loop0: rw=0, want=18442984958116442982, limit=264192
attempt to access beyond end of device
loop0: rw=0, want=18442984958116442984, limit=264192
attempt to access beyond end of device
loop0: rw=0, want=18442984958116442986, limit=264192
INFO: task syz-executor6:10886 blocked for more than 140 seconds.
Not tainted 4.9.124-g09eb2ba #31
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6 D28504 10886 3866 0x00000004
ffff8801982ec800 0000000000000000 ffff8801d73ec540 ffff8801d9a38000
ffff8801db221c18 ffff8801cd4c7b58 ffffffff839f0afd 0000000000000002
0000000041b58ab3 ffffffff843bbc94 00ffffff81223870 ffff8801db2224e8
Call Trace:
[<ffffffff839f20ff>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff816073d9>] wb_wait_for_completion+0x149/0x1b0 fs/fs-writeback.c:221
[<ffffffff8160cb69>] sync_inodes_sb+0x1a9/0x8d0 fs/fs-writeback.c:2412
[<ffffffff8161ec93>] sync_inodes_one_sb+0x43/0x60 fs/sync.c:73
[<ffffffff81581590>] iterate_supers+0x130/0x260 fs/super.c:593
[<ffffffff8161f5a2>] sys_sync+0xa2/0x170 fs/sync.c:112
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff83a019d3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
2 locks held by khungtaskd/519:
#0: (rcu_read_lock){......}, at: [<ffffffff813689dc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff813689dc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81428248>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/3762:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff839ffba2>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff82125402>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor6/10886:
#0: (&type->s_umount_key#38){++++..}, at: [<ffffffff81581541>] iterate_supers+0xe1/0x260 fs/super.c:591
1 lock held by syz-executor6/10923:
#0: (&type->s_umount_key#38){++++..}, at: [<ffffffff81581541>] iterate_supers+0xe1/0x260 fs/super.c:591
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 519 Comm: khungtaskd Not tainted 4.9.124-g09eb2ba #31
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d979fd08 ffffffff81eb95e9 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810b9fa0 ffff8801d979fd40
ffffffff81ec4927 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81eb95e9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81eb95e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81ec4927>] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99
[<ffffffff81ec48ba>] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60
[<ffffffff810ba0a4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81368f74>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
[<ffffffff81368f74>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81368f74>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
[<ffffffff81368f74>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
[<ffffffff8119f3cd>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff83a01b9c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6 Comm: kworker/u4:0 Not tainted 4.9.124-g09eb2ba #31
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: writeback wb_workfn�c (flush-7:0)�c
task: ffff8801d9a38000 task.stack: ffff8801d9a40000
RIP: 0010:[<ffffffff81360cf1>] �c [<ffffffff81360cf1>] __sanitizer_cov_trace_pc+0x1/0x50 kernel/kcov.c:93
RSP: 0018:ffff8801d9a47690 EFLAGS: 00000202
RAX: ffff8801d9a38000 RBX: 0000000000000001 RCX: 0000000000000009
RDX: 0000000000000000 RSI: ffffffff81629df9 RDI: ffff8801c54749e0
RBP: ffff8801d9a47730 R08: ffff8801d9a38988 R09: 0000000000000001
R10: 0000000000000000 R11: 1ffff1003b34712c R12: 0000000000000200
R13: ffffea0006adefc0 R14: 0000000000000200 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f21e33d4000 CR3: 00000001cb77d000 CR4: 00000000001606f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
ffff8801d9a47730�c ffffffff81629e0a�c ffff8801b9a20148�c ffff8801cbfb2848�c
ffffffff839f7176�c ffffed00397f6509�c 00000000000004b2�c ffff8801cbfb2a00�c
ffffea0006adefe0�c 0000000000000000�c ffff8801cbfb29d0�c 00000008d9a38940�c
Call Trace:
[<ffffffff8162d48d>] __bread_gfp+0x2d/0x270 fs/buffer.c:1420
[<ffffffff818db771>] sb_bread include/linux/buffer_head.h:300 [inline]
[<ffffffff818db771>] fat_clusters_flush+0x111/0x380 fs/fat/misc.c:69
[<ffffffff818d56d2>] fat_write_inode+0xf2/0x170 fs/fat/inode.c:898
[<ffffffff81606add>] write_inode fs/fs-writeback.c:1180 [inline]
[<ffffffff81606add>] __writeback_single_inode+0x86d/0x1020 fs/fs-writeback.c:1379
[<ffffffff81607ddc>] writeback_sb_inodes+0x4ac/0xe70 fs/fs-writeback.c:1584
[<ffffffff8160889b>] __writeback_inodes_wb+0xfb/0x1e0 fs/fs-writeback.c:1653
[<ffffffff81609022>] wb_writeback+0x512/0xbd0 fs/fs-writeback.c:1762
[<ffffffff8161230e>] wb_do_writeback fs/fs-writeback.c:1894 [inline]
[<ffffffff8161230e>] wb_workfn+0x20e/0xdb0 fs/fs-writeback.c:1930
[<ffffffff8118f461>] process_one_work+0x7e1/0x1500 kernel/workqueue.c:2092
[<ffffffff81190256>] worker_thread+0xd6/0x10a0 kernel/workqueue.c:2226
[<ffffffff8119f3cd>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff83a01b9c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Code: �c00 �ceb �c81 �c4c �c89 �cff �ce8 �caf �cee �c1d �c00 �ce9 �c5f �cff �cff �cff �c48 �c89 �cdf �ce8 �c02 �cee �c1d �c00 �ce9 �cf9 �cfe �cff �cff �c66 �c2e �c0f �c1f �c84 �c00 �c00 �c00 �c00 �c00 �c0f �c1f �c00 �c55 �c<48> �c89 �ce5 �c65 �c48 �c8b �c04 �c25 �cc0 �c7d �c01 �c00 �c65 �c8b �c15 �c4c �c70 �ccb �c7e �c81 �ce2 �c