INFO: task kworker/u8:3:36 blocked for more than 143 seconds.
Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:3 state:D stack:20560 pid:36 tgid:36 ppid:2 flags:0x00004000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
context_switch kernel/sched/core.c:5369 [inline]
__schedule+0x1850/0x4c30 kernel/sched/core.c:6756
__schedule_loop kernel/sched/core.c:6833 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6848
io_schedule+0x8d/0x110 kernel/sched/core.c:7681
bit_wait_io+0x12/0xd0 kernel/sched/wait_bit.c:247
__wait_on_bit_lock+0xd7/0x530 kernel/sched/wait_bit.c:90
out_of_line_wait_on_bit_lock+0x1d5/0x260 kernel/sched/wait_bit.c:117
lock_buffer include/linux/buffer_head.h:426 [inline]
do_get_write_access+0x1be/0xe60 fs/jbd2/transaction.c:972
jbd2_journal_get_write_access+0x1ee/0x240 fs/jbd2/transaction.c:1245
__ext4_journal_get_write_access+0x1c8/0x680 fs/ext4/ext4_jbd2.c:239
ext4_mb_mark_context+0x196/0xfb0 fs/ext4/mballoc.c:4003
ext4_mb_mark_diskspace_used+0x3c8/0x960 fs/ext4/mballoc.c:4133
ext4_mb_new_blocks+0x1494/0x4e30 fs/ext4/mballoc.c:6235
ext4_ext_map_blocks+0x1beb/0x7e40 fs/ext4/extents.c:4379
ext4_map_create_blocks fs/ext4/inode.c:516 [inline]
ext4_map_blocks+0x8bf/0x1990 fs/ext4/inode.c:702
mpage_map_one_extent fs/ext4/inode.c:2219 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2272 [inline]
ext4_do_writepages+0x20ef/0x3d10 fs/ext4/inode.c:2735
ext4_writepages+0x213/0x3c0 fs/ext4/inode.c:2824
do_writepages+0x361/0x880 mm/page-writeback.c:2702
__writeback_single_inode+0x14f/0x10d0 fs/fs-writeback.c:1680
writeback_sb_inodes+0x80c/0x1370 fs/fs-writeback.c:1976
__writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:2047
wb_writeback+0x427/0xbc0 fs/fs-writeback.c:2158
wb_check_old_data_flush fs/fs-writeback.c:2262 [inline]
wb_do_writeback fs/fs-writeback.c:2315 [inline]
wb_workfn+0xba1/0x1090 fs/fs-writeback.c:2343
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INFO: task jbd2/sda1-8:5179 blocked for more than 146 seconds.
Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:jbd2/sda1-8 state:D stack:23664 pid:5179 tgid:5179 ppid:2 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:5369 [inline]
__schedule+0x1850/0x4c30 kernel/sched/core.c:6756
__schedule_loop kernel/sched/core.c:6833 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6848
io_schedule+0x8d/0x110 kernel/sched/core.c:7681
bit_wait_io+0x12/0xd0 kernel/sched/wait_bit.c:247
__wait_on_bit+0xb2/0x2f0 kernel/sched/wait_bit.c:49
out_of_line_wait_on_bit+0x1d5/0x260 kernel/sched/wait_bit.c:64
wait_on_buffer include/linux/buffer_head.h:414 [inline]
journal_wait_on_commit_record fs/jbd2/commit.c:171 [inline]
jbd2_journal_commit_transaction+0x3d07/0x66d0 fs/jbd2/commit.c:883
kjournald2+0x41c/0x7b0 fs/jbd2/journal.c:201
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Showing all locks held in the system:
3 locks held by kworker/u8:1/12:
1 lock held by ksoftirqd/1/24:
1 lock held by khungtaskd/30:
#0: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6744
5 locks held by kworker/u8:2/34:
6 locks held by kworker/u8:3/36:
#0: ffff888143ae1948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888143ae1948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90000ac7d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90000ac7d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8880352f80e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_trylock_shared+0x22/0xf0 fs/super.c:562
#3: ffff8880352fab98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_read fs/ext4/ext4.h:1776 [inline]
#3: ffff8880352fab98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1bf/0x3c0 fs/ext4/inode.c:2823
#4: ffff8880352fc958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1e94/0x2110 fs/jbd2/transaction.c:448
#5: ffff8880781a9658 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x7a6/0x1990 fs/ext4/inode.c:701
1 lock held by acpid/5202:
#0: ffffffff8e941ab8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
#0: ffffffff8e941ab8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:976
2 locks held by getty/5602:
#0: ffff88814dc150a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
4 locks held by kworker/1:7/5946:
#0: ffff88801ac78948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac78948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003237d00 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003237d00 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8e9b7b08 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_free+0x27/0x410 kernel/bpf/core.c:991
#3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: percpu_ref_tryget_many include/linux/percpu-refcount.h:241 [inline]
#3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: percpu_ref_tryget+0x14/0x180 include/linux/percpu-refcount.h:266
6 locks held by kworker/1:8/5986:
#0: ffff888144682148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888144682148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003107d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003107d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff888145bdd190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888145bdd190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff88802c288190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88802c288190 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88805ba22160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88805ba22160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88805ba22160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffffffff8f770028 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x2f3/0x620 drivers/input/input.c:2277
2 locks held by kworker/u8:10/6097:
