bisecting cause commit starting from abb3438d69fb6dd5baa4ae23eafbf5b87945eff1
building syzkaller on 344da168cb738076d82a75e1a7a1f5177df8dbc7
testing commit abb3438d69fb6dd5baa4ae23eafbf5b87945eff1 with gcc (GCC) 8.1.0
kernel signature: 15954c1f6522aa18c6574f7d79d516c5f72b1280b17fb2c50ae5a36d84298a8f
all runs: crashed: possible deadlock in __lock_task_sighand
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: a49f6343f4759e4d37490f12e6a6b253e7f111c81b41ac59da0f322ddff98d8d
all runs: OK
# git bisect start abb3438d69fb6dd5baa4ae23eafbf5b87945eff1 bcf876870b95592b52519ed4aafcf9d95999bc9c
Bisecting: 8206 revisions left to test after this (roughly 13 steps)
[8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm
testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0
kernel signature: ec69a9a91ffe389ba0b49cabf404d477c531a073fccd02e2f0fe9bd1d2fc6394
all runs: OK
# git bisect good 8186749621ed6b8fc42644c399e8c755a2b6f630
Bisecting: 4104 revisions left to test after this (roughly 12 steps)
[ed35832648b5c22ce39fe9c476065389c6f330ef] Merge tag 'auxdisplay-for-linus-v5.9-rc1' of git://github.com/ojeda/linux
testing commit ed35832648b5c22ce39fe9c476065389c6f330ef with gcc (GCC) 8.1.0
kernel signature: 4bf74d468d583f5160009f307077fa485fe13d526e9ab1525dce209949c9c93b
all runs: OK
# git bisect good ed35832648b5c22ce39fe9c476065389c6f330ef
Bisecting: 2040 revisions left to test after this (roughly 11 steps)
[086ba2ec163b638abd2a90ef3e8bab0238d02e56] Merge tag 'f2fs-for-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
testing commit 086ba2ec163b638abd2a90ef3e8bab0238d02e56 with gcc (GCC) 8.1.0
kernel signature: 37633fba71346a78d3ede1909b116d13ab230fa77082a7091cdde9b402c01daf
all runs: OK
# git bisect good 086ba2ec163b638abd2a90ef3e8bab0238d02e56
Bisecting: 1017 revisions left to test after this (roughly 10 steps)
[23c2c8c6fa325939f95d840f54bfdec3cb76906c] Merge tag 'for-5.9-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
testing commit 23c2c8c6fa325939f95d840f54bfdec3cb76906c with gcc (GCC) 8.1.0
kernel signature: a1d1ab56e3d3b064eaa59a70c041e210136fa4f8147928c15e59a2c3b127c344
all runs: OK
# git bisect good 23c2c8c6fa325939f95d840f54bfdec3cb76906c
Bisecting: 504 revisions left to test after this (roughly 9 steps)
[5bbec3cfe376ed0014d9456a9be11d5ed75d587b] Merge tag 'sh-for-5.9' of git://git.libc.org/linux-sh
testing commit 5bbec3cfe376ed0014d9456a9be11d5ed75d587b with gcc (GCC) 8.1.0
kernel signature: 2068a2db5e2cec48142cf82c6757927d9c31891abaae1cae58d7ebbd4cfc996a
all runs: OK
# git bisect good 5bbec3cfe376ed0014d9456a9be11d5ed75d587b
Bisecting: 239 revisions left to test after this (roughly 8 steps)
[d723b99ec9e502a414a96a51ec229333f807b47e] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
testing commit d723b99ec9e502a414a96a51ec229333f807b47e with gcc (GCC) 8.1.0
kernel signature: c96efcc12b0e8c7e9cfe5ed964f9bd8ff487c15cc04f3960d08713707aea2461
all runs: crashed: possible deadlock in __lock_task_sighand
# git bisect bad d723b99ec9e502a414a96a51ec229333f807b47e
Bisecting: 132 revisions left to test after this (roughly 7 steps)
[33d0f96ffd7394ffb208bb366be312d12dfd24a4] lib/string.c: Use freestanding environment
testing commit 33d0f96ffd7394ffb208bb366be312d12dfd24a4 with gcc (GCC) 8.1.0
