/page_alloc.c:3774 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline]
__alloc_pages_slowpath mm/page_alloc.c:4202 [inline]
__alloc_pages+0xb38/0x2460 mm/page_alloc.c:4588
alloc_pages_mpol+0x275/0x610 mm/mempolicy.c:2264
__read_swap_cache_async+0x274/0x610 mm/swap_state.c:470
swap_cluster_readahead+0x4ab/0x6f0 mm/swap_state.c:697
shmem_swapin_cluster mm/shmem.c:1576 [inline]
shmem_swapin_folio+0xb5a/0x10c0 mm/shmem.c:1885
shmem_get_folio_gfp+0x2c3/0x13e0 mm/shmem.c:1991
shmem_get_folio mm/shmem.c:2160 [inline]
shmem_write_begin+0x15a/0x370 mm/shmem.c:2744
generic_perform_write+0x272/0x620 mm/filemap.c:3974
shmem_file_write_iter+0x114/0x140 mm/shmem.c:2920
call_write_iter include/linux/fs.h:2110 [inline]
do_iter_readv_writev+0x504/0x780 fs/read_write.c:741
vfs_iter_write+0x1eb/0x990 fs/read_write.c:895
lo_write_bvec drivers/block/loop.c:246 [inline]
lo_write_simple drivers/block/loop.c:267 [inline]
do_req_filebacked drivers/block/loop.c:491 [inline]
loop_handle_cmd drivers/block/loop.c:1907 [inline]
loop_process_work+0x1577/0x20c0 drivers/block/loop.c:1942
process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254
process_scheduled_works kernel/workqueue.c:3335 [inline]
worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416
kthread+0x2c1/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244