bisecting cause commit starting from 6d5afe20397b478192ed8c38ec0ee10fa3aec649 building syzkaller on 0d298d6b2e4a48a2b4d3413cabc199e5f61c1dd4 testing commit 6d5afe20397b478192ed8c38ec0ee10fa3aec649 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_sw_release_resources_tx testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_sw_free_resources_tx testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in lock_sock_nested run #1: crashed: INFO: task hung in tls_sw_free_resources_tx run #2: crashed: INFO: task hung in tls_sw_free_resources_tx run #3: crashed: INFO: task hung in tls_sw_free_resources_tx run #4: crashed: INFO: task hung in tls_sw_free_resources_tx run #5: crashed: INFO: task hung in tls_sw_free_resources_tx run #6: crashed: INFO: task hung in tls_sw_free_resources_tx run #7: crashed: INFO: task hung in tls_sw_free_resources_tx run #8: crashed: INFO: task hung in tls_sw_free_resources_tx run #9: crashed: INFO: task hung in lock_sock_nested testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v5.1 v5.0 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in corrupted run #1: crashed: INFO: task hung in tls_sw_free_resources_tx run #2: crashed: INFO: task hung in lock_sock_nested run #3: crashed: INFO: task hung in lock_sock_nested run #4: crashed: INFO: task hung in tls_sw_free_resources_tx run #5: crashed: INFO: task hung in tls_sw_free_resources_tx run #6: crashed: INFO: task hung in tls_sw_free_resources_tx run #7: crashed: INFO: task hung in tls_sw_free_resources_tx run #8: crashed: INFO: task hung in tls_sw_free_resources_tx run #9: crashed: INFO: task hung in tls_sw_free_resources_tx # git bisect bad b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3569 revisions left to test after this (roughly 12 steps) [3478588b5136966c80c571cf0006f08e9e5b8f04] Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3478588b5136966c80c571cf0006f08e9e5b8f04 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in tls_sw_free_resources_tx run #1: crashed: INFO: task hung in lock_sock_nested run #2: crashed: INFO: task hung in tls_sw_free_resources_tx run #3: crashed: INFO: task hung in tls_sw_free_resources_tx run #4: crashed: INFO: task hung in tls_sw_free_resources_tx run #5: crashed: INFO: task hung in tls_sw_free_resources_tx run #6: crashed: INFO: task hung in tls_sw_free_resources_tx run #7: crashed: INFO: task hung in tls_sw_free_resources_tx run #8: crashed: INFO: task hung in tls_sw_free_resources_tx run #9: crashed: INFO: task hung in tls_sw_free_resources_tx # git bisect bad 3478588b5136966c80c571cf0006f08e9e5b8f04 Bisecting: 1673 revisions left to test after this (roughly 11 steps) [1a2566085650be593d464c4d73ac2d20ff67c058] Merge tag 'wireless-drivers-next-for-davem-2019-02-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 1a2566085650be593d464c4d73ac2d20ff67c058 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in lock_sock_nested run #1: crashed: INFO: task hung in tls_sw_free_resources_tx run #2: crashed: INFO: task hung in tls_sw_free_resources_tx run #3: crashed: INFO: task hung in tls_sw_free_resources_tx run #4: crashed: INFO: task hung in tls_sw_free_resources_tx run #5: crashed: INFO: task hung in tls_sw_free_resources_tx run #6: crashed: INFO: task hung in tls_sw_free_resources_tx run #7: crashed: INFO: task hung in corrupted run #8: crashed: INFO: task hung in lock_sock_nested run #9: crashed: INFO: task hung in tls_sw_free_resources_tx # git bisect bad 1a2566085650be593d464c4d73ac2d20ff67c058 Bisecting: 920 revisions left to test after this (roughly 10 steps) [deedf1feb255c7a390309f615e50de37cb82fb61] r8169: Avoid pointer aliasing testing commit deedf1feb255c7a390309f615e50de37cb82fb61 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_sw_free_resources_tx # git bisect bad deedf1feb255c7a390309f615e50de37cb82fb61 Bisecting: 432 revisions left to test after this (roughly 9 steps) [ec7146db150082737cbfeacaae0f33e42c95cf18] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit ec7146db150082737cbfeacaae0f33e42c95cf18 