bisecting cause commit starting from dc4060a5dc2557e6b5aa813bf5b73677299d62d2 building syzkaller on 505ab413c77ce8c6bd4658ea5e68ea2534d47b39 testing commit dc4060a5dc2557e6b5aa813bf5b73677299d62d2 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in __io_uring_register testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: OK # git bisect start dc4060a5dc2557e6b5aa813bf5b73677299d62d2 v5.0 Bisecting: 6720 revisions left to test after this (roughly 13 steps) [d72cb8c7d9dbd9ce820c80f3fddb56b296ba96fc] Merge tag 'riscv-for-linus-5.1-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux testing commit d72cb8c7d9dbd9ce820c80f3fddb56b296ba96fc with gcc (GCC) 8.1.0 all runs: OK # git bisect good d72cb8c7d9dbd9ce820c80f3fddb56b296ba96fc Bisecting: 3370 revisions left to test after this (roughly 12 steps) [d6075262969321bcb5d795de25595fc2a141ac02] Merge tag 'nios2-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 testing commit d6075262969321bcb5d795de25595fc2a141ac02 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in __io_uring_register # git bisect bad d6075262969321bcb5d795de25595fc2a141ac02 Bisecting: 1671 revisions left to test after this (roughly 11 steps) [1cabd3e0bd88d7ba9854cbb9213ef40eccad603b] Merge tag 'for-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 1cabd3e0bd88d7ba9854cbb9213ef40eccad603b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 1cabd3e0bd88d7ba9854cbb9213ef40eccad603b Bisecting: 672 revisions left to test after this (roughly 10 steps) [96a6de1a541c86e9e67b9c310c14db4099bd1cbc] Merge tag 'media/v5.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 96a6de1a541c86e9e67b9c310c14db4099bd1cbc with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in __io_uring_register # git bisect bad 96a6de1a541c86e9e67b9c310c14db4099bd1cbc Bisecting: 504 revisions left to test after this (roughly 9 steps) [2bb995405fe52dd893db57456556e8dc4fce35a7] Merge tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit 2bb995405fe52dd893db57456556e8dc4fce35a7 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in __io_uring_register # git bisect bad 2bb995405fe52dd893db57456556e8dc4fce35a7 Bisecting: 272 revisions left to test after this (roughly 8 steps) [cf2e8c544cd3b33e9e403b7b72404c221bf888d1] Merge tag 'mfd-next-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd testing commit cf2e8c544cd3b33e9e403b7b72404c221bf888d1 with gcc (GCC) 8.1.0 all runs: OK # git bisect good cf2e8c544cd3b33e9e403b7b72404c221bf888d1 Bisecting: 145 revisions left to test after this (roughly 7 steps) [21b4aa5d20fd07207e73270cadffed5c63fb4343] io_uring: add a few test tools testing commit 21b4aa5d20fd07207e73270cadffed5c63fb4343 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in __io_uring_register # git bisect bad 21b4aa5d20fd07207e73270cadffed5c63fb4343 Bisecting: 63 revisions left to test after this (roughly 6 steps) [d18d91740ad22e9d7998884c4d80523d0ba95ddf] block: introduce bio_for_each_bvec() and rq_for_each_bvec() testing commit d18d91740ad22e9d7998884c4d80523d0ba95ddf with gcc (GCC) 8.1.0 all runs: OK # git bisect good d18d91740ad22e9d7998884c4d80523d0ba95ddf Bisecting: 31 revisions left to test after this (roughly 5 steps) [4f80fc77fc14d0d1da28573f5116aded2932f5ad] nvmet-fc: convert to SPDX identifiers testing commit 4f80fc77fc14d0d1da28573f5116aded2932f5ad with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4f80fc77fc14d0d1da28573f5116aded2932f5ad Bisecting: 15 revisions left to test after this (roughly 4 steps) [bbcbbd567cc15823a6e9d4e2c5899ea3defa7b6d] block: optimize blk_bio_segment_split for single-page bvec testing commit bbcbbd567cc15823a6e9d4e2c5899ea3defa7b6d with gcc (GCC) 8.1.0 all runs: OK # git bisect good bbcbbd567cc15823a6e9d4e2c5899ea3defa7b6d Bisecting: 7 revisions left to test after this (roughly 3 steps) [6d0c48aede85e38316d0251564cab39cbc2422f6] block: implement bio helper to add iter bvec pages to bio testing commit 6d0c48aede85e38316d0251564cab39cbc2422f6 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6d0c48aede85e38316d0251564cab39cbc2422f6 Bisecting: 3 revisions left to test after this (roughly 2 steps) [6c271ce2f1d572f7fa225700a13cfe7ced492434] io_uring: add submission polling testing commit 6c271ce2f1d572f7fa225700a13cfe7ced492434 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in __io_uring_register # git bisect bad 6c271ce2f1d572f7fa225700a13cfe7ced492434 Bisecting: 1 revision left to test after this (roughly 1 step) [f4e65870e5cede5ca1ec0006b6c9803994e5f7b8] net: split out