INFO: task syz.0.17:5962 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:23064 pid:5962  tgid:5961  ppid:5922   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 io_schedule+0x7f/0xd0 kernel/sched/core.c:7791
 __lock_metapage fs/jfs/jfs_metapage.c:52 [inline]
 lock_metapage+0x1ff/0x400 fs/jfs/jfs_metapage.c:66
 __get_metapage+0x49a/0xde0 fs/jfs/jfs_metapage.c:748
 xtSplitPage+0x281/0x2150 fs/jfs/jfs_xtree.c:989
 xtSplitUp+0x33c/0x1fc0 fs/jfs/jfs_xtree.c:786
 xtInsert+0x452/0xf20 fs/jfs/jfs_xtree.c:608
 extAlloc+0xad9/0x1020 fs/jfs/jfs_extent.c:150
 jfs_get_block+0x358/0xad0 fs/jfs/inode.c:254
 get_more_blocks fs/direct-io.c:648 [inline]
 do_direct_IO fs/direct-io.c:936 [inline]
 __blockdev_direct_IO+0x15d7/0x32f0 fs/direct-io.c:1243
 blockdev_direct_IO include/linux/fs.h:3077 [inline]
 jfs_direct_IO+0x119/0x220 fs/jfs/inode.c:339
 generic_file_direct_write+0x1db/0x3e0 mm/filemap.c:4248
 __generic_file_write_iter+0x11d/0x230 mm/filemap.c:4417
 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4457
 iter_file_splice_write+0x99b/0x1100 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x101/0x160 fs/splice.c:1161
 splice_direct_to_actor+0x53a/0xc70 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x195/0x290 fs/splice.c:1230
 do_sendfile+0x535/0x7c0 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc204d9acb9
RSP: 002b:00007fc205ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007fc205015fa0 RCX: 00007fc204d9acb9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007fc204e08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc205016038 R14: 00007fc205015fa0 R15: 00007ffea03a9fd8
 </TASK>
INFO: task syz.1.18:6010 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:23480 pid:6010  tgid:6009  ppid:5929   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 io_schedule+0x7f/0xd0 kernel/sched/core.c:7791
 __lock_metapage fs/jfs/jfs_metapage.c:52 [inline]
 lock_metapage+0x1ff/0x400 fs/jfs/jfs_metapage.c:66
 __get_metapage+0x49a/0xde0 fs/jfs/jfs_metapage.c:748
 xtSplitPage+0x281/0x2150 fs/jfs/jfs_xtree.c:989
 xtSplitUp+0x33c/0x1fc0 fs/jfs/jfs_xtree.c:786
 xtInsert+0x452/0xf20 fs/jfs/jfs_xtree.c:608
 extAlloc+0xad9/0x1020 fs/jfs/jfs_extent.c:150
 jfs_get_block+0x358/0xad0 fs/jfs/inode.c:254
 get_more_blocks fs/direct-io.c:648 [inline]
 do_direct_IO fs/direct-io.c:936 [inline]
 __blockdev_direct_IO+0x15d7/0x32f0 fs/direct-io.c:1243
 blockdev_direct_IO include/linux/fs.h:3077 [inline]
 jfs_direct_IO+0x119/0x220 fs/jfs/inode.c:339
 generic_file_direct_write+0x1db/0x3e0 mm/filemap.c:4248
 __generic_file_write_iter+0x11d/0x230 mm/filemap.c:4417
 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4457
 iter_file_splice_write+0x99b/0x1100 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x101/0x160 fs/splice.c:1161
 splice_direct_to_actor+0x53a/0xc70 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x195/0x290 fs/splice.c:1230
 do_sendfile+0x535/0x7c0 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e2e99acb9
RSP: 002b:00007f6e2f7df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f6e2ec15fa0 RCX: 00007f6e2e99acb9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f6e2ea08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6e2ec16038 R14: 00007f6e2ec15fa0 R15: 00007ffc26f62f98
 </TASK>
INFO: task syz.2.19:6012 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:23736 pid:6012  tgid:6011  ppid:5925   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 io_schedule+0x7f/0xd0 kernel/sched/core.c:7791
 __lock_metapage fs/jfs/jfs_metapage.c:52 [inline]
 lock_metapage+0x1ff/0x400 fs/jfs/jfs_metapage.c:66
 __get_metapage+0x49a/0xde0 fs/jfs/jfs_metapage.c:748
 xtSplitPage+0x281/0x2150 fs/jfs/jfs_xtree.c:989
 xtSplitUp+0x33c/0x1fc0 fs/jfs/jfs_xtree.c:786
 xtInsert+0x452/0xf20 fs/jfs/jfs_xtree.c:608
 extAlloc+0xad9/0x1020 fs/jfs/jfs_extent.c:150
 jfs_get_block+0x358/0xad0 fs/jfs/inode.c:254
 get_more_blocks fs/direct-io.c:648 [inline]
 do_direct_IO fs/direct-io.c:936 [inline]
 __blockdev_direct_IO+0x15d7/0x32f0 fs/direct-io.c:1243
 blockdev_direct_IO include/linux/fs.h:3077 [inline]
 jfs_direct_IO+0x119/0x220 fs/jfs/inode.c:339
 generic_file_direct_write+0x1db/0x3e0 mm/filemap.c:4248
 __generic_file_write_iter+0x11d/0x230 mm/filemap.c:4417
 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4457
 iter_file_splice_write+0x99b/0x1100 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x101/0x160 fs/splice.c:1161
 splice_direct_to_actor+0x53a/0xc70 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x195/0x290 fs/splice.c:1230
 do_sendfile+0x535/0x7c0 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff54359acb9
RSP: 002b:00007ff544451028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007ff543815fa0 RCX: 00007ff54359acb9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007ff543608bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff543816038 R14: 00007ff543815fa0 R15: 00007ffd72306548
