INFO: task syz-executor.5:13211 can't die for more than 143 seconds.
task:syz-executor.5 state:R running task stack:25040 pid:13211 ppid: 3742 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5106 [inline]
__schedule+0xa9a/0x4cc0 kernel/sched/core.c:6421
preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6586
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35
__raw_write_unlock include/linux/rwlock_api_smp.h:226 [inline]
_raw_write_unlock+0x36/0x40 kernel/locking/spinlock.c:342
jbd2_log_start_commit fs/jbd2/journal.c:527 [inline]
__jbd2_journal_force_commit+0x1fb/0x240 fs/jbd2/journal.c:560
jbd2_journal_force_commit_nested+0x12/0x30 fs/jbd2/journal.c:582
ext4_writepages+0x28d8/0x3b90 fs/ext4/inode.c:2846
do_writepages+0x1ab/0x690 mm/page-writeback.c:2443
filemap_fdatawrite_wbc mm/filemap.c:388 [inline]
filemap_fdatawrite_wbc+0x143/0x1b0 mm/filemap.c:378
__filemap_fdatawrite_range+0xb4/0xf0 mm/filemap.c:421
ext4_alloc_da_blocks+0x1ed/0x330 fs/ext4/inode.c:3112
ext4_release_file+0x17d/0x370 fs/ext4/file.c:143
__fput+0x277/0x9d0 fs/file_table.c:317
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f45c523bd2b
RSP: 002b:00007fff137f6f30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f45c523bd2b
RDX: 0000001b2c120000 RSI: 00007f45c4e004e8 RDI: 0000000000000003
RBP: 00007f45c539d960 R08: 0000000000000000 R09: 000000008770a32f
R10: 00007fff137fa090 R11: 0000000000000293 R12: 000000000008bd9c
R13: 00007fff137f7030 R14: 00007fff137f7050 R15: 0000000000000032
</TASK>
INFO: task syz-executor.5:13212 can't die for more than 143 seconds.
task:syz-executor.5 state:R running task stack:24352 pid:13212 ppid: 3742 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5106 [inline]
__schedule+0xa9a/0x4cc0 kernel/sched/core.c:6421
preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6729
irqentry_exit+0x31/0x80 kernel/entry/common.c:428
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x60 kernel/kcov.c:210
Code: 82 88 15 00 00 83 f8 02 75 20 48 8b 8a 90 15 00 00 8b 92 8c 15 00 00 48 8b 01 48 83 c0 01 48 39 c2 76 07 48 89 34 c1 48 89 01 <c3> 0f 1f 00 41 55 41 54 49 89 fc 55 48 bd eb 83 b5 80 46 86 c8 61
RSP: 0018:ffffc90009017340 EFLAGS: 00000246
RAX: 0000000000040000 RBX: dffffc0000000000 RCX: ffffc90014166000
RDX: 0000000000040000 RSI: ffffffff821e66ad RDI: 0000000000000001
RBP: ffffea00009c1a00 R08: 0000000000000001 R09: ffffffff9007193f
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000009
R13: ffffc90009017408 R14: 0000000000000000 R15: 0000000000000000
mpage_release_unused_pages+0x32d/0x820 fs/ext4/inode.c:1583
ext4_writepages+0x1443/0x3b90 fs/ext4/inode.c:2822
do_writepages+0x1ab/0x690 mm/page-writeback.c:2443
filemap_fdatawrite_wbc mm/filemap.c:388 [inline]
filemap_fdatawrite_wbc+0x143/0x1b0 mm/filemap.c:378
__filemap_fdatawrite_range+0xb4/0xf0 mm/filemap.c:421
file_write_and_wait_range+0xb2/0x120 mm/filemap.c:779
ext4_sync_file+0x21f/0xfd0 fs/ext4/fsync.c:151
vfs_fsync_range+0x13a/0x220 fs/sync.c:188
generic_write_sync include/linux/fs.h:2730 [inline]
ext4_buffered_write_iter+0x27d/0x330 fs/ext4/file.c:277
ext4_file_write_iter+0x43c/0x1510 fs/ext4/file.c:679
call_write_iter include/linux/fs.h:2059 [inline]
new_sync_write+0x38a/0x560 fs/read_write.c:504
vfs_write+0x7c0/0xac0 fs/read_write.c:591
ksys_write+0x127/0x250 fs/read_write.c:644
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f45c52890e9
RSP: 002b:00007f45c6481168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f45c539bf60 RCX: 00007f45c52890e9
RDX: 00000000fffffed4 RSI: 0000000020000000 RDI: 0000000000000005
RBP: 00007f45c52e308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff137f6ecf R14: 00007f45c6481300 R15: 0000000000022000
</TASK>
Showing all locks held in the system:
3 locks held by kworker/u4:0/8:
1 lock held by rcu_tasks_kthre/12:
#0: ffffffff8bd84b90 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:502
1 lock held by rcu_tasks_trace/13:
#0: ffffffff8bd84810 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:502
1 lock held by khungtaskd/29:
#0: ffffffff8bd856e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6491
4 locks held by kworker/u4:4/932:
#0: ffff888145767938 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888145767938 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888145767938 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888145767938 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888145767938 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888145767938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc90005567da8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffff8880127e40e0 (&type->s_umount_key#32){++++}-{3:3}, at: trylock_super+0x1d/0x100 fs/super.c:415
#3: ffff8880127e6bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1ab/0x690 mm/page-writeback.c:2443
2 locks held by getty/3277:
#0: ffff88801ea7a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
#1: ffffc90002ce62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xe50/0x13c0 drivers/tty/n_tty.c:2118
2 locks held by kworker/u4:9/3830:
#0: ffff8880b9c3a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:549 [inline]
#0: ffff8880b9c3a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x8c/0x120 kernel/sched/core.c:534
#1: ffffc900055f7da8 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
1 lock held by syz-executor.5/13211:
#0: ffff8880127e6bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1ab/0x690 mm/page-writeback.c:2443
3 locks held by syz-executor.5/13212:
#0: ffff888020bd6368 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe3/0x100 fs/file.c:1063
#1: ffff8880127e4460 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0x127/0x250 fs/read_write.c:644
#2: ffff8880127e6bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1ab/0x690 mm/page-writeback.c:2443
=============================================
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 88 15 00 00 83 f8 mov %dl,-0x77d0000(%rip) # 0xf8830006
6: 02 75 20 add 0x20(%rbp),%dh
9: 48 8b 8a 90 15 00 00 mov 0x1590(%rdx),%rcx
10: 8b 92 8c 15 00 00 mov 0x158c(%rdx),%edx
16: 48 8b 01 mov (%rcx),%rax
19: 48 83 c0 01 add $0x1,%rax
1d: 48 39 c2 cmp %rax,%rdx
20: 76 07 jbe 0x29
22: 48 89 34 c1 mov %rsi,(%rcx,%rax,8)
26: 48 89 01 mov %rax,(%rcx)
* 29: c3 retq <-- trapping instruction
2a: 0f 1f 00 nopl (%rax)
2d: 41 55 push %r13
2f: 41 54 push %r12
31: 49 89 fc mov %rdi,%r12
34: 55 push %rbp
35: 48 bd eb 83 b5 80 46 movabs $0x61c8864680b583eb,%rbp
3c: 86 c8 61