with gcc (GCC) 8.1.0 all runs: boot failed: WARNING: workqueue cpumask: online intersect > possible intersect # git bisect skip ec7146db150082737cbfeacaae0f33e42c95cf18 Bisecting: 432 revisions left to test after this (roughly 9 steps) [6e6b904ad4f9aed43ec320afbd5a52ed8461ab41] ip_tunnel: Fix route fl4 init in ip_md_tunnel_xmit testing commit 6e6b904ad4f9aed43ec320afbd5a52ed8461ab41 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6e6b904ad4f9aed43ec320afbd5a52ed8461ab41 Bisecting: 267 revisions left to test after this (roughly 8 steps) [beb73559bf57b0151dba0c27c4f866599f57bb0b] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit beb73559bf57b0151dba0c27c4f866599f57bb0b with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_sw_free_resources_tx # git bisect bad beb73559bf57b0151dba0c27c4f866599f57bb0b Bisecting: 149 revisions left to test after this (roughly 7 steps) [782a624d00fa22e7499f5abc29747501ec671313] bnxt_en: Add bnxt_en initial port params table and register it testing commit 782a624d00fa22e7499f5abc29747501ec671313 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 782a624d00fa22e7499f5abc29747501ec671313 Bisecting: 74 revisions left to test after this (roughly 6 steps) [743e568c15860d4061202f73214c106a5bb0890b] samples/bpf: Add a "force" flag to XDP samples testing commit 743e568c15860d4061202f73214c106a5bb0890b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 743e568c15860d4061202f73214c106a5bb0890b Bisecting: 37 revisions left to test after this (roughly 5 steps) [130b392c6cd6b2aed1b7eb32253d4920babb4891] net: tls: Add tls 1.3 support testing commit 130b392c6cd6b2aed1b7eb32253d4920babb4891 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in tls_sw_free_resources_tx run #1: crashed: INFO: task hung in tls_sw_free_resources_tx run #2: crashed: INFO: task hung in tls_sw_free_resources_tx run #3: crashed: INFO: task hung in tls_sw_free_resources_tx run #4: crashed: INFO: task hung in tls_sw_free_resources_tx run #5: crashed: INFO: task hung in tls_sw_free_resources_tx run #6: crashed: INFO: task hung in tls_sw_free_resources_tx run #7: crashed: INFO: task hung in tls_sw_free_resources_tx run #8: crashed: INFO: task hung in tls_sw_free_resources_tx run #9: crashed: INFO: task hung in lock_sock_nested # git bisect bad 130b392c6cd6b2aed1b7eb32253d4920babb4891 Bisecting: 18 revisions left to test after this (roughly 4 steps) [2ec56f9180091a7ff5e178bdca7672c912d74326] mac80211: remove unused variable testing commit 2ec56f9180091a7ff5e178bdca7672c912d74326 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2ec56f9180091a7ff5e178bdca7672c912d74326 Bisecting: 10 revisions left to test after this (roughly 3 steps) [7d4194633b29342d93501b53accebf638da134ad] mac80211: fix missing/malformed documentation testing commit 7d4194633b29342d93501b53accebf638da134ad with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7d4194633b29342d93501b53accebf638da134ad Bisecting: 3 revisions left to test after this (roughly 3 steps) [d3a5fd3c987c5e341bf78b79ef4d81080081b7d2] Merge tag 'batadv-next-for-davem-20190201' of git://git.open-mesh.org/linux-merge testing commit d3a5fd3c987c5e341bf78b79ef4d81080081b7d2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good d3a5fd3c987c5e341bf78b79ef4d81080081b7d2 Bisecting: 1 revision left to test after this (roughly 1 step) [a2ef9b6a22bd22841bde53e52cc50476fb4d1a5d] net: tls: Refactor tls aad space size calculation testing commit a2ef9b6a22bd22841bde53e52cc50476fb4d1a5d with gcc (GCC) 8.1.0 all runs: OK # git bisect good a2ef9b6a22bd22841bde53e52cc50476fb4d1a5d Bisecting: 0 revisions left to test after this (roughly 0 steps) [fedf201e12960bd2fab0596422851b20a8d80d20] net: tls: Refactor control message handling on recv testing commit fedf201e12960bd2fab0596422851b20a8d80d20 with gcc (GCC) 8.1.0 all runs: OK # git bisect good fedf201e12960bd2fab0596422851b20a8d80d20 130b392c6cd6b2aed1b7eb32253d4920babb4891 is the first bad commit commit 130b392c6cd6b2aed1b7eb32253d4920babb4891 Author: Dave Watson Date: Wed Jan 30 