functions related to registering inflight socket files testing commit f4e65870e5cede5ca1ec0006b6c9803994e5f7b8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f4e65870e5cede5ca1ec0006b6c9803994e5f7b8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6b06314c47e141031be043539900d80d2c7ba10f] io_uring: add file set registration testing commit 6b06314c47e141031be043539900d80d2c7ba10f with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6b06314c47e141031be043539900d80d2c7ba10f 6c271ce2f1d572f7fa225700a13cfe7ced492434 is the first bad commit commit 6c271ce2f1d572f7fa225700a13cfe7ced492434 Author: Jens Axboe Date: Thu Jan 10 11:22:30 2019 -0700 io_uring: add submission polling This enables an application to do IO, without ever entering the kernel. By using the SQ ring to fill in new sqes and watching for completions on the CQ ring, we can submit and reap IOs without doing a single system call. The kernel side thread will poll for new submissions, and in case of HIPRI/polled IO, it'll also poll for completions. By default, we allow 1 second of active spinning. This can by changed by passing in a different grace period at io_uring_register(2) time. If the thread exceeds this idle time without having any work to do, it will set: sq_ring->flags |= IORING_SQ_NEED_WAKEUP. The application will have to call io_uring_enter() to start things back up again. If IO is kept busy, that will never be needed. Basically an application that has this feature enabled will guard it's io_uring_enter(2) call with: read_barrier(); if (*sq_ring->flags & IORING_SQ_NEED_WAKEUP) io_uring_enter(fd, 0, 0, IORING_ENTER_SQ_WAKEUP); instead of calling it unconditionally. It's mandatory to use fixed files with this feature. Failure to do so will result in the application getting an -EBADF CQ entry when submitting IO. Reviewed-by: Hannes Reinecke Signed-off-by: Jens Axboe :040000 040000 ca5e05e36f61886129f91db070f217a812c4dd7b 487222729602cd9d12f91557ef31c73e4dfa4b86 M fs :040000 040000 2d991ecff6e14baa890629470b4bd38bd680cf8f 8c9ea07bbb5fd38b10fd5e4673bc08e0c6f2f4f6 M include revisions tested: 16, total time: 4h14m52.782257654s (build: 1h31m18.62943871s, test: 2h37m40.185631269s) first bad commit: 6c271ce2f1d572f7fa225700a13cfe7ced492434 io_uring: add submission polling cc: ["axboe@kernel.dk" "hare@suse.com" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: INFO: task hung in __io_uring_register 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 8021q: adding VLAN 0 to HW filter on device batadv0 INFO: task syz-executor.2:7432 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28864 7432 7408 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 __io_uring_register+0xb8/0x1b20 fs/io_uring.c:2467 __do_sys_io_uring_register fs/io_uring.c:2517 [inline] __se_sys_io_uring_register fs/io_uring.c:2499 [inline] __ia32_sys_io_uring_register+0x16f/0x1e0 fs/io_uring.c:2499 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fca849 Code: Bad RIP value. RSP: 002b:00000000f7fc60cc EFLAGS: 00000296 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.2:7433 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D30448 7433 7408 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fca849 Code: Bad RIP value. RSP: 002b:00000000f7fa50cc EFLAGS: 00000296 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000010005 RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.2:7467 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29576 7467 7408 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 __io_uring_register+0xb8/0x1b20 fs/io_uring.c:2467 __do_sys_io_uring_register fs/io_uring.c:2517 [inline] __se_sys_io_uring_register fs/io_uring.c:2499 [inline] __ia32_sys_io_uring_register+0x16f/0x1e0 fs/io_uring.c:2499 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fca849 Code: Bad RIP value. RSP: 002b:00000000f7f840cc EFLAGS: 00000296 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.2:7468 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D30472 7468 7408 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fca849 Code: Bad RIP value. RSP: 002b:00000000f7f630cc EFLAGS: 00000296 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000010005 RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.0:7438 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29576 7438 7417 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 __io_uring_register+0xb8/0x1b20 fs/io_uring.c:2467 __do_sys_io_uring_register fs/io_uring.c:2517 [inline] __se_sys_io_uring_register fs/io_uring.c:2499 [inline] __ia32_sys_io_uring_register+0x16f/0x1e0 fs/io_uring.c:2499 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f75849 Code: Bad RIP value. RSP: 002b:00000000f7f710cc EFLAGS: 00000296 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.0:7445 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29576 7445 7417 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f75849 Code: Bad RIP value. RSP: 002b:00000000f7f500cc EFLAGS: 00000296 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000010005 RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.4:7443 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29576 7443 7415 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 __io_uring_register+0xb8/0x1b20 fs/io_uring.c:2467 __do_sys_io_uring_register fs/io_uring.c:2517 [inline] __se_sys_io_uring_register fs/io_uring.c:2499 [inline] __ia32_sys_io_uring_register+0x16f/0x1e0 fs/io_uring.c:2499 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f50849 Code: Bad RIP value. RSP: 002b:00000000f7f4c0cc EFLAGS: 00000296 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.4:7452 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D30472 7452 7415 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f50849 Code: Bad RIP value. RSP: 002b:00000000f7f2b0cc EFLAGS: 00000296 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000010005 RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.1:7450 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29360 7450 7413 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 __io_uring_register+0xb8/0x1b20 fs/io_uring.c:2467 __do_sys_io_uring_register fs/io_uring.c:2517 [inline] __se_sys_io_uring_register fs/io_uring.c:2499 [inline] __ia32_sys_io_uring_register+0x16f/0x1e0 fs/io_uring.c:2499 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f8e849 Code: Bad RIP value. RSP: 002b:00000000f7f8a0cc EFLAGS: 00000296 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.1:7453 blocked for more than 140 seconds. Not tainted 5.0.0-rc6+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D30472 7453 7413 0x20020004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x904/0x1c20 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x23b/0xa60 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f8e849 Code: Bad RIP value. RSP: 002b:00000000f7f690cc EFLAGS: 00000296 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000010005 RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Showing all locks held in the system: 1 lock held by khungtaskd/1040: #0: 000000009fa921ba (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4389 2 locks held by getty/7298: #0: 000000004a7145e4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000fe42dfa7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7299: #0: 00000000c6ed0fca (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000008263c9f0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7300: #0: 000000001bd0d39b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000004447455e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7301: #0: 0000000020a24f14 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000008995cb2a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7302: #0: 00000000a15e474e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000d1cdf31e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7303: #0: 000000002dd16c05 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000b4a62caf (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7304: #0: 000000006d1c008e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000c6faea38 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 1 lock held by syz-executor.2/7432: #0: 00000000ab2a4fa3 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 00000000ab2a4fa3 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 00000000ab2a4fa3 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.2/7433: #0: 00000000ab2a4fa3 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 00000000ab2a4fa3 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 00000000ab2a4fa3 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 1 lock held by syz-executor.2/7467: #0: 000000002648d90a (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 000000002648d90a (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 000000002648d90a (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.2/7468: #0: 000000002648d90a (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 000000002648d90a (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 