bisecting cause commit starting from f2906aa863381afb0015a9eb7fefad885d4e5a56 building syzkaller on c885789257c76ea4479ea36282f5e0a2c7861e26 testing commit f2906aa863381afb0015a9eb7fefad885d4e5a56 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f74e0fd55675f59b54046c41d7811efbea3067bbd1567ded0789b08bb8275cec run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: crashed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness run #10: boot failed: INFO: task hung in add_early_randomness run #11: boot failed: INFO: task hung in add_early_randomness run #12: boot failed: INFO: task hung in add_early_randomness run #13: boot failed: INFO: task hung in add_early_randomness run #14: boot failed: INFO: task hung in add_early_randomness run #15: boot failed: INFO: task hung in add_early_randomness run #16: boot failed: INFO: task hung in add_early_randomness run #17: boot failed: INFO: task hung in add_early_randomness run #18: boot failed: INFO: task hung in add_early_randomness run #19: boot failed: INFO: task hung in add_early_randomness testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 41697f9b807a68efb77f3c2c0371ff73efb6ce461de5582d067e9d66b9e9a0ce all runs: OK # git bisect start f2906aa863381afb0015a9eb7fefad885d4e5a56 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 7030 revisions left to test after this (roughly 13 steps) [2518f226c60d8e04d18ba4295500a5b0b8ac7659] Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm testing commit 2518f226c60d8e04d18ba4295500a5b0b8ac7659 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ed3b327ddb8fea991960384dcdff1ceed509497462c0e2d485691b70c24e81a1 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 2518f226c60d8e04d18ba4295500a5b0b8ac7659 Bisecting: 3527 revisions left to test after this (roughly 12 steps) [aef1ff15927421a55312b4b9b2881a89a344bd80] Merge tag 'jfs-5.19' of https://github.com/kleikamp/linux-shaggy testing commit aef1ff15927421a55312b4b9b2881a89a344bd80 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6e9f27c575ca45a60d52957fdf94bf98e21ef601cbf323352c7fe40356d226e3 all runs: OK # git bisect good aef1ff15927421a55312b4b9b2881a89a344bd80 Bisecting: 1749 revisions left to test after this (roughly 11 steps) [09a018176ba246f00d6b6b526047d38dcd2955d3] Merge tag 'arm-late-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 09a018176ba246f00d6b6b526047d38dcd2955d3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f8a8647b624749fa216a42d0f1ad28268ba6e391938c6d4cd210375c1b2b5270 all runs: OK # git bisect good 09a018176ba246f00d6b6b526047d38dcd2955d3 Bisecting: 834 revisions left to test after this (roughly 10 steps) [54c2cc79194c961a213c1d375fe3aa4165664cc4] Merge tag 'usb-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 54c2cc79194c961a213c1d375fe3aa4165664cc4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3fd4738558cffa0f239d49b7453e7fe78b8a0c38b06e87b030ff77de15681743 run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 54c2cc79194c961a213c1d375fe3aa4165664cc4 Bisecting: 549 revisions left to test after this (roughly 9 steps) [6a31a95135da0bb2c5349e49e37d76e9909ab7ea] staging: r8188eu: remove include/rtw_debug.h testing commit 6a31a95135da0bb2c5349e49e37d76e9909ab7ea compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8b6ce09372c74abafa50e3a3c4c5ffa588c00e7393ceafc094cdd023d5b4268c all runs: OK # git bisect good 6a31a95135da0bb2c5349e49e37d76e9909ab7ea Bisecting: 326 revisions left to test after this (roughly 8 steps) [4ad680f083ec360e0991c453e18a38ed9ae500d7] Merge tag 'staging-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 4ad680f083ec360e0991c453e18a38ed9ae500d7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3400c8cfd70f32969cce7e8b86a4b44f881c238880b34af5c2442c7f13a19ee5 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: crashed: INFO: task hung in add_early_randomness run #5: crashed: INFO: task hung in add_early_randomness run #6: crashed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 4ad680f083ec360e0991c453e18a38ed9ae500d7 Bisecting: 130 revisions left to test after this (roughly 7 steps) [6f6ebb9899861c8a4e49cc7d9796d024f731b512] Merge tag 'sound-fix-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 