21:58:31 2019 +0000 net: tls: Add tls 1.3 support TLS 1.3 has minor changes from TLS 1.2 at the record layer. * Header now hardcodes the same version and application content type in the header. * The real content type is appended after the data, before encryption (or after decryption). * The IV is xored with the sequence number, instead of concatinating four bytes of IV with the explicit IV. * Zero-padding: No exlicit length is given, we search backwards from the end of the decrypted data for the first non-zero byte, which is the content type. Currently recv supports reading zero-padding, but there is no way for send to add zero padding. Signed-off-by: Dave Watson Signed-off-by: David S. Miller :040000 040000 41f794fa56d3ca2175010614b1df9b38ae9a9baa 4ccb3d1765fce7d4a6471a7c0c34433cb8c5c22a M include :040000 040000 7978a76738108df18612c03dc121ecc7e86bac5c 51ccd728bc22149617c0ded29fd70b01f4263c1f M net revisions tested: 19, total time: 4h47m5.949675684s (build: 1h48m59.295831744s, test: 2h51m43.873322647s) first bad commit: 130b392c6cd6b2aed1b7eb32253d4920babb4891 net: tls: Add tls 1.3 support cc: ["aviadye@mellanox.com" "borisp@mellanox.com" "daniel@iogearbox.net" "davejwatson@fb.com" "davem@davemloft.net" "john.fastabend@gmail.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org"] crash: INFO: task hung in lock_sock_nested 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 INFO: task kworker/0:0:5 blocked for more than 140 seconds. Not tainted 5.0.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:0 D26096 5 2 0x80000000 Workqueue: events tx_work_handler Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x8fe/0x1c00 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 __lock_sock+0x129/0x200 net/core/sock.c:2285 lock_sock_nested+0xda/0x100 net/core/sock.c:2810 lock_sock include/net/sock.h:1506 [inline] tx_work_handler+0x95/0xd0 net/tls/tls_sw.c:2056 process_one_work+0x830/0x1670 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task syz-executor.1:7869 blocked for more than 140 seconds. Not tainted 5.0.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D26496 7869 7362 0x00000006 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x8fe/0x1c00 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d5/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:688 [inline] tls_sw_free_resources_tx+0x308/0x950 net/tls/tls_sw.c:1967 tls_sk_proto_close+0x525/0x6b0 net/tls/tls_main.c:284 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:428 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:473 __sock_release+0xc2/0x230 net/socket.c:579 sock_close+0x10/0x20 net/socket.c:1141 __fput+0x249/0x7f0 fs/file_table.c:278 ____fput+0x9/0x10 fs/file_table.c:309 task_work_run+0x108/0x180 kernel/task_work.c:113 get_signal+0xe40/0x11d0 kernel/signal.c:2347 do_signal+0x87/0x1930 arch/x86/kernel/signal.c:816 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x407/0x4d0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459829 Code: Bad RIP value. RSP: 002b:00007f15376d2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: 0000000000110000 RBX: 0000000000000006 RCX: 0000000000459829 RDX: ffffffffffffff7f RSI: 00000000200005c0 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15376d36d4 R13: 00000000004c77e7 R14: 00000000004dd068 R15: 00000000ffffffff INFO: task syz-executor.5:7876 blocked for more than 140 seconds. Not tainted 5.0.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28168 7876 7363 0x00000004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x8fe/0x1c00 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d5/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:688 [inline] tls_sw_free_resources_tx+0x308/0x950 net/tls/tls_sw.c:1967 tls_sk_proto_close+0x525/0x6b0 net/tls/tls_main.c:284 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:428 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:473 __sock_release+0xc2/0x230 net/socket.c:579 sock_close+0x10/0x20 net/socket.c:1141 __fput+0x249/0x7f0 fs/file_table.c:278 ____fput+0x9/0x10 