INFO: task syz-executor:5837 blocked for more than 143 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23688 pid:5837  tgid:5837  ppid:5835   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x933/0x1270 fs/jbd2/transaction.c:1096
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1245
 __ext4_journal_get_write_access+0x6a/0x390 fs/ext4/ext4_jbd2.c:239
 ext4_reserve_inode_write+0x13b/0x270 fs/ext4/inode.c:5830
 __ext4_mark_inode_dirty+0x1a6/0x890 fs/ext4/inode.c:6004
 ext4_dirty_inode+0xd9/0x130 fs/ext4/inode.c:6041
 __mark_inode_dirty+0x1f6/0xe60 fs/fs-writeback.c:2515
 generic_update_time+0xcf/0xf0 fs/inode.c:2113
 inode_update_time fs/inode.c:2126 [inline]
 __file_update_time fs/inode.c:2354 [inline]
 file_update_time+0x17d/0x1c0 fs/inode.c:2384
 ext4_page_mkwrite+0x368/0x1760 fs/ext4/inode.c:6159
 do_page_mkwrite+0x177/0x380 mm/memory.c:3162
 wp_page_shared mm/memory.c:3563 [inline]
 do_wp_page+0xcbf/0x4930 mm/memory.c:3713
 handle_pte_fault mm/memory.c:5782 [inline]
 __handle_mm_fault+0x1a93/0x2a10 mm/memory.c:5909
 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6077
 do_user_addr_fault+0x60d/0x13f0 arch/x86/mm/fault.c:1338
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fcd42146425
RSP: 002b:00007ffe927341c8 EFLAGS: 00010212
RAX: 00007fcd3ea00000 RBX: 0000555583438c40 RCX: 0000000000003711
RDX: 0000000000004711 RSI: 0000555584ca7e60 RDI: 00007fcd3ea01000
RBP: 00005555834389b0 R08: 00007fcd3ea00000 R09: 00002a77b9d591a0
R10: 4f75e8c2a849560f R11: 0000000000000202 R12: 0000000000000001
R13: 0000000000000000 R14: 00007ffe927341e0 R15: 0000000000000000
 </TASK>
INFO: task syz.6.1136:13064 blocked for more than 143 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.1136      state:D stack:27024 pid:13064 tgid:13041 ppid:12762  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 folio_wait_bit_common+0x3d8/0x9b0 mm/filemap.c:1309
 folio_wait_writeback+0x3c/0x90 mm/page-writeback.c:3189
 __filemap_fdatawait_range+0x123/0x210 mm/filemap.c:533
 file_write_and_wait_range+0x101/0x140 mm/filemap.c:792
 ext4_sync_file+0x290/0xf30 fs/ext4/fsync.c:158
 vfs_fsync_range+0x136/0x220 fs/sync.c:187
 __do_sys_msync+0x3c6/0x5b0 mm/msync.c:96
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2192b7e759
RSP: 002b:00007f21939dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a
RAX: ffffffffffffffda RBX: 00007f2192d36058 RCX: 00007f2192b7e759
RDX: 0000000400000004 RSI: 0080100000000005 RDI: 000000001ffff000
RBP: 00007f2192bf175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f2192d36058 R15: 00007ffd254f8be8
 </TASK>
INFO: task syz.2.1172:13510 blocked for more than 144 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.1172      state:D stack:27024 pid:13510 tgid:13507 ppid:12916  flags:0x00024004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 folio_wait_bit_common+0x3d8/0x9b0 mm/filemap.c:1309
 folio_wait_writeback+0x3c/0x90 mm/page-writeback.c:3189
 __filemap_fdatawait_range+0x123/0x210 mm/filemap.c:533
 file_write_and_wait_range+0x101/0x140 mm/filemap.c:792
 ext4_sync_file+0x290/0xf30 fs/ext4/fsync.c:158
 vfs_fsync_range+0x136/0x220 fs/sync.c:187
 __do_sys_msync+0x3c6/0x5b0 mm/msync.c:96
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2b3617e759
RSP: 002b:00007f2b36e91038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a
RAX: ffffffffffffffda RBX: 00007f2b36336130 RCX: 00007f2b3617e759
RDX: 0000000400000004 RSI: 0080100000000005 RDI: 000000001ffff000
RBP: 00007f2b361f175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f2b36336130 R15: 00007fffa91243b8
 </TASK>
INFO: task syz.1.1177:13987 blocked for more than 144 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.1177      state:D stack:26800 pid:13987 tgid:13985 ppid:13471  flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x933/0x1270 fs/jbd2/transaction.c:1096
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1245
 __ext4_journal_get_write_access+0x6a/0x390 fs/ext4/ext4_jbd2.c:239
 ext4_reserve_inode_write+0x13b/0x270 fs/ext4/inode.c:5830