6f6ebb9899861c8a4e49cc7d9796d024f731b512 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 36acbd6de5c6caf88d6f7a7d0db164fc09c97ca207257de45bc05533733fa80a all runs: OK # git bisect good 6f6ebb9899861c8a4e49cc7d9796d024f731b512 Bisecting: 65 revisions left to test after this (roughly 6 steps) [6e5f6a86915d65210e90acac0402e6f37e21fc7b] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 6e5f6a86915d65210e90acac0402e6f37e21fc7b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 602d319c6eb73e3c83ee63be5388fd0216ac6feca74bbcd0a6ae4543be051479 run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: crashed: INFO: task hung in add_early_randomness run #5: crashed: INFO: task hung in add_early_randomness run #6: crashed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 6e5f6a86915d65210e90acac0402e6f37e21fc7b Bisecting: 32 revisions left to test after this (roughly 5 steps) [6fd763d155860eb7ea3a93c8b3bf926940ffa3fb] virtio-crypto: change code style testing commit 6fd763d155860eb7ea3a93c8b3bf926940ffa3fb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6cb5cd0a6e6d961e53fb470ba593f5efc6450186905367c5f84b94104328792c all runs: OK # git bisect good 6fd763d155860eb7ea3a93c8b3bf926940ffa3fb Bisecting: 16 revisions left to test after this (roughly 4 steps) [be83f04d2529e8dc4273efdd1ccf7b7502741071] virtio: allow to unbreak virtqueue testing commit be83f04d2529e8dc4273efdd1ccf7b7502741071 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 90d1acd175cdb27ed019224f77d147e2a4ebf28a9e8dfb768d900d1f4bbe2f86 all runs: OK # git bisect good be83f04d2529e8dc4273efdd1ccf7b7502741071 Bisecting: 8 revisions left to test after this (roughly 3 steps) [2c029f3298594c5160ae1036f03db607fa891484] vhost_net: get rid of vhost_net_flush_vq() and extra flush calls testing commit 2c029f3298594c5160ae1036f03db607fa891484 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 70de7a5c98d50531ff252228fd8e993c36fff23067ea2e491558b9ac3b1fc3bd run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 2c029f3298594c5160ae1036f03db607fa891484 Bisecting: 3 revisions left to test after this (roughly 2 steps) [1f97b9785076d32fbabb8fa23889f9969c84118d] vdpasim: Off by one in vdpasim_set_group_asid() testing commit 1f97b9785076d32fbabb8fa23889f9969c84118d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 72661921e57ad300437c9aa20b5faced976013c84c629ef33aa94cf764f10b2c run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: crashed: INFO: task hung in add_early_randomness run #5: crashed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 1f97b9785076d32fbabb8fa23889f9969c84118d Bisecting: 1 revision left to test after this (roughly 1 step) [619e9e14ba3c97a80776c0b5a68a01caa41dd148] virtio: use WARN_ON() to warning illegal status value testing commit 619e9e14ba3c97a80776c0b5a68a01caa41dd148 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f04430f5255a8f9a6591690eb54210374ca74850137010e3b4e1921ca41fc7ee run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 619e9e14ba3c97a80776c0b5a68a01caa41dd148 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8b4ec69d7e098a7ddf832e1e7840de53ed474c77] virtio: harden vring IRQ testing commit 8b4ec69d7e098a7ddf832e1e7840de53ed474c77 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 26a066bd6388cfafffd317839a0610cffc1928d10cbb7571587d6b39640010df run #0: crashed: INFO: task hung in add_early_randomness run #1: crashed: INFO: task hung in add_early_randomness run #2: crashed: INFO: task hung in add_early_randomness run #3: crashed: INFO: task hung in add_early_randomness run #4: crashed: INFO: task hung in add_early_randomness run #5: crashed: INFO: task hung in add_early_randomness run #6: crashed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect bad 8b4ec69d7e098a7ddf832e1e7840de53ed474c77 8b4ec69d7e098a7ddf832e1e7840de53ed474c77 is the first bad commit commit 8b4ec69d7e098a7ddf832e1e7840de53ed474c77 Author: Jason Wang Date: Fri May 27 14:01:19 2022 +0800 virtio: harden vring IRQ This is a rework on the previous IRQ hardening that is done for virtio-pci where several drawbacks were found and were reverted: 1) try to use IRQF_NO_AUTOEN which is not friendly to affinity managed IRQ that