fs/file_table.c:309 task_work_run+0x108/0x180 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x1a9/0x200 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x407/0x4d0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413511 Code: 8c d6 65 00 ba 02 00 00 00 bf 28 38 44 00 ff 15 7d a1 24 00 85 c0 0f 85 37 fe ff ff 31 c9 31 f6 41 b9 b0 20 41 00 41 b8 90 d6 <65> 00 ba 03 00 00 00 bf 31 38 44 00 ff 15 55 a1 24 00 85 c0 0f 85 RSP: 002b:00007ffce8a245c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511 RDX: 0000001b2fd20000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff R10: 00007ffce8a246a0 R11: 0000000000000293 R12: 000000000075c9a0 R13: 000000000075c9a0 R14: 00000000007607a0 R15: ffffffffffffffff INFO: task syz-executor.2:7880 blocked for more than 140 seconds. Not tainted 5.0.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28168 7880 7354 0x00000004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x8fe/0x1c00 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d5/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:688 [inline] tls_sw_free_resources_tx+0x308/0x950 net/tls/tls_sw.c:1967 tls_sk_proto_close+0x525/0x6b0 net/tls/tls_main.c:284 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:428 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:473 __sock_release+0xc2/0x230 net/socket.c:579 sock_close+0x10/0x20 net/socket.c:1141 __fput+0x249/0x7f0 fs/file_table.c:278 ____fput+0x9/0x10 fs/file_table.c:309 task_work_run+0x108/0x180 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x1a9/0x200 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x407/0x4d0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413511 Code: 8c d6 65 00 ba 02 00 00 00 bf 28 38 44 00 ff 15 7d a1 24 00 85 c0 0f 85 37 fe ff ff 31 c9 31 f6 41 b9 b0 20 41 00 41 b8 90 d6 <65> 00 ba 03 00 00 00 bf 31 38 44 00 ff 15 55 a1 24 00 85 c0 0f 85 RSP: 002b:00007ffe3904dd40 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511 RDX: 0000001b2f420000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff R10: 00007ffe3904de20 R11: 0000000000000293 R12: 000000000075bf20 R13: 0000000000012af8 R14: 00000000007607a0 R15: ffffffffffffffff INFO: task syz-executor.3:7888 blocked for more than 140 seconds. Not tainted 5.0.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28168 7888 7356 0x00000004 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x8fe/0x1c00 kernel/sched/core.c:3485 schedule+0x7f/0x180 kernel/sched/core.c:3529 schedule_timeout+0x6d5/0xda0 kernel/time/timer.c:1779 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:688 [inline] tls_sw_free_resources_tx+0x308/0x950 net/tls/tls_sw.c:1967 tls_sk_proto_close+0x525/0x6b0 net/tls/tls_main.c:284 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:428 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:473 __sock_release+0xc2/0x230 net/socket.c:579 sock_close+0x10/0x20 net/socket.c:1141 __fput+0x249/0x7f0 fs/file_table.c:278 ____fput+0x9/0x10 fs/file_table.c:309 task_work_run+0x108/0x180 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x1a9/0x200 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x407/0x4d0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413511 Code: 8c d6 65 00 ba 02 00 00 00 bf 28 38 44 00 ff 15 7d a1 24 00 85 c0 0f 85 37 fe ff ff 31 c9 31 f6 41 b9 b0 20 41 00 41 b8 90 d6 <65> 00 ba 03 00 00 00 bf 31 38 44 00 ff 15 55 a1 24 00 85 c0 0f 85 RSP: 002b:00007fff7ea77010 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511 RDX: 0000001b2f520000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff R10: 00007fff7ea770f0 R11: 0000000000000293 R12: 000000000075bf20 R13: 0000000000012ca1 R14: 00000000007607a0 R15: ffffffffffffffff Showing all locks held in the system: 2 locks held by kworker/0:0/5: #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000021f50c2c ((wq_completion)"events"){+.+.