INFO: task hung in io_uring_alloc_task

Kernel	Title	Rank 🛈	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in io_uring_alloc_task_context fs	1	4	1297d	1356d	0/29	closed as invalid on 2022/02/08 09:40
upstream	INFO: task hung in io_uring_alloc_task_context (2) fs	1	1	1242d	1242d	0/29	auto-closed as invalid on 2022/06/09 11:30
upstream	INFO: task hung in io_uring_alloc_task_context (4) io-uring	1	2	1012d	1016d	0/29	auto-obsoleted due to no activity on 2023/04/10 23:14
upstream	INFO: task hung in io_uring_alloc_task_context (5) io-uring	1	1	211d	211d	0/29	auto-obsoleted due to no activity on 2025/04/05 18:35

INFO: task syz-executor.0:27107 blocked for more than 143 seconds. Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:28424 pid:27107 ppid: 3642 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5146 [inline] __schedule+0xa00/0x4b50 kernel/sched/core.c:6458 schedule+0xd2/0x1f0 kernel/sched/core.c:6530 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747 io_init_wq_offload fs/io_uring.c:10307 [inline] io_uring_alloc_task_context+0x172/0x5ef fs/io_uring.c:10356 __io_uring_add_tctx_node.cold+0x19/0x188 fs/io_uring.c:11510 io_uring_add_tctx_node fs/io_uring.c:11555 [inline] __do_sys_io_uring_enter+0x1cdf/0x2300 fs/io_uring.c:12026 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7ff3dbc89109 RSP: 002b:00007ff3dce17168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 00007ff3dbd9c030 RCX: 00007ff3dbc89109 RDX: 000000000000e608 RSI: 00000000ffffffff RDI: 0000000000000004 RBP: 00007ff3dbce305d R08: 0000000020000300 R09: 0000000000000008 R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff8d80fa8f R14: 00007ff3dce17300 R15: 0000000000022000 </TASK> Showing all locks held in the system: 1 lock held by khungtaskd/28: #0: ffffffff8bd86ba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6491 no locks held by udevd/2979. 2 locks held by getty/3288: #0: ffff8880266e9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244 #1: ffffc90002d162e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xe50/0x13c0 drivers/tty/n_tty.c:2124 1 lock held by syz-executor.0/27079: 1 lock held by syz-executor.0/27107: #0: ffff88807f3770a8 (&ctx->uring_lock){+.+.}-{3:3}, at: io_init_wq_offload fs/io_uring.c:10307 [inline] #0: ffff88807f3770a8 (&ctx->uring_lock){+.+.}-{3:3}, at: io_uring_alloc_task_context+0x172/0x5ef fs/io_uring.c:10356 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline] watchdog+0xc22/0xf90 kernel/hung_task.c:378 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 </TASK> Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 16002 Comm: kworker/1:0 Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events nsim_dev_trap_report_work RIP: 0010:chacha_permute+0x4ad/0x6f0 lib/crypto/chacha.c:40 Code: c1 0c 41 31 c1 89 44 24 0c 41 01 ca 44 89 c8 44 8b 4c 24 08 44 31 d5 c1 c0 0c 01 df c1 c5 08 31 fa c1 c2 0c 41 01 d1 44 31 cb <41> 01 ed 41 01 c0 c1 c3 08 44 31 e9 44 31 c6 01 df c1 c1 07 45 01 RSP: 0018:ffffc90014f1f890 EFLAGS: 00000082 RAX: 00000000d92d0bcd RBX: 00000000a79927f7 RCX: 00000000f321ceea RDX: 000000000a5128ac RSI: 000000004abe05eb RDI: 000000002bfda5c8 RBP: 00000000f619132b R08: 00000000adf32240 R09: 0000000082c654d7 ---------------- Code disassembly (best guess): 0: c1 0c 41 31 rorl $0x31,(%rcx,%rax,2) 4: c1 89 44 24 0c 41 01 rorl $0x1,0x410c2444(%rcx) b: ca 44 89 lret $0x8944 e: c8 44 8b 4c enterq $0x8b44,$0x4c 12: 24 08 and $0x8,%al 14: 44 31 d5 xor %r10d,%ebp 17: c1 c0 0c rol $0xc,%eax 1a: 01 df add %ebx,%edi 1c: c1 c5 08 rol $0x8,%ebp 1f: 31 fa xor %edi,%edx 21: c1 c2 0c rol $0xc,%edx 24: 41 01 d1 add %edx,%r9d 27: 44 31 cb xor %r9d,%ebx * 2a: 41 01 ed add %ebp,%r13d <-- trapping instruction 2d: 41 01 c0 add %eax,%r8d 30: c1 c3 08 rol $0x8,%ebx 33: 44 31 e9 xor %r13d,%ecx 36: 44 31 c6 xor %r8d,%esi 39: 01 df add %ebx,%edi 3b: c1 c1 07 rol $0x7,%ecx 3e: 45 rex.RB 3f: 01 .byte 0x1