is used by some device such as virtio-blk 2) done only for PCI transport The vq->broken is re-used in this patch for implementing the IRQ hardening. The vq->broken is set to true during both initialization and reset. And the vq->broken is set to false in virtio_device_ready(). Then vring_interrupt() can check and return when vq->broken is true. And in this case, switch to return IRQ_NONE to let the interrupt core aware of such invalid interrupt to prevent IRQ storm. The reason of using a per queue variable instead of a per device one is that we may need it for per queue reset hardening in the future. Note that the hardening is only done for vring interrupt since the config interrupt hardening is already done in commit 22b7050a024d7 ("virtio: defer config changed notifications"). But the method that is used by config interrupt can't be reused by the vring interrupt handler because it uses spinlock to do the synchronization which is expensive. Cc: Thomas Gleixner Cc: Peter Zijlstra Cc: "Paul E. McKenney" Cc: Marc Zyngier Cc: Halil Pasic Cc: Cornelia Huck Cc: Vineeth Vijayan Cc: Peter Oberparleiter Cc: linux-s390@vger.kernel.org Signed-off-by: Jason Wang Message-Id: <20220527060120.20964-9-jasowang@redhat.com> Signed-off-by: Michael S. Tsirkin Reviewed-by: Xuan Zhuo drivers/s390/virtio/virtio_ccw.c | 4 ++++ drivers/virtio/virtio.c | 15 ++++++++++++--- drivers/virtio/virtio_mmio.c | 5 +++++ drivers/virtio/virtio_pci_modern_dev.c | 5 +++++ drivers/virtio/virtio_ring.c | 11 +++++++---- include/linux/virtio_config.h | 20 ++++++++++++++++++++ 6 files changed, 53 insertions(+), 7 deletions(-) culprit signature: 26a066bd6388cfafffd317839a0610cffc1928d10cbb7571587d6b39640010df parent signature: 90d1acd175cdb27ed019224f77d147e2a4ebf28a9e8dfb768d900d1f4bbe2f86 revisions tested: 16, total time: 4h36m29.843772961s (build: 1h44m9.104209449s, test: 2h50m42.41201606s) first bad commit: 8b4ec69d7e098a7ddf832e1e7840de53ed474c77 virtio: harden vring IRQ recipients (to): ["jasowang@redhat.com" "mst@redhat.com" "xuanzhuo@linux.alibaba.com"] recipients (cc): [] crash: INFO: task hung in add_early_randomness INFO: task kworker/0:1:14 blocked for more than 143 seconds. Not tainted 5.18.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1 state:D stack:24288 pid: 14 ppid: 2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: context_switch kernel/sched/core.c:5116 [inline] __schedule+0x9cd/0x4af0 kernel/sched/core.c:6431 schedule+0xd2/0x1f0 kernel/sched/core.c:6503 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6562 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747 add_early_randomness+0x14/0x120 drivers/char/hw_random/core.c:69 hwrng_register+0x2e1/0x410 drivers/char/hw_random/core.c:599 chaoskey_probe+0x6f1/0xb40 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:542 [inline] really_probe+0x1c1/0x9d0 drivers/base/dd.c:621 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752 driver_probe_device+0x44/0x110 drivers/base/dd.c:782 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427 __device_attach+0x1db/0x410 drivers/base/dd.c:970 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487 device_add+0x9ca/0x1b10 drivers/base/core.c:3402 usb_set_configuration+0xc91/0x1840 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238 usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:542 [inline] really_probe+0x1c1/0x9d0 drivers/base/dd.c:621 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752 driver_probe_device+0x44/0x110 drivers/base/dd.c:782 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427 __device_attach+0x1db/0x410 drivers/base/dd.c:970 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487 device_add+0x9ca/0x1b10 drivers/base/core.c:3402 usb_new_device.cold+0x5d1/0xeeb drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5665 [inline] hub_event+0x114d/0x39b0 drivers/usb/core/hub.c:5747 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 Showing all locks held in the system: 6 locks held by kworker/0:1/14: #0: