device loop0 blocksize: 2048
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
__find_get_block_slow() failed. block=1, b_blocknr=0
INFO: task syz-executor0:18952 blocked for more than 120 seconds.
b_state=0x00000029, b_size=4096
      Not tainted 4.16.0+ #10
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D
device loop0 blocksize: 2048
23408 18952   4518 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2862 [inline]
 __schedule+0x8fb/0x1ec0 kernel/sched/core.c:3440
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
 schedule+0xf5/0x430 kernel/sched/core.c:3499
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
 __rwsem_down_write_failed_common+0x7c0/0x1540 kernel/locking/rwsem-xadd.c:566
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
__find_get_block_slow() failed. block=1, b_blocknr=0
 rwsem_down_write_failed+0xe/0x10 kernel/locking/rwsem-xadd.c:595
b_state=0x00000029, b_size=4096
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0xa2/0x120 kernel/locking/rwsem.c:72
device loop0 blocksize: 2048
 inode_lock include/linux/fs.h:713 [inline]
 do_last fs/namei.c:3288 [inline]
 path_openat+0xd4d/0x3530 fs/namei.c:3519
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
 do_filp_open+0x25b/0x3b0 fs/namei.c:3554
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
 do_sys_open+0x502/0x6d0 fs/open.c:1059
device loop0 blocksize: 2048
 SYSC_open fs/open.c:1077 [inline]
 SyS_open+0x2d/0x40 fs/open.c:1072
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
__find_get_block_slow() failed. block=1, b_blocknr=0
b_state=0x00000029, b_size=4096
device loop0 blocksize: 2048
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
__find_get_block_slow() failed. block=1, b_blocknr=0
RIP: 0033:0x455269
RSP: 002b:00007f238ff68c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f238ff696d4 RCX: 0000000000455269
b_state=0x00000029, b_size=4096
RDX: 0000000000000001 RSI: 0000000000000040 RDI: 00000000200000c0
RBP: 000000000072c010 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000415 R14: 00000000006f8298 R15: 0000000000000002
device loop0 blocksize: 2048

Showing all locks held in the system:
2 locks held by khungtaskd/876:
__find_get_block_slow() failed. block=1, b_blocknr=0
 #0:  (rcu_read_lock){....}, at: [<000000005bb25299>] check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline]
 #0:  (rcu_read_lock){....}, at: [<000000005bb25299>] watchdog+0x1c5/0xd60 kernel/hung_task.c:249
b_state=0x00000029, b_size=4096
 #1:  (tasklist_lock){.+.+}, at: [<000000006f81baf1>] debug_show_all_locks+0xd3/0x3d0 kernel/locking/lockdep.c:4470
2 locks held by getty/4441:
device loop0 blocksize: 2048
 #0:  (&tty->ldisc_sem){++++}, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 
__find_get_block_slow() failed. block=1, b_blocknr=0
 (&ldata->atomic_read_lock){+.+.}, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by getty/4442:
b_state=0x00000029, b_size=4096
 #0:  (&tty->ldisc_sem){++++}, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1:  (&ldata->atomic_read_lock){+.+.}
device loop0 blocksize: 2048
, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by getty/4443:
 #0:  (
__find_get_block_slow() failed. block=1, b_blocknr=0
&tty->ldisc_sem){++++}, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 
b_state=0x00000029, b_size=4096
 (&ldata->atomic_read_lock){+.+.}, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by getty/4444:
 #0:  (&tty->ldisc_sem
device loop0 blocksize: 2048
){++++}, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by getty/4445:
 #0: 
__find_get_block_slow() failed. block=1, b_blocknr=0
 (&tty->ldisc_sem){++++}, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 
b_state=0x00000029, b_size=4096
 (&ldata->atomic_read_lock){+.+.}, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by getty/4446:
 #0:  (&tty->ldisc_sem){++++}
device loop0 blocksize: 2048
, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1:  (&ldata->atomic_read_lock
__find_get_block_slow() failed. block=1, b_blocknr=0
){+.+.}, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by getty/4447:
 #0: 
b_state=0x00000029, b_size=4096