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/u10:0/27:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90000a27bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90000a27bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff8881bbf800e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff8881893e8af0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u9:1/28:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90000a37bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90000a37bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff88816ba6a0e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff8881a72838b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
1 lock held by khungtaskd/35:
 #0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
4 locks held by kworker/u10:1/37:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90000ad7bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90000ad7bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff88801ef5e0e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff88811fb9c1e0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u10:3/54:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc9000140fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc9000140fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff88816a7aa0e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff8881a709c1e0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u9:2/794:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90005da7bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90005da7bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff88816c3020e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff8881a70981c8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u9:4/1092:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc9000847fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc9000847fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff88816e8be0e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff88811fb981c8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u9:5/1095:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc900084afbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc900084afbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff8881132d00e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff88811fb1b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u9:8/1098:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc900084efbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc900084efbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff8881104420e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff88811fa90af0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
4 locks held by kworker/u9:9/1203:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90008a8fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90008a8fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff888111eca0e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff88811fa94b08 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
2 locks held by getty/5637:
 #0: ffff8881114db0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000356b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
4 locks held by syz.0.17/5962:
 #0: ffff8881132d0420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff88811fb1bc68 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff88811fb1bc68 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff88811fb1b828 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff88811fb1b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.1.18/6010:
 #0: ffff88816e8be420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff88811fb98578 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff88811fb98578 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff88811fb98138 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff88811fb981c8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.2.19/6012:
 #0: ffff88816ba6a420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff8881a7283c68 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff8881a7283c68 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff8881a7283828 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff8881a72838b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.3.20/6035:
 #0: ffff88816c302420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff8881a7098578 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff8881a7098578 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff8881a7098138 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff8881a70981c8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.5.22/6088:
 #0: ffff88801ef5e420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff88811fb9c590 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff88811fb9c590 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff88811fb9c150 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff88811fb9c1e0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.4.21/6090:
 #0: ffff88816a7aa420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff8881a709c590 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff8881a709c590 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff8881a709c150 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff8881a709c1e0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.6.23/6120:
 #0: ffff888110442420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff88811fa90ea0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff88811fa90ea0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff88811fa90a60 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff88811fa90af0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.7.24/6176:
 #0: ffff8881bbf80420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff8881893e8ea0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff8881893e8ea0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff8881893e8a60 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff8881893e8af0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.8.25/6179:
 #0: ffff888111eca420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff88811fa94eb8 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff88811fa94eb8 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff88811fa94a78 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff88811fa94b08 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
4 locks held by syz.9.26/6212:
 #0: ffff8881bb73a420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1160
 #1: ffff8881893eceb8 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff8881893eceb8 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454
 #2: ffff8881893eca78 (&jfs_ip->rdwrlock#2){++++}-{4:4}, at: jfs_get_block+0x153/0xad0 fs/jfs/inode.c:219
 #3: ffff8881893ecb08 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: extAlloc+0x130/0x1020 fs/jfs/jfs_extent.c:86
2 locks held by syz-executor/6215:
1 lock held by syz-executor/6234:
4 locks held by kworker/u10:7/6366:
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88816268d948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90004827bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90004827bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
 #2: ffff8881bb73a0e0 (&type->s_umount_key#53){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
 #3: ffff8881893ecb08 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1ca/0x530 fs/jfs/inode.c:108
1 lock held by syz.2.283/6799:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 35 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf90/0xfe0 kernel/hung_task.c:515
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6215 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:hlock_class kernel/locking/lockdep.c:246 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4854 [inline]
RIP: 0010:__lock_acquire+0x360/0x2cf0 kernel/locking/lockdep.c:5187
Code: 41 09 cc 41 09 dc 45 89 64 c7 20 41 89 7c c7 24 4c 89 7c 24 20 4d 8d 2c c7 41 81 e4 ff 1f 00 00 4c 0f a3 25 f2 1c 38 12 73 15 <49> 69 c4 c8 00 00 00 48 8d 80 b0 53 78 93 4c 8b 74 24 08 eb 37 83
RSP: 0018:ffffc900035f7050 EFLAGS: 00000003
RAX: 0000000000000005 RBX: 0000000000020000 RCX: 0000000000000007
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff8174c0e5 R09: ffffffff8e35a360
R10: ffffc900035f7358 R11: ffffffff81ae5c10 R12: 0000000000000007
R13: ffff88811047e318 R14: ffff88811047d7c0 R15: ffff88811047e2f0
FS:  000055558d9ec500(0000) GS:ffff8882a9926000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f96b1bff000 CR3: 000000016f6dc000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 lock_acquire+0x106/0x330 kernel/locking/lockdep.c:5868
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:867 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0xc2/0x23c0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 free_unref_folios+0xd9e/0x14d0 mm/page_alloc.c:3030
 folios_put_refs+0x58a/0x680 mm/swap.c:1002
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x52e/0x1670 mm/shmem.c:1149
 shmem_truncate_range mm/shmem.c:1272 [inline]
 shmem_evict_inode+0x240/0x9e0 mm/shmem.c:1402
 evict+0x61e/0xb10 fs/inode.c:837
 do_unlinkat+0x354/0x590 fs/namei.c:5452
 __do_sys_unlink fs/namei.c:5483 [inline]
 __se_sys_unlink fs/namei.c:5481 [inline]
 __x64_sys_unlink+0x47/0x50 fs/namei.c:5481
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4c45d99da7
Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007fff2d7b0618 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4c45d99da7
RDX: 00007fff2d7b0640 RSI: 00007fff2d7b06d0 RDI: 00007fff2d7b06d0
RBP: 00007fff2d7b06d0 R08: 00007fff2d7b16d0 R09: 00000000ffffffff
R10: 0000000000000100 R11: 0000000000000206 R12: 00007fff2d7b1760
R13: 00007f4c45e0471f R14: 00000000000354b2 R15: 00007fff2d7b17a0
 </TASK>