ffff8881457b5d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8881457b5d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8881457b5d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8881457b5d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8881457b5d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8881457b5d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000034fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff888020408190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:762 [inline] #2: ffff888020408190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693 #3: ffff88807609d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:762 [inline] #3: ffff88807609d190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945 #4: ffff8880791b2118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:762 [inline] #4: ffff8880791b2118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945 #5: ffffffff8bbde3c8 (reading_mutex){+.+.}-{3:3}, at: add_early_randomness+0x14/0x120 drivers/char/hw_random/core.c:69 1 lock held by khungtaskd/28: #0: ffffffff8b17a460 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6491 1 lock held by hwrng/755: #0: ffffffff8bbde3c8 (reading_mutex){+.+.}-{3:3}, at: hwrng_fillfn+0xbb/0x250 drivers/char/hw_random/core.c:503 2 locks held by getty/3280: #0: ffff88801d0e1098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:244 #1: ffffc90001c082e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9d7/0xed0 drivers/tty/n_tty.c:2075 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.18.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x140/0x170 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline] watchdog+0x891/0xc20 kernel/hung_task.c:378 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 5.18.0-syzkaller #0 CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 5.18.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:rol32 include/linux/bitops.h:75 [inline] RIP: 0010:iterate_chain_key kernel/locking/lockdep.c:447 [inline] RIP: 0010:__lock_acquire+0xc87/0x55d0 kernel/locking/lockdep.c:5041 Code: c2 06 31 ca 41 89 d7 29 d3 01 c2 41 c1 c7 08 41 31 df 44 89 f9 44 29 f8 41 01 d7 c1 c1 10 44 89 fe 31 c8 89 c1 29 c2 44 01 f8 c9 0d 31 ca 01 d0 29 d6 89 d1 48 8b 54 24 38 c1 c1 04 31 f1 48 RSP: 0018:ffffc9000031f788 EFLAGS: 00000013 RAX: 000000004bacb9c2 RBX: 00000000bf03c6e3 RCX: 0000000071a75887 RDX: 00000000aef67b2c RSI: 00000000da05613b RDI: ffffffff8f973da0 RBP: ffff888011e18b4a R08: 0000000000000000 R09: ffffffff8f96c8d7 R10: fffffbfff1f2d91a R11: 0000000000000001 R12: ffff888011e18b28 R13: ffff888011e18000 R14: 0000000000000000 R15: 00000000da05613b FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4683f089e0 CR3: 000000000ae8e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire kernel/locking/lockdep.c:5665 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] __get_locked_pte+0x105/0x210 mm/memory.c:1830 get_locked_pte include/linux/mm.h:2132 [inline] __text_poke+0x1b3/0x8e0 arch/x86/kernel/alternative.c:1052 text_poke arch/x86/kernel/alternative.c:1137 [inline] text_poke_bp_batch+0x44c/0x6d0 arch/x86/kernel/alternative.c:1483 text_poke_flush arch/x86/kernel/alternative.c:1589 [inline] text_poke_flush arch/x86/kernel/alternative.c:1586 [inline] text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1596 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146 static_key_enable_cpuslocked+0x15f/0x220 kernel/jump_label.c:177 static_key_enable+0x11/0x20 kernel/jump_label.c:190 toggle_allocation_gate mm/kfence/core.c:808 [inline] toggle_allocation_gate+0xe3/0x310 mm/kfence/core.c:800 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 ---------------- Code disassembly (best guess): 0: c2 06 31 retq $0x3106 3: ca 41 89 lret $0x8941 6: d7 xlat %ds:(%rbx) 7: 29 d3 sub %edx,%ebx 9: 01 c2 add %eax,%edx b: 41 c1 c7 08 rol $0x8,%r15d f: 41 31 df xor %ebx,%r15d 12: 44 89 f9 mov %r15d,%ecx 15: 44 29 f8 sub %r15d,%eax 18: 41 01 d7 add %edx,%r15d 1b: c1 c1 10 rol $0x10,%ecx 1e: 44 89 fe mov %r15d,%esi 21: 31 c8 xor %ecx,%eax 23: 89 c1 mov %eax,%ecx 25: 29 c2 sub %eax,%edx 27: 44 01 f8 add %r15d,%eax * 2a: c1 c9 0d ror $0xd,%ecx <-- trapping instruction 2d: 31 ca xor %ecx,%edx 2f: 01 d0 add %edx,%eax 31: 29 d6 sub %edx,%esi 33: 89 d1 mov %edx,%ecx 35: 48 8b 54 24 38 mov 0x38(%rsp),%rdx 3a: c1 c1 04 rol $0x4,%ecx 3d: 31 f1 xor %esi,%ecx 3f: 48 rex.W