F2FS-fs (loop2): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24
F2FS-fs (loop2): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24
F2FS-fs (loop2): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24
INFO: task syz-executor.2:8699 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D29920  8699   8140 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline]
 rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618
 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x4f/0x90 kernel/locking/rwsem.c:72
 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74
 iterate_supers+0x13c/0x290 fs/super.c:633
 ksys_sync+0x86/0x150 fs/sync.c:113
 __ia32_sys_sync+0xa/0x10 fs/sync.c:124
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7efcc44ce5a9
Code: Bad RIP value.
RSP: 002b:00007efcc2a20168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007efcc45ef050 RCX: 00007efcc44ce5a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007efcc45297b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff17db6c4f R14: 00007efcc2a20300 R15: 0000000000022000
INFO: task syz-executor.1:8682 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28816  8682   8134 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 wb_wait_for_completion+0x175/0x1f0 fs/fs-writeback.c:222
 sync_inodes_sb+0x19d/0x9a0 fs/fs-writeback.c:2459
 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74
 iterate_supers+0x13c/0x290 fs/super.c:633
 ksys_sync+0x86/0x150 fs/sync.c:113
 __ia32_sys_sync+0xa/0x10 fs/sync.c:124
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f79860675a9
Code: Bad RIP value.
RSP: 002b:00007f79845da168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f7986187f80 RCX: 00007f79860675a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f79860c27b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdf22e5def R14: 00007f79845da300 R15: 0000000000022000
INFO: task syz-executor.1:8694 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D30272  8694   8134 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline]
 rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618
 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x4f/0x90 kernel/locking/rwsem.c:72
 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74
 iterate_supers+0x13c/0x290 fs/super.c:633
 ksys_sync+0x86/0x150 fs/sync.c:113
 __ia32_sys_sync+0xa/0x10 fs/sync.c:124
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f79860675a9
Code: Bad RIP value.
RSP: 002b:00007f79845b9168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f7986188050 RCX: 00007f79860675a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f79860c27b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdf22e5def R14: 00007f79845b9300 R15: 0000000000022000
INFO: task syz-executor.1:8703 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D26416  8703   8134 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline]
 rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618
 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x4f/0x90 kernel/locking/rwsem.c:72
 bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
 sync_inodes_one_sb+0x4d/0x60 fs/sync.c:74
 iterate_supers+0x13c/0x290 fs/super.c:633
 ksys_sync+0x86/0x150 fs/sync.c:113
 __ia32_sys_sync+0xa/0x10 fs/sync.c:124
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f79860675a9
Code: Bad RIP value.
RSP: 002b:00007f7984598168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00007f7986188120 RCX: 00007f79860675a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f79860c27b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdf22e5def R14: 00007f7984598300 R15: 0000000000022000

Showing all locks held in the system:
1 lock held by khungtaskd/1570:
 #0: 000000009d94428a (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by in:imklog/7805:
 #0: 00000000fd6d1803 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
6 locks held by kworker/u4:9/20042:
2 locks held by syz-executor.2/8699:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/8682:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/8694:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/8703:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.2/9246:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.2/9248:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/9290:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/9292:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/9294:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.2/9839:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.2/9841:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/9883:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457
2 locks held by syz-executor.1/9884:
 #0: 0000000039857dae (&type->s_umount_key#81){++++}, at: iterate_supers+0xdb/0x290 fs/super.c:631
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:338 [inline]
 #1: 00000000645ab7cd (&bdi->wb_switch_rwsem){+.+.}, at: sync_inodes_sb+0x180/0x9a0 fs/fs-writeback.c:2457

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1570 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x991/0xe60 kernel/hung_task.c:287
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 20042 Comm: kworker/u4:9 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: writeback wb_workfn (flush-7:2)
RIP: 0010:bytes_is_nonzero mm/kasan/kasan.c:167 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:184 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline]
RIP: 0010:check_memory_region+0xcb/0x170 mm/kasan/kasan.c:267
Code: 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 80 38 00 <74> f2 eb d8 41 bc 08 00 00 00 48 89 ea 45 29 dc 4e 8d 5c 25 00 eb
RSP: 0018:ffff8880a2d56be8 EFLAGS: 00000046
RAX: fffffbfff19c60df RBX: fffffbfff19c60e0 RCX: ffffffff814afa31
RDX: fffffbfff19c60e0 RSI: 0000000000000004 RDI: ffffffff8ce306f8
RBP: fffffbfff19c60df R08: 0000000000000001 R09: fffffbfff19c60df
R10: ffffffff8ce306fb R11: 0000000000000000 R12: 0000000000000000
R13: ffff88809a7982c0 R14: ffff8880a34ae628 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4a13292000 CR3: 00000000b01dc000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
 __lock_acquire+0x251/0x3ff0 kernel/locking/lockdep.c:3308
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 check_valid_map fs/f2fs/gc.c:454 [inline]
 gc_data_segment fs/f2fs/gc.c:929 [inline]
 do_garbage_collect fs/f2fs/gc.c:1109 [inline]
 f2fs_gc+0x1cf3/0x8c90 fs/f2fs/gc.c:1196
 f2fs_balance_fs+0x71a/0xd80 fs/f2fs/segment.c:513
 __write_data_page+0xab8/0x22d0 fs/f2fs/data.c:1975
 f2fs_write_cache_pages+0x96e/0x13e0 fs/f2fs/data.c:2107
 __f2fs_write_data_pages fs/f2fs/data.c:2217 [inline]
 f2fs_write_data_pages+0x498/0x1060 fs/f2fs/data.c:2244
 do_writepages+0xe5/0x290 mm/page-writeback.c:2344
 __writeback_single_inode+0x10c/0x11d0 fs/fs-writeback.c:1385
 writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647
 __writeback_inodes_wb+0xc6/0x280 fs/fs-writeback.c:1716
 wb_writeback+0x841/0xcc0 fs/fs-writeback.c:1822
 wb_check_start_all fs/fs-writeback.c:1946 [inline]
 wb_do_writeback fs/fs-writeback.c:1972 [inline]
 wb_workfn+0xbf4/0x1250 fs/fs-writeback.c:2006
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415