000000002648d90a (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 1 lock held by syz-executor.0/7438: #0: 000000008ff7343f (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 000000008ff7343f (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 000000008ff7343f (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.0/7445: #0: 000000008ff7343f (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 000000008ff7343f (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 000000008ff7343f (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 1 lock held by syz-executor.4/7443: #0: 0000000098fbfbdb (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 0000000098fbfbdb (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 0000000098fbfbdb (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.4/7452: #0: 0000000098fbfbdb (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 0000000098fbfbdb (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 0000000098fbfbdb (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 1 lock held by syz-executor.1/7450: #0: 00000000a56c8de9 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 00000000a56c8de9 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 00000000a56c8de9 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.1/7453: #0: 00000000a56c8de9 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 00000000a56c8de9 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 00000000a56c8de9 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 1 lock held by syz-executor.3/7460: #0: 0000000004b89e33 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 0000000004b89e33 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 0000000004b89e33 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.3/7462: #0: 0000000004b89e33 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 0000000004b89e33 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 0000000004b89e33 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 1 lock held by syz-executor.5/7465: #0: 00000000dc75d550 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_register fs/io_uring.c:2516 [inline] #0: 00000000dc75d550 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_register fs/io_uring.c:2499 [inline] #0: 00000000dc75d550 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_register+0x15a/0x1e0 fs/io_uring.c:2499 1 lock held by syz-executor.5/7466: #0: 00000000dc75d550 (&ctx->uring_lock){+.+.}, at: __do_sys_io_uring_enter fs/io_uring.c:2216 [inline] #0: 00000000dc75d550 (&ctx->uring_lock){+.+.}, at: __se_sys_io_uring_enter fs/io_uring.c:2175 [inline] #0: 00000000dc75d550 (&ctx->uring_lock){+.+.}, at: __ia32_sys_io_uring_enter+0x4b9/0x870 fs/io_uring.c:2175 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1040 Comm: khungtaskd Not tainted 5.0.0-rc6+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.4+0x3e/0x76 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x121/0x15b lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x327/0x3f0 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 31 Comm: kworker/u4:2 Not tainted 5.0.0-rc6+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:lockdep_hardirqs_off+0xe/0x2c0 kernel/locking/lockdep.c:2822 Code: 45 00 e9 c1 fe ff ff e8 20 5c 45 00 e9 37 fe ff ff 90 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 <41> 55 49 89 fd 48 c7 c7 38 49 d2 88 48 89 fa 41 54 48 c1 ea 03 53 RSP: 0018:ffff8880a9adfc00 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffffffff813e7990 RCX: 0000000000000001 RDX: 1ffffffff1024587 RSI: 0000000000000201 RDI: ffffffff813e7990 RBP: ffff8880a9adfc00 R08: ffffed101138ec9c R09: ffffed101138ec9b R10: ffffed101138ec9b R11: ffff888089c764db R12: ffffffff86715368 R13: ffff8880a9ad20c0 R14: ffffffff868bc6c0 R15: ffff8880a7dde280 FS: 0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000d58000 CR3: 00000000a8231000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_hardirqs_off+0x41/0x190 kernel/trace/trace_preemptirq.c:43 __local_bh_enable_ip+0x120/0x260 kernel/softirq.c:171 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0x30/0x40 kernel/locking/spinlock.c:200 spin_unlock_bh include/linux/spinlock.h:374 [inline] batadv_nc_purge_paths+0x1d8/0x300 net/batman-adv/network-coding.c:482 batadv_nc_worker+0x1f3/0x630 net/batman-adv/network-coding.c:731 process_one_work+0x835/0x16b0 kernel/workqueue.c:2173 worker_thread+0x85/0xb60 kernel/workqueue.c:2319 kthread+0x327/0x3f0 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352