F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop1): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 INFO: task syz-executor.0:21166 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28816 21166 8123 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 wb_wait_for_completion+0x175/0x1f0 fs/fs-writeback.c:222 sync_inodes_sb+0x19d/0x9a0 fs/fs-writeback.c:2459 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fab4acef5a9 Code: Bad RIP value. RSP: 002b:00007fab49662168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007fab4ae0ff80 RCX: 00007fab4acef5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fab4ad4a580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdf80a621f R14: 00007fab49662300 R15: 0000000000022000 INFO: task syz-executor.0:21179 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30272 21179 8123 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fab4acef5a9 Code: Bad RIP value. RSP: 002b:00007fab49641168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007fab4ae10050 RCX: 00007fab4acef5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fab4ad4a580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdf80a621f R14: 00007fab49641300 R15: 0000000000022000 INFO: task syz-executor.4:21174 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D27304 21174 17713 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f163a9145a9 Code: Bad RIP value. RSP: 002b:00007f1639287168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007f163aa34f80 RCX: 00007f163a9145a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f163a96f580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff430672bf R14: 00007f1639287300 R15: 0000000000022000 INFO: task syz-executor.4:21190 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D30128 21190 17713 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f163a9145a9 Code: Bad RIP value. RSP: 002b:00007f1639266168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007f163aa35050 RCX: 00007f163a9145a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f163a96f580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff430672bf R14: 00007f1639266300 R15: 0000000000022000 INFO: task syz-executor.3:21186 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28816 21186 8132 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 f2fs_msg: 8931 callbacks suppressed F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop1): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop1): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 F2FS-fs (loop1): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop1): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 F2FS-fs (loop4): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6b223aa5a9 Code: Bad RIP value. RSP: 002b:00007f6b20d1d168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007f6b224caf80 RCX: 00007f6b223aa5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f6b22405580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc90ef82af R14: 00007f6b20d1d300 R15: 0000000000022000 INFO: task syz-executor.3:21192 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29920 21192 8132 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6b223aa5a9 Code: Bad RIP value. RSP: 002b:00007f6b20cfc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007f6b224cb050 RCX: 00007f6b223aa5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f6b22405580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc90ef82af R14: 00007f6b20cfc300 R15: 0000000000022000 INFO: task syz-executor.5:21210 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28816 21210 12573 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb076b7b5a9 Code: Bad RIP value. RSP: 002b:00007fb0754ee168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007fb076c9bf80 RCX: 00007fb076b7b5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fb076bd6580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffea897485f R14: 00007fb0754ee300 R15: 0000000000022000 INFO: task syz-executor.5:21211 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29920 21211 12573 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb076b7b5a9 Code: Bad RIP value. RSP: 002b:00007fb0754cd168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007fb076c9c050 RCX: 00007fb076b7b5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fb076bd6580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffea897485f R14: 00007fb0754cd300 R15: 0000000000022000 INFO: task syz-executor.2:21215 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28816 21215 4504 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6b811ee5a9 Code: Bad RIP value. RSP: 002b:00007f6b7fb61168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007f6b8130ef80 RCX: 00007f6b811ee5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f6b81249580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff87ef6c7f R14: 00007f6b7fb61300 R15: 0000000000022000 INFO: task syz-executor.2:21216 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29920 21216 4504 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline] rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117 __down_write arch/x86/include/asm/rwsem.h:142 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:72 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74 iterate_supers+0x13c/0x290 fs/super.c:633 ksys_sync+0x86/0x150 fs/sync.c:113 __ia32_sys_sync+0xa/0x10 fs/sync.c:124 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6b811ee5a9 Code: Bad RIP value. RSP: 002b:00007f6b7fb40168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 00007f6b8130f050 RCX: 00007f6b811ee5a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f6b81249580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff87ef6c7f R14: 00007f6b7fb40300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1571: #0: 00000000dd3cc28e (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by in:imklog/7799: #0: 00000000645219d1 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 4 locks held by kworker/u4:8/9601: 5 locks held by kworker/u4:11/12466: 3 locks held by kworker/u4:0/15494: #0: 00000000861f3ea8 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1826 [inline] #0: 00000000861f3ea8 (&rq->lock){-.-.}, at: __schedule+0x1f9/0x2040 kernel/sched/core.c:3455 #1: 00000000dd3cc28e (rcu_read_lock){....}, at: trace_sched_stat_runtime include/trace/events/sched.h:428 [inline] #1: 00000000dd3cc28e (rcu_read_lock){....}, at: update_curr+0x2c3/0x870 kernel/sched/fair.c:857 #2: 0000000066bc9c2d (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:977 [inline] #2: 0000000066bc9c2d (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675 2 locks held by syz-executor.0/21166: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.0/21179: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.4/21174: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.4/21190: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.3/21186: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.3/21192: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.5/21210: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.5/21211: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.2/21215: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.2/21216: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.1/21224: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.1/21230: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.1/22513: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.1/22520: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.3/22682: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.3/22695: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.2/22717: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.2/22729: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.5/22784: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.5/22785: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.4/22793: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.4/22797: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.1/23074: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.1/23076: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.3/23979: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.3/23985: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.2/24134: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.2/24136: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.5/24140: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.5/24146: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.4/24144: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 2 locks held by syz-executor.4/24149: #0: 00000000a6514bcb (&type->s_umount_key#87){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631 #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline] #1: 00000000f57ba143 (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1571 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 10 Comm: rcu_preempt Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:trace_lock_release include/trace/events/lock.h:58 [inline] RIP: 0010:lock_release+0x5b7/0x8b0 kernel/locking/lockdep.c:3926 Code: 0b 85 c0 0f 85 1c fe ff ff 48 c7 c6 e0 4b 6a 88 48 c7 c7 40 19 6a 88 e8 bc 6d a7 06 0f 0b e9 02 fe ff ff 65 ff 05 a9 8f b6 7e <48> 8b 05 9a 8b c3 09 e8 3d 4e 05 00 85 c0 74 0d 80 3d 74 3b c3 09 RSP: 0018:ffff8880b5a67ad8 EFLAGS: 00000083 RAX: 0000000000000001 RBX: ffff8880b5a4e280 RCX: ffffffff81537cef RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880b5a4eb04 RBP: ffff8880ba122b58 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff11016b4cf5e R13: ffffffff8153809f R14: ffff8880ba122b40 R15: 00000000ffffffff FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7765c56020 CR3: 00000000a106f000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline] _raw_spin_unlock_irqrestore+0x1b/0xe0 kernel/locking/spinlock.c:184 try_to_del_timer_sync+0xbf/0x110 kernel/time/timer.c:1242 del_timer_sync+0x1a4/0x270 kernel/time/timer.c:1305 schedule_timeout+0x4d7/0xfe0 kernel/time/timer.c:1819 rcu_gp_kthread+0xdad/0x21c0 kernel/rcu/tree.c:2202 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415