}, at: process_one_work+0x762/0x1670 kernel/workqueue.c:2124 #1: 00000000c7039eae ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0x792/0x1670 kernel/workqueue.c:2128 1 lock held by khungtaskd/1038: #0: 00000000b2821712 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4389 1 lock held by rsyslogd/7152: #0: 0000000054823d9f (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:795 2 locks held by getty/7242: #0: 000000000d4485be (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000b1ddd871 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7243: #0: 000000003f8cae75 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000eab27327 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7244: #0: 000000000234e745 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000010d6ee5d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7245: #0: 0000000046068461 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000084a2b42e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7246: #0: 00000000cb6fe5aa (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000062f70da7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7247: #0: 000000002a6e3d82 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000b252b542 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/7248: #0: 00000000906cd622 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000086ec5e8e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by syz-executor.1/7869: #0: 0000000066ae9d57 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:757 [inline] #0: 0000000066ae9d57 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578 #1: 0000000082b74a2c (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1506 [inline] #1: 0000000082b74a2c (sk_lock-AF_INET6){+.+.}, at: tls_sk_proto_close+0xcd/0x6b0 net/tls/tls_main.c:266 2 locks held by syz-executor.5/7876: #0: 00000000074c4975 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:757 [inline] #0: 00000000074c4975 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578 #1: 000000009121d439 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1506 [inline] #1: 000000009121d439 (sk_lock-AF_INET6){+.+.}, at: tls_sk_proto_close+0xcd/0x6b0 net/tls/tls_main.c:266 2 locks held by syz-executor.2/7880: #0: 0000000096adf843 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:757 [inline] #0: 0000000096adf843 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578 #1: 00000000300c200b (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1506 [inline] #1: 00000000300c200b (sk_lock-AF_INET6){+.+.}, at: tls_sk_proto_close+0xcd/0x6b0 net/tls/tls_main.c:266 2 locks held by syz-executor.3/7888: #0: 00000000aa0ccb91 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:757 [inline] #0: 00000000aa0ccb91 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578 #1: 00000000f533f5d5 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1506 [inline] #1: 00000000f533f5d5 (sk_lock-AF_INET6){+.+.}, at: tls_sk_proto_close+0xcd/0x6b0 net/tls/tls_main.c:266 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1038 Comm: khungtaskd Not tainted 5.0.0-rc4+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.4+0x3e/0x76 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x121/0x15b lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 7864 Comm: kworker/u4:6 Not tainted 5.0.0-rc4+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:debug_lockdep_rcu_enabled.part.3+0xb/0x60 kernel/rcu/update.c:246 Code: c3 e8 99 2e e8 ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 27 ff ff ff 5d c3 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 <48> 89 e5 53 65 48 8b 1c 25 40 ee 01 00 48 8d bb 7c 08 00 00 48 89 RSP: 0018:ffff888091d87bf8 EFLAGS: 00000002 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88d2db78 RBP: ffff888091d87c08 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 00000000a92fc000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0x2f4/0x3d0 kernel/locking/lockdep.c:3840 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] batadv_nc_purge_paths+0xc0/0x2f0 net/batman-adv/network-coding.c:453 batadv_nc_worker+0x225/0x630 net/batman-adv/network-coding.c:733 process_one_work+0x830/0x1670 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352