INFO: task syz-executor.5:653 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29912 653 32729 0x00000004 ffff8800a3518000 ffff8801ceaf3700 ffff88009bf35d80 ffff8801d1a4df00 ffff8801db721018 ffff880189e97b48 ffffffff828075c2 0000000000000286 0000000000000002 0000000041b58ab3 00ffffff82e2b9d2 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] wb_wait_for_completion+0x149/0x1b0 fs/fs-writeback.c:221 [] sync_inodes_sb+0x1ab/0x9d0 fs/fs-writeback.c:2412 [] sync_inodes_one_sb+0x43/0x60 fs/sync.c:73 [] iterate_supers+0x130/0x260 fs/super.c:593 [] sys_sync+0xa2/0x170 fs/sync.c:112 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.?..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/2024: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 4 locks held by kworker/u4:17/22231: #0: ("writeback"){++++.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&(&wb->dwork)->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 #2: (&type->s_umount_key#32){++++.+}, at: [] trylock_super+0x20/0xf0 fs/super.c:393 #3: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 1 lock held by syz-executor.5/653: #0: (&type->s_umount_key#32){++++.+}, at: [] iterate_supers+0xe1/0x260 fs/super.c:591 1 lock held by syz-executor.5/654: #0: (&type->s_umount_key#32){++++.+}, at: [] iterate_supers+0xe1/0x260 fs/super.c:591 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 20734 Comm: syz-executor.1 Not tainted 4.9.141+ #1 task: ffff88009aae97c0 task.stack: ffff88009a4b0000 RIP: 0010:[] c [] trace_hardirqs_on+0x0/0x10 kernel/locking/lockdep.c:2742 RSP: 0018:ffff88009a4b77d0 EFLAGS: 00000006 RAX: 00000000024080c0 RBX: ffff8801da4013c0 RCX: 000000000000000c RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffff8801da4013c0 RBP: ffff88009a4b7820 R08: ffff88009aaea070 R09: 0000000000000001 R10: ffff8801ca191750 R11: 0000000000000001 R12: 00000000024080c0 R13: 00000000024000c0 R14: ffff8801db724670 R15: 0000000000000000 FS: 00007f4741b29700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000015f2308 CR3: 00000000aca63000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Stack: ffffffff814eb783c 000000000000000cc 024080c000000000c 0000000000000000c 4a94b9a696c61ca1c 00000000ffffffffc 00000000024080c0c ffff8801da4013c0c ffff8801db724670c 0000000000000000c ffff88009a4b78f8c ffffffff814ed97dc Call Trace: [] new_slab_objects mm/slub.c:2419 [inline] [] ___slab_alloc.constprop.33+0x2ed/0x470 mm/slub.c:2576 [] __slab_alloc.isra.25.constprop.32+0x50/0xa0 mm/slub.c:2618 [] slab_alloc_node mm/slub.c:2681 [inline] [] slab_alloc mm/slub.c:2723 [inline] [] __kmalloc+0x26e/0x310 mm/slub.c:3737 [] kmalloc_array include/linux/slab.h:582 [inline] [] kcalloc include/linux/slab.h:593 [inline] [] iter_file_splice_write+0x143/0xb30 fs/splice.c:711 [] do_splice_from fs/splice.c:870 [inline] [] direct_splice_actor+0x128/0x190 fs/splice.c:1037 [] splice_direct_to_actor+0x2c1/0x7e0 fs/splice.c:992 [] do_splice_direct+0x1a3/0x270 fs/splice.c:1080 [] do_sendfile+0x4f0/0xc30 fs/read_write.c:1393 [] SYSC_sendfile64 fs/read_write.c:1448 [inline] [] SyS_sendfile64+0xd1/0x160 fs/read_write.c:1440 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: cff cff ce8 c84 cbd c2e c00 ce9 c55 cfd cff cff ce8 cba cbc c2e c00 ceb cb3 ce8 cb3 cbc c2e c00 ce9 c3b cff cff cff ce8 ca9 cbc c2e c00 ce9 c43 cfe cff cff c0f c1f c40 c00 c<55> c48 c89 ce5 c48 c8b c7d c08 ce8 c63 cfa cff cff c5d cc3 c90 c55 c48 c89 ce5 c41 c