INFO: task syz-executor.5:21480 can't die for more than 143 seconds. task:syz-executor.5 state:R running task stack:21024 pid:21480 ppid: 8216 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4986 [inline] __schedule+0xab2/0x4d90 kernel/sched/core.c:6296 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6462 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irq+0x3c/0x40 kernel/locking/spinlock.c:202 spin_unlock_irq include/linux/spinlock.h:404 [inline] shrink_inactive_list mm/vmscan.c:2405 [inline] shrink_list mm/vmscan.c:2621 [inline] shrink_lruvec+0xdd7/0x2660 mm/vmscan.c:2940 shrink_node_memcgs mm/vmscan.c:3129 [inline] shrink_node+0x858/0x1eb0 mm/vmscan.c:3252 shrink_zones mm/vmscan.c:3485 [inline] do_try_to_free_pages+0x491/0x1620 mm/vmscan.c:3541 try_to_free_pages+0x29f/0x750 mm/vmscan.c:3776 __perform_reclaim mm/page_alloc.c:4603 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:4624 [inline] __alloc_pages_slowpath.constprop.0+0xa9e/0x2080 mm/page_alloc.c:5014 __alloc_pages+0x412/0x500 mm/page_alloc.c:5389 alloc_pages+0x1aa/0x310 mm/mempolicy.c:2271 alloc_slab_page mm/slub.c:1799 [inline] allocate_slab mm/slub.c:1944 [inline] new_slab+0x28d/0x3a0 mm/slub.c:2004 ___slab_alloc+0x6be/0xd60 mm/slub.c:3019 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3106 slab_alloc_node mm/slub.c:3197 [inline] slab_alloc mm/slub.c:3239 [inline] kmem_cache_alloc+0x35c/0x3a0 mm/slub.c:3244 mempool_alloc+0x146/0x350 mm/mempool.c:392 bio_alloc_bioset+0x2ff/0x4a0 block/bio.c:468 bio_clone_fast+0x21/0x160 block/bio.c:750 bio_split+0xc9/0x320 block/bio.c:1519 blk_bio_segment_split block/blk-merge.c:324 [inline] __blk_queue_split+0x82c/0x1330 block/blk-merge.c:359 blk_mq_submit_bio+0x3f2/0x21c0 block/blk-mq.c:2741 __submit_bio block/blk-core.c:802 [inline] __submit_bio_noacct_mq block/blk-core.c:877 [inline] submit_bio_noacct block/blk-core.c:903 [inline] submit_bio_noacct+0x82c/0xa20 block/blk-core.c:892 submit_bio block/blk-core.c:964 [inline] submit_bio+0x1ea/0x430 block/blk-core.c:922 mpage_bio_submit fs/mpage.c:66 [inline] do_mpage_readpage+0x10b8/0x2590 fs/mpage.c:314 mpage_readahead+0x3db/0x920 fs/mpage.c:389 read_pages+0x1db/0x790 mm/readahead.c:129 page_cache_ra_unbounded+0x585/0x780 mm/readahead.c:238 do_page_cache_ra+0xf9/0x140 mm/readahead.c:268 do_sync_mmap_readahead mm/filemap.c:3058 [inline] filemap_fault+0x157f/0x21c0 mm/filemap.c:3151 __do_fault+0x10d/0x790 mm/memory.c:3846 do_read_fault mm/memory.c:4161 [inline] do_fault mm/memory.c:4290 [inline] handle_pte_fault mm/memory.c:4548 [inline] __handle_mm_fault+0x2761/0x4160 mm/memory.c:4683 handle_mm_fault+0x1c8/0x790 mm/memory.c:4781 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397 handle_page_fault arch/x86/mm/fault.c:1484 [inline] exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568 RIP: 0010:fault_in_readable+0x152/0x250 mm/gup.c:1804 Code: 47 e8 45 31 f6 e8 ae 2b ca ff 48 39 eb 75 13 eb 2e e8 a2 2b ca ff 48 81 c3 00 10 00 00 48 39 eb 74 1d e8 91 2b ca ff 45 89 f7 <8a> 13 31 ff 44 89 fe 88 54 24 28 e8 9e 2d ca ff 45 85 ff 74 d2 e8 RSP: 0018:ffffc9000e647ab8 EFLAGS: 00050293 RAX: 0000000000000000 RBX: 0000000020321000 RCX: 0000000000000000 RDX: ffff88801a0e1d40 RSI: ffffffff81adb7bf RDI: 0000000000000003 RBP: 0000000020322000 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff81adb850 R11: 0000000000000000 R12: 0000000000001000 R13: 0000000020320280 R14: 0000000000000000 R15: 0000000000000000 fault_in_iov_iter_readable lib/iov_iter.c:459 [inline] fault_in_iov_iter_readable+0x11f/0x1f0 lib/iov_iter.c:445 generic_perform_write+0x15b/0x510 mm/filemap.c:3806 __generic_file_write_iter+0x1c7/0x510 mm/filemap.c:3943 generic_file_write_iter+0xd7/0x220 mm/filemap.c:3975 call_write_iter include/linux/fs.h:2079 [inline] new_sync_write+0x429/0x660 fs/read_write.c:503 vfs_write+0x7cd/0xae0 fs/read_write.c:590 ksys_pwrite64 fs/read_write.c:697 [inline] __do_sys_pwrite64 fs/read_write.c:707 [inline] __se_sys_pwrite64 fs/read_write.c:704 [inline] __x64_sys_pwrite64+0x1fd/0x250 fs/read_write.c:704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fcedd8c6e67 RSP: 002b:00007fcedc246f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 RAX: ffffffffffffffda RBX: 00007fcedd95d9c8 RCX: 00007fcedd8c6e67 RDX: 0000000008100000 RSI: 0000000020000280 RDI: 0000000000000015 RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015 R13: 0000000000000015 R14: 00000000200004b8 R15: 0000000000000005 Showing all locks held in the system: 1 lock held by systemd/1: 1 lock held by khungtaskd/27: #0: ffffffff8bb828a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460 1 lock held by kswapd0/98: 1 lock held by kswapd1/99: 1 lock held by systemd-journal/2961: 1 lock held by systemd-timesyn/3055: 1 lock held by cron/6224: 1 lock held by in:imklog/6232: 1 lock held by syz-fuzzer/6524: 2 locks held by kworker/1:0/6657: 3 locks held by kworker/0:7/8274: 2 locks held by kworker/u4:8/10850: 3 locks held by syz-executor.5/21480: ============================================= ---------------- Code disassembly (best guess): 0: 47 e8 45 31 f6 e8 rex.RXB callq 0xe8f6314b 6: ae scas %es:(%rdi),%al 7: 2b ca sub %edx,%ecx 9: ff 48 39 decl 0x39(%rax) c: eb 75 jmp 0x83 e: 13 eb adc %ebx,%ebp 10: 2e e8 a2 2b ca ff cs callq 0xffca2bb8 16: 48 81 c3 00 10 00 00 add $0x1000,%rbx 1d: 48 39 eb cmp %rbp,%rbx 20: 74 1d je 0x3f 22: e8 91 2b ca ff callq 0xffca2bb8 27: 45 89 f7 mov %r14d,%r15d * 2a: 8a 13 mov (%rbx),%dl <-- trapping instruction 2c: 31 ff xor %edi,%edi 2e: 44 89 fe mov %r15d,%esi 31: 88 54 24 28 mov %dl,0x28(%rsp) 35: e8 9e 2d ca ff callq 0xffca2dd8 3a: 45 85 ff test %r15d,%r15d 3d: 74 d2 je 0x11 3f: e8 .byte 0xe8