 (&tty->ldisc_sem){++++}, at: [<0000000074c0e66e>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1:  (&ldata->atomic_read_lock){+.+.}
device loop0 blocksize: 2048
, at: [<000000008c1cd734>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131
2 locks held by syz-executor0/18952:
 #0:  (
__find_get_block_slow() failed. block=1, b_blocknr=0
sb_writers#16){.+.+}, at: [<000000009472eb1c>] sb_start_write include/linux/fs.h:1548 [inline]
sb_writers#16){.+.+}, at: [<000000009472eb1c>] mnt_want_write+0x3f/0xb0 fs/namespace.c:386
 #1: 
b_state=0x00000029, b_size=4096
 (&sb->s_type->i_mutex_key#19){++++}, at: [<000000000c72d3c0>] inode_lock include/linux/fs.h:713 [inline]
 (&sb->s_type->i_mutex_key#19){++++}, at: [<000000000c72d3c0>] do_last fs/namei.c:3288 [inline]
 (&sb->s_type->i_mutex_key#19){++++}, at: [<000000000c72d3c0>] path_openat+0xd4d/0x3530 fs/namei.c:3519

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 876 Comm: khungtaskd Not tainted 4.16.0+ #10
device loop0 blocksize: 2048
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
__find_get_block_slow() failed. block=1, b_blocknr=0
 nmi_cpu_backtrace+0x1d2/0x210 lib/nmi_backtrace.c:103
b_state=0x00000029, b_size=4096
 nmi_trigger_cpumask_backtrace+0x123/0x180 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_task kernel/hung_task.c:132 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline]
 watchdog+0x90c/0xd60 kernel/hung_task.c:249
device loop0 blocksize: 2048
__find_get_block_slow() failed. block=1, b_blocknr=0
 kthread+0x33c/0x400 kernel/kthread.c:238
b_state=0x00000029, b_size=4096
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:406
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 18900 Comm: syz-executor0 Not tainted 4.16.0+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vsnprintf+0x2a8/0x1900 lib/vsprintf.c:2241
RSP: 0018:ffff88019bec69c0 EFLAGS: 00000046
RAX: 0000000000040000 RBX: ffffffff89db2120 RCX: ffffffff86e20d88
RDX: 0000000000040000 RSI: ffffc90001ee0000 RDI: ffffffff874ad700
RBP: ffff88019bec6a90 R08: 1ffff100337d8cbf R09: 000000000000000c
R10: ffff88019bec6b70 R11: 0000000000000000 R12: ffffffff874ad700
R13: ffffffff874ad701 R14: ffff88019bec6a68 R15: 0000000000000000
FS:  00007f238ffab700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000002378000 CR3: 00000001c64b6005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 sprintf+0xb8/0xf0 lib/vsprintf.c:2484
 print_time kernel/printk/printk.c:1223 [inline]
 print_prefix+0x335/0x3a0 kernel/printk/printk.c:1246
 msg_print_text+0xaf/0x1b0 kernel/printk/printk.c:1273
 console_unlock+0x308/0xfb0 kernel/printk/printk.c:2369
 vprintk_emit+0x5c3/0xb90 kernel/printk/printk.c:1907
 vprintk_default+0x28/0x30 kernel/printk/printk.c:1947
 vprintk_func+0x57/0xc0 kernel/printk/printk_safe.c:379
 printk+0xaa/0xca kernel/printk/printk.c:1980
 __find_get_block_slow fs/buffer.c:236 [inline]
 __find_get_block+0xcea/0xd90 fs/buffer.c:1310
 __getblk_slow fs/buffer.c:1055 [inline]
 __getblk_gfp+0x26c/0xb80 fs/buffer.c:1336
 __bread_gfp+0x2d/0x290 fs/buffer.c:1370
 sb_bread include/linux/buffer_head.h:309 [inline]
 fat__get_entry+0x195/0x910 fs/fat/dir.c:101
 fat_get_entry fs/fat/dir.c:129 [inline]
 fat_get_short_entry+0x131/0x290 fs/fat/dir.c:876
 fat_scan+0xf9/0x330 fs/fat/dir.c:961
 msdos_find+0xf9/0x2e0 fs/fat/namei_msdos.c:129
 msdos_lookup+0x136/0x2e0 fs/fat/namei_msdos.c:209
 lookup_open+0xb1b/0x1970 fs/namei.c:3179
 do_last fs/namei.c:3291 [inline]
 path_openat+0xd76/0x3530 fs/namei.c:3519
 do_filp_open+0x25b/0x3b0 fs/namei.c:3554
 do_sys_open+0x502/0x6d0 fs/open.c:1059
 SYSC_open fs/open.c:1077 [inline]
 SyS_open+0x2d/0x40 fs/open.c:1072
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x455269
RSP: 002b:00007f238ffaac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f238ffab6d4 RCX: 0000000000455269
RDX: 0000000000000001 RSI: 0000000000000040 RDI: 00000000200000c0
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000415 R14: 00000000006f8298 R15: 0000000000000000
Code: c3 01 0f b6 04 30 38 d0 7f 08 84 c0 0f 85 10 13 00 00 45 0f b6 7d 00 4d 89 ec e9 a5 fe ff ff 48 89 8d 38 ff ff ff e8 b8 57 8f fa <4c> 8b bd 60 ff ff ff 48 8b 8d 38 ff ff ff 4c 39 fb 73 5f e8 a0