 __ext4_mark_inode_dirty+0x1a6/0x890 fs/ext4/inode.c:6004
 ext4_dirty_inode+0xd9/0x130 fs/ext4/inode.c:6041
 __mark_inode_dirty+0x1f6/0xe60 fs/fs-writeback.c:2515
 generic_update_time+0xcf/0xf0 fs/inode.c:2113
 inode_update_time fs/inode.c:2126 [inline]
 __file_update_time fs/inode.c:2354 [inline]
 file_modified_flags fs/inode.c:2425 [inline]
 file_modified+0x207/0x240 fs/inode.c:2441
 ext4_punch_hole+0x34c/0x10d0 fs/ext4/inode.c:4009
 ext4_fallocate+0x9b6/0x3940 fs/ext4/extents.c:4772
 vfs_fallocate+0x459/0xf90 fs/open.c:327
 madvise_remove mm/madvise.c:1012 [inline]
 madvise_vma_behavior+0x180f/0x19e0 mm/madvise.c:1039
 madvise_walk_vmas+0x1cf/0x2c0 mm/madvise.c:1274
 do_madvise+0x2c7/0x760 mm/madvise.c:1461
 __do_sys_madvise mm/madvise.c:1477 [inline]
 __se_sys_madvise mm/madvise.c:1475 [inline]
 __x64_sys_madvise+0xa9/0x110 mm/madvise.c:1475
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc780b7e759
RSP: 002b:00007fc7818c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007fc780d35f80 RCX: 00007fc780b7e759
RDX: 0000000000000009 RSI: ffffffffffff0001 RDI: 0000000000000000
RBP: 00007fc780bf175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc780d35f80 R15: 00007ffcc00c58d8
 </TASK>
INFO: task syz-executor:14886 blocked for more than 144 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:24320 pid:14886 tgid:14886 ppid:14866  flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x933/0x1270 fs/jbd2/transaction.c:1096
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1245
 __ext4_journal_get_write_access+0x6a/0x390 fs/ext4/ext4_jbd2.c:239
 __ext4_new_inode+0xdda/0x4e80 fs/ext4/ialloc.c:1089
 ext4_mkdir+0x283/0xb70 fs/ext4/namei.c:3024
 vfs_mkdir+0x57d/0x860 fs/namei.c:4311
 do_mkdirat+0x301/0x3a0 fs/namei.c:4334
 __do_sys_mkdirat fs/namei.c:4349 [inline]
 __se_sys_mkdirat fs/namei.c:4347 [inline]
 __x64_sys_mkdirat+0x83/0xb0 fs/namei.c:4347
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f452a97cff7
RSP: 002b:00007fff566f1878 EFLAGS: 00000202 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f452a9f1b4d RCX: 00007f452a97cff7
RDX: 00000000000001ff RSI: 00007f452a9f1b4d RDI: 00000000ffffff9c
RBP: 00007f452ab36a38 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
INFO: task syz.5.1221:14996 blocked for more than 144 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1221      state:D stack:27856 pid:14996 tgid:14996 ppid:14621  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x933/0x1270 fs/jbd2/transaction.c:1096
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1245
 __ext4_journal_get_write_access+0x6a/0x390 fs/ext4/ext4_jbd2.c:239
 ext4_reserve_inode_write+0x13b/0x270 fs/ext4/inode.c:5830
 __ext4_mark_inode_dirty+0x1a6/0x890 fs/ext4/inode.c:6004
 ext4_dirty_inode+0xd9/0x130 fs/ext4/inode.c:6041
 __mark_inode_dirty+0x1f6/0xe60 fs/fs-writeback.c:2515
 generic_update_time+0xcf/0xf0 fs/inode.c:2113
 inode_update_time fs/inode.c:2126 [inline]
 __file_update_time fs/inode.c:2354 [inline]
 file_update_time+0x17d/0x1c0 fs/inode.c:2384
 ext4_page_mkwrite+0x368/0x1760 fs/ext4/inode.c:6159
 do_page_mkwrite+0x177/0x380 mm/memory.c:3162
 do_shared_fault mm/memory.c:5373 [inline]
 do_fault mm/memory.c:5435 [inline]
 do_pte_missing+0x29e/0x3e70 mm/memory.c:3965
 handle_pte_fault mm/memory.c:5766 [inline]
 __handle_mm_fault+0x100a/0x2a10 mm/memory.c:5909
 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6077
 do_user_addr_fault+0x60d/0x13f0 arch/x86/mm/fault.c:1338
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f337e25cd06
RSP: 002b:00007ffeb067e9e0 EFLAGS: 00010202
RAX: 0000001b2cb1e000 RBX: 00007f337f065720 RCX: 0000001b2cb1dff8
RDX: ffffffff8a4fd0c7 RSI: 0000000000000008 RDI: 00007f337f065720
RBP: 0000000000000095 R08: 00007f337e520000 R09: 00007f337e522000
R10: 000000008a4fd0cb R11: 0000000000000003 R12: ffffffff8a4fd5fa
R13: 00007f337e536018 R14: 0000000000000008 R15: 00000000000000a0
 </TASK>
INFO: task syz.4.1225:15017 blocked for more than 145 seconds.
      Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1225      state:D stack:27856 pid:15017 tgid:15017 ppid:13519  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe5a/0x5ae0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x933/0x1270 fs/jbd2/transaction.c:1096
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1245
 __ext4_journal_get_write_access+0x6a/0x390 fs/ext4/ext4_jbd2.c:239
 ext4_reserve_inode_write+0x13b/0x270 fs/ext4/inode.c:5830
 __ext4_mark_inode_dirty+0x1a6/0x890 fs/ext4/inode.c:6004
 ext4_dirty_inode+0xd9/0x130 fs/ext4/inode.c:6041
 __mark_inode_dirty+0x1f6/0xe60 fs/fs-writeback.c:2515
 generic_update_time+0xcf/0xf0 fs/inode.c:2113
 inode_update_time fs/inode.c:2126 [inline]
 __file_update_time fs/inode.c:2354 [inline]
 file_update_time+0x17d/0x1c0 fs/inode.c:2384
 ext4_page_mkwrite+0x368/0x1760 fs/ext4/inode.c:6159
 do_page_mkwrite+0x177/0x380 mm/memory.c:3162
 do_shared_fault mm/memory.c:5373 [inline]
 do_fault mm/memory.c:5435 [inline]
 do_pte_missing+0x29e/0x3e70 mm/memory.c:3965
 handle_pte_fault mm/memory.c:5766 [inline]
 __handle_mm_fault+0x100a/0x2a10 mm/memory.c:5909
 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6077
 do_user_addr_fault+0x60d/0x13f0 arch/x86/mm/fault.c:1338
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f07df05cd06
RSP: 002b:00007ffe16a91360 EFLAGS: 00010202
RAX: 0000001b30a1f000 RBX: 00007f07dfe65720 RCX: 0000001b30a1eff8
RDX: ffffffff8100a6a6 RSI: 0000000000000008 RDI: 00007f07dfe65720
RBP: 000000000000001b R08: 00007f07df320000 R09: 00007f07df322000
R10: 000000008100a6aa R11: 0000000000000001 R12: ffffffff8100a108
R13: 00007f07df336018 R14: 0000000000000008 R15: 000000000000001b
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: ffffffff8ddba640 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8ddba640 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8ddba640 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6744
4 locks held by klogd/5208:
 #0: ffff8880b873eed8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598
 #1: ffff8880b873eed8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598
 #2: ffffffff9a563c08 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x13b/0x370 lib/debugobjects.c:873
 #3: ffffffff9a563c08 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x149/0x4a0 lib/debugobjects.c:818
2 locks held by getty/5601:
 #0: ffff8880309820a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
3 locks held by syz-executor/5837:
 #0: ffff888034c45070 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:716 [inline]
 #0: ffff888034c45070 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 mm/memory.c:6243
 #1: ffff88814e2ca518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 mm/memory.c:3162
 #2: ffff88814e2ce958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 fs/jbd2/transaction.c:448
2 locks held by kworker/u8:17/6870:
 #0: ffff88801df99148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x1212/0x1b30 kernel/workqueue.c:3204
 #1: ffffc90016467d80 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 kernel/workqueue.c:3205
6 locks held by kworker/u8:35/7678:
 #0: ffff8881416de948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x1212/0x1b30 kernel/workqueue.c:3204
 #1: ffffc9000548fd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 kernel/workqueue.c:3205
 #2: ffff88814e2ca0e0 (&type->s_umount_key#33){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 fs/super.c:562
 #3: ffff88814e2ccb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b3/0x820 mm/page-writeback.c:2683
 #4: ffff88814e2ce958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 fs/jbd2/transaction.c:448
 #5: ffff88807a7f2a28 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x352/0x1370 fs/ext4/inode.c:701
