INFO: task syz-executor.5:18966 can't die for more than 143 seconds. task:syz-executor.5 state:D stack:26320 pid:18966 ppid: 3644 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4986 [inline] __schedule+0xab2/0x4d90 kernel/sched/core.c:6296 schedule+0xd2/0x260 kernel/sched/core.c:6369 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881 reclaim_throttle+0x1ce/0x5e0 mm/vmscan.c:1072 consider_reclaim_throttle mm/vmscan.c:3399 [inline] shrink_zones mm/vmscan.c:3486 [inline] do_try_to_free_pages+0x7cd/0x1620 mm/vmscan.c:3541 try_to_free_mem_cgroup_pages+0x2cd/0x840 mm/vmscan.c:3855 try_charge_memcg+0x298/0x10f0 mm/memcontrol.c:2598 obj_cgroup_charge_pages+0x1e/0x90 mm/memcontrol.c:3018 obj_cgroup_charge+0xf3/0x280 mm/memcontrol.c:3287 memcg_slab_pre_alloc_hook mm/slab.h:519 [inline] slab_pre_alloc_hook mm/slab.h:744 [inline] slab_alloc_node mm/slub.c:3145 [inline] slab_alloc mm/slub.c:3239 [inline] kmem_cache_alloc_trace+0x87/0x2c0 mm/slub.c:3256 kmalloc include/linux/slab.h:581 [inline] io_add_buffers fs/io_uring.c:4534 [inline] io_provide_buffers fs/io_uring.c:4568 [inline] io_issue_sqe+0x20f1/0x72d0 fs/io_uring.c:6834 __io_queue_sqe fs/io_uring.c:7104 [inline] io_req_task_submit+0xce/0x530 fs/io_uring.c:2424 handle_tw_list fs/io_uring.c:2315 [inline] tctx_task_work+0x19a/0xe70 fs/io_uring.c:2349 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_signal include/linux/tracehook.h:214 [inline] handle_signal_work kernel/entry/common.c:146 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x256/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f03ebfffe99 RSP: 002b:00007f03ea975168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: 00000000000002ff RBX: 00007f03ec112f60 RCX: 00007f03ebfffe99 RDX: 0000000000000000 RSI: 00000000000002ff RDI: 0000000000000003 RBP: 00007f03ec05a031 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdffa8a36f R14: 00007f03ea975300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/27: #0: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460 3 locks held by kworker/u4:2/44: #0: ffff8880b9c39c98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:489 #1: ffffc9000114fdb0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1680 kernel/workqueue.c:2282 #2: ffff8880b9c284d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x5a/0x1f0 kernel/time/timer.c:946 2 locks held by getty/3278: #0: ffff88814a93d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244 #1: ffffc90002b962e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077 1 lock held by syz-executor.5/18966: #0: ffff88807997d0a8 (&ctx->uring_lock){+.+.}-{3:3}, at: handle_tw_list fs/io_uring.c:2312 [inline] #0: ffff88807997d0a8 (&ctx->uring_lock){+.+.}-{3:3}, at: tctx_task_work+0x29f/0xe70 fs/io_uring.c:2349 =============================================