kernel signature: af737bcb97f2df9ca59dfd9903b8ab4ea6818b13495553057861f31f276ee259
all runs: crashed: possible deadlock in __lock_task_sighand
# git bisect bad 33d0f96ffd7394ffb208bb366be312d12dfd24a4
Bisecting: 69 revisions left to test after this (roughly 6 steps)
[71a50419c7307bef6367e8f3787570f546ae96f8] Merge tag 'linux-can-fixes-for-5.9-20200815' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
testing commit 71a50419c7307bef6367e8f3787570f546ae96f8 with gcc (GCC) 8.1.0
kernel signature: 43a75fd9c79d71ad0d8b7a10ad5128490be58e0a899cc05eb804ba9ba7228da1
all runs: OK
# git bisect good 71a50419c7307bef6367e8f3787570f546ae96f8
Bisecting: 35 revisions left to test after this (roughly 5 steps)
[5a4fe0624687e62919a5913dc7c937fbfcf61fdc] mailmap: Add WeiXiong Liao
testing commit 5a4fe0624687e62919a5913dc7c937fbfcf61fdc with gcc (GCC) 8.1.0
kernel signature: 909d6c3e2b08e8bb5ec06681e8301990c83e22f39bc30fda7c64ebc88b9e0d55
all runs: crashed: possible deadlock in __lock_task_sighand
# git bisect bad 5a4fe0624687e62919a5913dc7c937fbfcf61fdc
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[d4e7cd36a90e38e0276d6ce0c20f5ccef17ec38c] io_uring: sanitize double poll handling
testing commit d4e7cd36a90e38e0276d6ce0c20f5ccef17ec38c with gcc (GCC) 8.1.0
kernel signature: dd073dd059f45b237c746456ca71352dc89dca09ff1c9bb7f65bd9a02a8821bb
all runs: crashed: possible deadlock in __lock_task_sighand
# git bisect bad d4e7cd36a90e38e0276d6ce0c20f5ccef17ec38c
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[9b7adba9eaec28e0e4343c96d0dbeb9578802f5f] io_uring: add missing REQ_F_COMP_LOCKED for nested requests
testing commit 9b7adba9eaec28e0e4343c96d0dbeb9578802f5f with gcc (GCC) 8.1.0
kernel signature: b06fb62edd819fbfac4c0604d659245567645e84c59d4455aa420110880aebea
all runs: crashed: possible deadlock in __lock_task_sighand
# git bisect bad 9b7adba9eaec28e0e4343c96d0dbeb9578802f5f
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[bd74048108c179cea0ff52979506164c80f29da7] io_uring: set ctx sq/cq entry count earlier
testing commit bd74048108c179cea0ff52979506164c80f29da7 with gcc (GCC) 8.1.0
kernel signature: 3963b3325ba25ce43ad52c670ed30087d52f8a776f07bcbb8422464ab269b8d2
all runs: OK
# git bisect good bd74048108c179cea0ff52979506164c80f29da7
Bisecting: 1 revision left to test after this (roughly 1 step)
[0ba9c9edcd152158a0e321a4c13ac1dfc571ff3d] io_uring: use TWA_SIGNAL for task_work uncondtionally
testing commit 0ba9c9edcd152158a0e321a4c13ac1dfc571ff3d with gcc (GCC) 8.1.0
kernel signature: a832873d430df1414f9cfd8eb28558b85c70f3b8b1c5beb3ec411933b61f53f1
all runs: crashed: possible deadlock in __lock_task_sighand
# git bisect bad 0ba9c9edcd152158a0e321a4c13ac1dfc571ff3d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f74441e6311a28f0ee89b9c8e296a33730f812fc] io_uring: account locked memory before potential error case
testing commit f74441e6311a28f0ee89b9c8e296a33730f812fc with gcc (GCC) 8.1.0
kernel signature: 74b8ed1deb40eb9afa4ae7fa4450c985f0827443fdfef3c29ff9c28828e0148d
all runs: OK
# git bisect good f74441e6311a28f0ee89b9c8e296a33730f812fc
0ba9c9edcd152158a0e321a4c13ac1dfc571ff3d is the first bad commit
commit 0ba9c9edcd152158a0e321a4c13ac1dfc571ff3d
Author: Jens Axboe <axboe@kernel.dk>
Date:   Thu Aug 6 19:41:50 2020 -0600