3 locks held by syz.1.1177/13987:
 #0: ffff88814e2ca420 (sb_writers#4){.+.+}-{0:0}, at: madvise_remove mm/madvise.c:1012 [inline]
 #0: ffff88814e2ca420 (sb_writers#4){.+.+}-{0:0}, at: madvise_vma_behavior+0x180f/0x19e0 mm/madvise.c:1039
 #1: ffff88807a7f2b98 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
 #1: ffff88807a7f2b98 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: ext4_punch_hole+0x1c1/0x10d0 fs/ext4/inode.c:3970
 #2: ffff88814e2ce958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 fs/jbd2/transaction.c:448
3 locks held by syz-executor/14886:
 #0: ffff88814e2ca420 (sb_writers#4){.+.+}-{0:0}, at: filename_create+0x10d/0x530 fs/namei.c:4073
 #1: ffff8880590797c8 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:853 [inline]
 #1: ffff8880590797c8 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1c2/0x530 fs/namei.c:4080
 #2: ffff88814e2ce958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 fs/jbd2/transaction.c:448
3 locks held by syz.5.1221/14996:
 #0: ffff888030504b68 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:716 [inline]
 #0: ffff888030504b68 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 mm/memory.c:6243
 #1: ffff88814e2ca518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 mm/memory.c:3162
 #2: ffff88814e2ce958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 fs/jbd2/transaction.c:448
3 locks held by syz.4.1225/15017:
 #0: ffff888034462808 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:716 [inline]
 #0: ffff888034462808 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 mm/memory.c:6243
 #1: ffff88814e2ca518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 mm/memory.c:3162
 #2: ffff88814e2ce958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 fs/jbd2/transaction.c:448

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
 watchdog+0xf0c/0x1240 kernel/hung_task.c:379
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5208 Comm: klogd Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:vsnprintf+0x371/0x1870 lib/vsprintf.c:2757
Code: 03 89 44 24 50 48 b8 00 00 00 00 00 fc ff df 0f b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 9c 14 00 00 45 0f b6 2c 24 <4c> 89 e3 e8 a7 15 83 f6 31 ff 44 89 ee e8 7d 17 83 f6 45 84 ed 0f
RSP: 0018:ffffc9000317f8d0 EFLAGS: 00000202
RAX: 0000000000000005 RBX: ffffffff8b4da440 RCX: 000000000000003c
RDX: 0000000000000001 RSI: ffffffff8b09b9a5 RDI: ffffc9000317fb88
RBP: ffffc9000317fb89 R08: 0000000000000006 R09: 0000000000000001
R10: 000000007fffffff R11: 0000000000020708 R12: ffffffff8b4da441
R13: 0000000000000025 R14: ffffc9000317f9b8 R15: 000000007fffffff
FS:  00007f5611dde380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056485fae2548 CR3: 000000007dbe0000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 sprintf+0xcd/0x110 lib/vsprintf.c:3007
 print_syslog kernel/printk/printk.c:1356 [inline]
 info_print_prefix+0x2e6/0x350 kernel/printk/printk.c:1386
 record_print_text+0x146/0x430 kernel/printk/printk.c:1438
 syslog_print+0x4e9/0x5d0 kernel/printk/printk.c:1649
 do_syslog+0x3e1/0x6c0 kernel/printk/printk.c:1767
 __do_sys_syslog kernel/printk/printk.c:1859 [inline]
 __se_sys_syslog kernel/printk/printk.c:1857 [inline]
 __x64_sys_syslog+0x74/0xb0 kernel/printk/printk.c:1857
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5611f3ffa7
Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fff99c40288 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
RAX: ffffffffffffffda RBX: 00007f56120de4a0 RCX: 00007f5611f3ffa7
RDX: 00000000000003ff RSI: 00007f56120de4a0 RDI: 0000000000000002
RBP: 0000000000000000 R08: 0000000000000007 R09: b2ff8ae1f9b0025e
R10: 0000000000004000 R11: 0000000000000206 R12: 00007f56120de4a0
R13: 00007f56120ce212 R14: 00007f56120de535 R15: 00007f56120de535
 </TASK>