INFO: task syz-executor.3:14056 blocked for more than 140 seconds. Not tainted 4.14.111+ #50 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28808 14056 1853 0x00000004 Call Trace: schedule+0x92/0x1c0 kernel/sched/core.c:3498 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x3b1/0x760 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:56 inode_lock include/linux/fs.h:715 [inline] do_last fs/namei.c:3358 [inline] path_openat+0xdae/0x2b70 fs/namei.c:3597 do_filp_open+0x1a1/0x280 fs/namei.c:3631 do_sys_open+0x2ca/0x590 fs/open.c:1077 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 Showing all locks held in the system: 1 lock held by khungtaskd/23: #0: (tasklist_lock){.+.+}, at: [<000000003e73c9e6>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4544 2 locks held by getty/1756: #0: (&tty->ldisc_sem){++++}, at: [<000000006cb5e475>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:275 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009f486b21>] n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156 2 locks held by syz-executor.3/14056: #0: (sb_writers#4){.+.+}, at: [<00000000094ba7a0>] sb_start_write include/linux/fs.h:1545 [inline] #0: (sb_writers#4){.+.+}, at: [<00000000094ba7a0>] mnt_want_write+0x3a/0xb0 fs/namespace.c:387 #1: (&type->i_mutex_dir_key#3){++++}, at: [<0000000006aa4460>] inode_lock include/linux/fs.h:715 [inline] #1: (&type->i_mutex_dir_key#3){++++}, at: [<0000000006aa4460>] do_last fs/namei.c:3358 [inline] #1: (&type->i_mutex_dir_key#3){++++}, at: [<0000000006aa4460>] path_openat+0xdae/0x2b70 fs/namei.c:3597 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.111+ #50 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 1626 Comm: rs:main Q:Reg Not tainted 4.14.111+ #50 task: 00000000ffa0c92c task.stack: 00000000e86dbd6d RIP: 0010:lock_release+0x38c/0x730 kernel/locking/lockdep.c:4015 RSP: 0018:ffff8881d4acf2c8 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 1ffff1103a959e5c RCX: 1ffff1103aa3e6e4 RDX: 1ffff1103aa3e6e5 RSI: 0000000000000004 RDI: ffff8881d51f2f00 RBP: ffff8881d51f2f00 R08: 0000000000000001 R09: 0000000000000003 R10: ffff8881d51f37a8 R11: 0000000000000001 R12: c93dae2721ca3486 R13: ffff8881d51f2f00 R14: 0000000000000004 R15: ffff8881d51f3728 FS: 00007f9b4e727700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001b81000 CR3: 00000001d6b70001 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: rcu_lock_release include/linux/rcupdate.h:249 [inline] rcu_read_unlock include/linux/rcupdate.h:687 [inline] find_get_pages_range+0x461/0x830 mm/filemap.c:1694 pagevec_lookup_range+0x32/0x70 mm/swap.c:983 clean_bdev_aliases+0x176/0x4f0 fs/buffer.c:1637 mpage_map_one_extent fs/ext4/inode.c:2476 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2515 [inline] ext4_writepages+0x1aa6/0x3030 fs/ext4/inode.c:2886 do_writepages+0xe5/0x280 mm/page-writeback.c:2348 __filemap_fdatawrite_range+0x1a4/0x290 mm/filemap.c:347 file_write_and_wait_range+0x84/0x100 mm/filemap.c:655 __generic_file_fsync+0x70/0x190 fs/libfs.c:977 ext4_sync_file+0x316/0x1280 fs/ext4/fsync.c:120 vfs_fsync_range+0x106/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2693 [inline] ext4_file_write_iter+0x7bc/0xe40 fs/ext4/file.c:268 call_write_iter include/linux/fs.h:1784 [inline] new_sync_write fs/read_write.c:471 [inline] __vfs_write+0x401/0x5a0 fs/read_write.c:484 vfs_write+0x17f/0x4d0 fs/read_write.c:546 SYSC_write fs/read_write.c:593 [inline] SyS_write+0xc0/0x1a0 fs/read_write.c:585 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 Code: 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 64 03 00 00 45 8d 4e ff 45 39 8d 28 08 00 00 0f 85 08 02 00 00 65 48 8b 2c 25 c0 de 01 00 <48> 8d bd 2c 08 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48