b_state=0x00000029, b_size=512 device loop0 blocksize: 1024 __find_get_block_slow() failed. block=5, b_blocknr=8 b_state=0x00000029, b_size=512 device loop0 blocksize: 1024 INFO: task syz-executor0:24863 blocked for more than 140 seconds. Not tainted 4.9.122-g54068d6 #26 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D27688 24863 3868 0x00000004 ffff88019a244800 ffff88019c691500 ffff8801d7fca4c0 ffff880199c23000 ffff8801db221c18 ffff88019e19f988 ffffffff839efdcd ffffffff812378c7 0000000000000000 ffff88019a2450c0 0000000600000007 ffff8801db2224e8 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:526 [inline] [] rwsem_down_write_failed+0x598/0x990 kernel/locking/rwsem-xadd.c:555 [] call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 [] __down_write arch/x86/include/asm/rwsem.h:125 [inline] [] down_write+0x5c/0xa0 kernel/locking/rwsem.c:54 [] inode_lock include/linux/fs.h:766 [inline] [] generic_file_write_iter+0x9d/0x610 mm/filemap.c:2903 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3e0/0x580 fs/read_write.c:509 [] vfs_write+0x187/0x530 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/519: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.?..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/3678: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/3774: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 3 locks held by syz-executor0/24863: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 #1: (sb_writers#16){.+.+.+}, at: [] file_start_write include/linux/fs.h:2640 [inline] #1: (sb_writers#16){.+.+.+}, at: [] vfs_write+0x3ae/0x530 fs/read_write.c:556 #2: (&sb->s_type->i_mutex_key#22){++++++}, at: [] inode_lock include/linux/fs.h:766 [inline] #2: (&sb->s_type->i_mutex_key#22){++++++}, at: [] generic_file_write_iter+0x9d/0x610 mm/filemap.c:2903 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 519 Comm: khungtaskd Not tainted 4.9.122-g54068d6 #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d851fd08 ffffffff81eb8829 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810b9fa0 ffff8801d851fd40 ffffffff81ec3b67 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6b4/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 24873 Comm: syz-executor2 Not tainted 4.9.122-g54068d6 #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d6c30000 task.stack: ffff8801cc508000 RIP: 0010:[] c [] kasan_unpoison_shadow+0x0/0x50 mm/kasan/kasan.c:50 RSP: 0018:ffff8801db207b10 EFLAGS: 00000206 RAX: 0000000048000000 RBX: ffffea00067a4400 RCX: 0000000000000000 RDX: ffff8801da001280 RSI: 0000000000000200 RDI: ffff88019e911b80 RBP: ffff8801db207b30 R08: ffff8801db207858 R09: 000000006580e10d R10: ffffed003b640efe R11: ffff8801db2077f7 R12: ffff88019e911b80 R13: 0000000000000200 R14: 0000000002080020 R15: ffff8801d9914640 FS: 00007fda36ff4700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdf845f5a8b CR3: 00000001bff5f000 CR4: 00000000001606f0 DR0: 00000000200001c0 DR1: 00000000200001c0 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Stack: ffffffff81537354c 1ffff1003b640f69c ffff88019e911b80c ffff8801cb9d5dc0c ffff8801db207bd0c ffffffff83039303c 0000004800000000c 0000000041b58ab3c ffffffff84417e92c ffffffff830391d0c ffffffff83582b00c ffff8801db207b00c Call Trace: [] __alloc_skb+0x133/0x5b0 net/core/skbuff.c:238 [] alloc_skb include/linux/skbuff.h:919 [inline] [] ndisc_alloc_skb+0x144/0x330 net/ipv6/ndisc.c:401 [] ndisc_send_rs+0x2ff/0x670 net/ipv6/ndisc.c:645 [] addrconf_rs_timer+0x287/0x5a0 net/ipv6/addrconf.c:3751 [] call_timer_fn+0x163/0x6e0 kernel/time/timer.c:1319 [] expire_timers kernel/time/timer.c:1359 [inline] [] __run_timers kernel/time/timer.c:1658 [inline] [] run_timer_softirq+0x1047/0x1590 kernel/time/timer.c:1684 [] __do_softirq+0x210/0x940 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x114/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:962 [] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:648 d [] ? console_unlock+0x7b3/0xb40 kernel/printk/printk.c:2451 [] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1903 [] vprintk+0x28/0x30 kernel/printk/printk.c:1913 [] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1914 [] vprintk_func kernel/printk/internal.h:36 [inline] [] printk+0xaf/0xd7 kernel/printk/printk.c:1975 [] binder_thread_write.cold.77+0xeb0/0x1285 drivers/android/binder.c:3917 [] binder_ioctl_write_read.isra.42+0x1eb/0x810 drivers/android/binder.c:4628 [] binder_ioctl+0x702/0x1160 drivers/android/binder.c:4767 [] vfs_ioctl fs/ioctl.c:43 [inline] [] file_ioctl fs/ioctl.c:493 [inline] [] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: cc3 c66 c2e c0f c1f c84 c00 c00 c00 c00 c00 c55 c48 c89 ce5 c65 c48 c8b c04 c25 cc0 c7d c01 c00 c83 ca8 c68 c12 c00 c00 c01 c5d cc3 c66 c2e c0f c1f c84 c00 c00 c00 c00 c00 c<48> c89 cf8 c55 c48 cc1 cef c03 c48 c01 cf0 c48 c89 ce5 c41 c54 c49 c89 cf4 c48 cc1 c