#0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900048b7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900048b7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
2 locks held by kworker/u8:11/6178:
#0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900055f7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900055f7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
2 locks held by kworker/u8:12/6411:
#0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900055dfd00 ((quota_release_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900055dfd00 ((quota_release_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
2 locks held by syz.3.623/10194:
#0: ffff8880352f80e0 (&type->s_umount_key#31){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
#0: ffff8880352f80e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_lock+0x27c/0x400 fs/super.c:120
#1: ffff888028aa47d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:387 [inline]
#1: ffff888028aa47d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26e/0xb50 fs/fs-writeback.c:2819
1 lock held by syz-executor/10885:
#0: ffffffff8e941ab8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
#0: ffffffff8e941ab8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:976
4 locks held by syz.2.809/11267:
#0: ffff88802a9453d0 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:716 [inline]
#0: ffff88802a9453d0 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x34b/0x790 mm/memory.c:6278
#1: ffff8880352f8518 (sb_pagefaults){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1725 [inline]
#1: ffff8880352f8518 (sb_pagefaults){.+.+}-{0:0}, at: sb_start_pagefault include/linux/fs.h:1890 [inline]
#1: ffff8880352f8518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1ef/0xdf0 fs/ext4/inode.c:6158
#2: ffff8880781a9968 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
#2: ffff8880781a9968 (mapping.invalidate_lock){++++}-{4:4}, at: ext4_page_mkwrite+0x217/0xdf0 fs/ext4/inode.c:6161
#3: ffff8880781a9658 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_map_blocks fs/ext4/inode.c:1809 [inline]
#3: ffff8880781a9658 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_get_block_prep+0x4ef/0x1900 fs/ext4/inode.c:1873
1 lock held by syz-executor/11359:
#0: ffff88804833a0e0 (&type->s_umount_key#57){++++}-{4:4}, at: __super_lock fs/super.c:56 [inline]
#0: ffff88804833a0e0 (&type->s_umount_key#57){++++}-{4:4}, at: __super_lock_excl fs/super.c:71 [inline]
#0: ffff88804833a0e0 (&type->s_umount_key#57){++++}-{4:4}, at: deactivate_super+0xb5/0xf0 fs/super.c:505
2 locks held by syz.3.917/11932:
#0: ffff88807a876420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x2260/0x3100 fs/coredump.c:757
#1: ffff88802510e360 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock_killable include/linux/mmap_lock.h:153 [inline]
#1: ffff88802510e360 (&mm->mmap_lock){++++}-{4:4}, at: __get_user_pages_locked mm/gup.c:1726 [inline]
#1: ffff88802510e360 (&mm->mmap_lock){++++}-{4:4}, at: get_dump_page+0xe2/0x2f0 mm/gup.c:2269
4 locks held by udevd/11939:
#0: ffff88802eef8418 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb4/0xd70 fs/seq_file.c:182
#1: ffff88805a700888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
#2: ffff88802511d968 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
#3: ffff88802c288190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88802c288190 (&dev->mutex){....}-{4:4}, at: uevent_show+0x17d/0x340 drivers/base/core.c:2736
1 lock held by syz.3.937/12040:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
watchdog+0xffb/0x1040 kernel/hung_task.c:397
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 11939 Comm: udevd Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:kasan_check_range+0x5/0x290 mm/kasan/generic.c:188
Code: 8e e8 8f 94 e1 ff 90 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 <41> 57 41 56 41 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37
RSP: 0018:ffffc90004a979f8 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81718fba
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9431f880
RBP: 0000000000000008 R08: ffffffff9431f887 R09: 1ffffffff2863f10
R10: dffffc0000000000 R11: fffffbfff2863f11 R12: ffff88802bd364c4
R13: dffffc0000000000 R14: 0000000000000100 R15: ffff88802bd364e0
FS: 00007f9d7d6f3c80(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9d7cf6677b CR3: 0000000062368000 CR4: 0000000000350ef0
Call Trace:
instrument_atomic_read include/linux/instrumented.h:68 [inline]
_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
hlock_class kernel/locking/lockdep.c:228 [inline]
mark_lock+0x9a/0x360 kernel/locking/lockdep.c:4727
mark_usage kernel/locking/lockdep.c:4670 [inline]
__lock_acquire+0xc3e/0x2100 kernel/locking/lockdep.c:5180
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
__debug_check_no_obj_freed lib/debugobjects.c:1088 [inline]
debug_check_no_obj_freed+0x234/0x580 lib/debugobjects.c:1129
slab_free_hook mm/slub.c:2269 [inline]
slab_free mm/slub.c:4598 [inline]
kmem_cache_free+0x114/0x410 mm/slub.c:4700
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9d7d31a37f
Code: af 6a 0d 00 f7 d8 64 89 02 48 83 c8 ff 44 89 c7 48 89 04 24 e8 e1 fc f9 ff 48 8b 04 24 48 83 c4 28 c3 c3 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 7a 6a 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffebcdbd9b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000564aea6b7d90 RCX: 00007f9d7d31a37f
RDX: 00007f9d7d3ed860 RSI: 0000564aea702450 RDI: 0000000000000008
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000010f R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffebcdbda18 R14: 00007ffebcdbde18 R15: 0000564aae078ec8