    io_uring: use TWA_SIGNAL for task_work uncondtionally
    
    An earlier commit:
    
    b7db41c9e03b ("io_uring: fix regression with always ignoring signals in io_cqring_wait()")
    
    ensured that we didn't get stuck waiting for eventfd reads when it's
    registered with the io_uring ring for event notification, but we still
    have cases where the task can be waiting on other events in the kernel and
    need a bigger nudge to make forward progress. Or the task could be in the
    kernel and running, but on its way to blocking.
    
    This means that TWA_RESUME cannot reliably be used to ensure we make
    progress. Use TWA_SIGNAL unconditionally.
    
    Cc: stable@vger.kernel.org # v5.7+
    Reported-by: Josef <josef.grieb@gmail.com>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 fs/io_uring.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
culprit signature: a832873d430df1414f9cfd8eb28558b85c70f3b8b1c5beb3ec411933b61f53f1
parent  signature: 74b8ed1deb40eb9afa4ae7fa4450c985f0827443fdfef3c29ff9c28828e0148d
revisions tested: 16, total time: 3h15m18.110561583s (build: 1h16m0.289726396s, test: 1h57m49.341319901s)
first bad commit: 0ba9c9edcd152158a0e321a4c13ac1dfc571ff3d io_uring: use TWA_SIGNAL for task_work uncondtionally
recipients (to): ["axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"]
recipients (cc): ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
crash: possible deadlock in __lock_task_sighand
============================================
WARNING: possible recursive locking detected
5.8.0-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.2/8375 is trying to acquire lock:
ffff888110e6e518 (&sighand->siglock){....}-{2:2}, at: __lock_task_sighand+0x81/0x180 kernel/signal.c:1390

but task is already holding lock:
ffff888110e6e518 (&sighand->siglock){....}-{2:2}, at: force_sig_info_to_task+0x1d/0xd0 kernel/signal.c:1316

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sighand->siglock);
  lock(&sighand->siglock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.2/8375:
 #0: ffff888110e6e518 (&sighand->siglock){....}-{2:2}, at: force_sig_info_to_task+0x1d/0xd0 kernel/signal.c:1316
 #1: ffff888110e6e560 (&sighand->signalfd_wqh){....}-{2:2}, at: __wake_up_common_lock+0x5c/0xb0 kernel/sched/wait.c:122
 #2: ffffffff842e1dc0 (rcu_read_lock){....}-{1:2}, at: __lock_task_sighand+0x0/0x180 kernel/signal.c:1366

stack backtrace:
CPU: 1 PID: 8375 Comm: syz-executor.2 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xb3/0xec lib/dump_stack.c:118
 print_deadlock_bug kernel/locking/lockdep.c:2391 [inline]
 check_deadlock kernel/locking/lockdep.c:2432 [inline]
 validate_chain kernel/locking/lockdep.c:3202 [inline]
 __lock_acquire.cold.68+0x152/0x2bb kernel/locking/lockdep.c:4426
 lock_acquire+0xd0/0x3e0 kernel/locking/lockdep.c:5005
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x55/0x70 kernel/locking/spinlock.c:159
 __lock_task_sighand+0x81/0x180 kernel/signal.c:1390
 lock_task_sighand include/linux/sched/signal.h:685 [inline]
 task_work_add+0x6e/0xc0 kernel/task_work.c:45
 io_req_task_work_add.isra.78+0x1b/0x40 fs/io_uring.c:1725
 __io_async_wake+0x9b/0x1e0 fs/io_uring.c:4519
 __wake_up_common+0x7f/0x1a0 kernel/sched/wait.c:93
 __wake_up_common_lock+0x75/0xb0 kernel/sched/wait.c:123
 signalfd_notify include/linux/signalfd.h:22 [inline]
 __send_signal+0x3d7/0x700 kernel/signal.c:1163
 force_sig_info_to_task+0xaf/0xd0 kernel/signal.c:1333
 force_sig_fault_to_task kernel/signal.c:1672 [inline]
 force_sig_fault+0x4e/0x70 kernel/signal.c:1679
 __bad_area_nosemaphore+0x144/0x1f0 arch/x86/mm/fault.c:779
 do_user_addr_fault arch/x86/mm/fault.c:1268 [inline]
 handle_page_fault arch/x86/mm/fault.c:1365 [inline]
 exc_page_fault+0x652/0x780 arch/x86/mm/fault.c:1418
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:549
RIP: 0033:0x402b88
Code: 05 00 48 89 7c 24 f8 48 89 74 24 f0 48 89 54 24 e8 48 89 4c 24 e0 48 8b 74 24 f8 4c 8b 4c 24 f0 48 8b 4c 24 e8 48 8b 54 24 e0 <8b> 86 0c 01 00 00 44 8b 86 08 01 00 00 c1 e0 04 8d b8 7f 01 00 00
RSP: 002b:00007fb57c799c68 EFLAGS: 00010216
RAX: 0000000000402b60 RBX: 000000000118cf40 RCX: 0000000020000200
RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff
RBP: 000000000118cf88 R08: 0000000000000000 R09: ffffffffffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 000000000169fb6f R14: 00007fb57c79a9c0 R15: 000000000118cf4c