INFO: task hung in sync_inodes

INFO: task hung in sync_inodes_sb (4)
Status: upstream: reported C repro on 2020/11/21 04:55
Reported-by: syzbot+7d50f1e54a12ba3aeae2@syzkaller.appspotmail.com
First crash: 110d, last: 29d

Cause bisection: introduced by (bisect log) :
commit c68df2e7be0c1238ea3c281fd744a204ef3b15a0
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Thu Sep 15 13:30:02 2016 +0000

mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE

Crash: general protection fault in batadv_iv_ogm_queue_add (log)
Repro: C syz .config

similar bugs (8):
Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in sync_inodes_sb (2)			4	685d	703d	0/21	auto-closed as invalid on 2019/10/19 16:22
upstream	INFO: task hung in sync_inodes_sb (3)	C	done	6	428d	437d	16/21	fixed on 2020/02/14 01:19
upstream	INFO: task hung in sync_inodes_sb			58	782d	1021d	0/21	closed as dup on 2018/09/08 15:37
linux-4.14	INFO: task hung in sync_inodes_sb			1	398d	398d	0/1	auto-closed as invalid on 2020/06/02 17:26
android-49	INFO: task hung in sync_inodes_sb			11	922d	1001d	0/3	auto-closed as invalid on 2019/02/24 06:19
android-49	INFO: task hung in sync_inodes_sb (2)			2	511d	673d	0/3	auto-closed as invalid on 2020/02/10 00:14
linux-4.14	INFO: task hung in sync_inodes_sb (2)	C		4	13d	59d	0/1	upstream: reported C repro on 2021/01/07 19:48
linux-4.19	INFO: task hung in sync_inodes_sb	C		2	13d	149d	0/1	upstream: reported C repro on 2020/10/09 07:19

Sample crash report:

INFO: task syz-executor266:8455 blocked for more than 143 seconds.
      Not tainted 5.10.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor266 state:D stack:27448 pid: 8455 ppid:  8449 flags:0x00004000
Call Trace:
 context_switch kernel/sched/core.c:3779 [inline]
 __schedule+0x893/0x2130 kernel/sched/core.c:4528
 schedule+0xcf/0x270 kernel/sched/core.c:4606
 wb_wait_for_completion+0x17b/0x230 fs/fs-writeback.c:209
 sync_inodes_sb+0x1a6/0x9d0 fs/fs-writeback.c:2559
 __sync_filesystem fs/sync.c:34 [inline]
 sync_filesystem fs/sync.c:67 [inline]
 sync_filesystem+0x15c/0x260 fs/sync.c:48
 generic_shutdown_super+0x70/0x370 fs/super.c:448
 kill_block_super+0x97/0xf0 fs/super.c:1446
 deactivate_locked_super+0x94/0x160 fs/super.c:335
 deactivate_super+0xad/0xd0 fs/super.c:366
 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1118
 task_work_run+0xdd/0x190 kernel/task_work.c:151
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
 exit_to_user_mode_prepare+0x17e/0x1a0 kernel/entry/common.c:191
 syscall_exit_to_user_mode+0x38/0x260 kernel/entry/common.c:266
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x448617
RSP: 002b:00007ffe69ca89e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007ffe69ca9b60 RCX: 0000000000448617
RDX: 0000000000400bb0 RSI: 0000000000000002 RDI: 00007ffe69ca8a90
RBP: 00000000000cd1c7 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000206 R12: 00007ffe69ca9b00
R13: 0000000000742880 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
2 locks held by kworker/u4:0/8:
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 kernel/workqueue.c:2243
 #1: ffffc90000cd7da8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 kernel/workqueue.c:2247
1 lock held by khungtaskd/1640:
 #0: ffffffff8b3378e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6254
2 locks held by syz-executor266/8455:
 #0: ffff88802f44a0e0 (&type->s_umount_key#48){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365
 #1: ffff888018e5a708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline]
 #1: ffff888018e5a708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0x9d0 fs/fs-writeback.c:2557

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1640 Comm: khungtaskd Not tainted 5.10.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd43/0xfa0 kernel/hung_task.c:294
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:517

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2021/01/03 08:44	upstream	3516bd72	e6b0d314	.config	log	report	syz	C

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2020/12/04 02:11	upstream	34816d20	e6b0d314	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/11/17 04:47	linux-next	03430750	1bf9a662	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/02/06 20:50	upstream	1e0d27fc	0655e081	.config	log	report			info	INFO: task hung in sync_inodes_sb