bisecting fixing commit since 31acccdc877486a649a86d37725a15175fcd5ed6
building syzkaller on 4a7fa9b416fd0a961793328a785666d6d2c5976d
testing commit 31acccdc877486a649a86d37725a15175fcd5ed6 with gcc (GCC) 8.1.0
kernel signature: 2987e6c1ea70a94dab72c7f8145bbd3c6bef95bf783f8fbf709a77cc1ca49529
all runs: crashed: INFO: task hung in do_read_cache_page
testing current HEAD 13d2ce42de8cb98ff952f8de6307f896203854c2
testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 with gcc (GCC) 8.1.0
kernel signature: 66987c78fe1cee2dfc169ced0416f3086b4e02779cec0e047c4aaa8230e05a3d
all runs: crashed: INFO: task hung in do_read_cache_page
revisions tested: 2, total time: 31m27.576226065s (build: 17m26.02368047s, test: 13m21.573615193s)
the crash still happens on HEAD
commit msg: Linux 4.19.163
crash: INFO: task hung in do_read_cache_page
Dev nbd0: unable to read RDB block 0
 nbd0: unable to read partition table
ldm_validate_partition_table(): Disk read failed.
Dev nbd0: unable to read RDB block 0
 nbd0: unable to read partition table
INFO: task systemd-udevd:9165 blocked for more than 140 seconds.
      Not tainted 4.19.163-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd   D25464  9165   4388 0x00000120
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 schedule+0x7f/0x1b0 kernel/sched/core.c:3561
 io_schedule+0x1c/0x70 kernel/sched/core.c:5185
 wait_on_page_bit_common mm/filemap.c:1123 [inline]
 wait_on_page_bit+0x1c1/0x360 mm/filemap.c:1156
 wait_on_page_locked include/linux/pagemap.h:530 [inline]
 wait_on_page_read mm/filemap.c:2795 [inline]
 do_read_cache_page.part.5+0x32b/0xc90 mm/filemap.c:2834
 do_read_cache_page include/linux/pagemap.h:102 [inline]
 read_cache_page+0x40/0x70 mm/filemap.c:2924
 read_mapping_page include/linux/pagemap.h:402 [inline]
 read_dev_sector+0xbd/0x430 block/partition-generic.c:671
 read_part_sector block/partitions/check.h:38 [inline]
 adfspart_check_ICS+0x109/0xd30 block/partitions/acorn.c:366
 check_partition+0x314/0x5da block/partitions/check.c:167
 rescan_partitions+0x19e/0x8c0 block/partition-generic.c:535
 bdev_disk_changed+0x120/0x170 fs/block_dev.c:1435
 __blkdev_get+0xc7d/0x11f0 fs/block_dev.c:1561
 blkdev_get+0x271/0x8c0 fs/block_dev.c:1627
 blkdev_open+0x19f/0x200 fs/block_dev.c:1788
 do_dentry_open+0x3f1/0x1010 fs/open.c:796
 vfs_open+0x9a/0xc0 fs/open.c:902
 do_last fs/namei.c:3421 [inline]
 path_openat+0x905/0x2870 fs/namei.c:3537
 do_filp_open+0x177/0x250 fs/namei.c:3567
 do_sys_open+0x1dd/0x350 fs/open.c:1085
 __do_sys_open fs/open.c:1103 [inline]
 __se_sys_open fs/open.c:1098 [inline]
 __x64_sys_open+0x79/0xb0 fs/open.c:1098
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f01188b5840
Code: Bad RIP value.
RSP: 002b:00007ffdffaf0da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000055dee79b1500 RCX: 00007f01188b5840
RDX: 000055dee70bafe3 RSI: 00000000000a0800 RDI: 000055dee79b2ac0
RBP: 00007ffdffaf0f20 R08: 000055dee70ba670 R09: 0000000000000010
R10: 000055dee70bad0c R11: 0000000000000246 R12: 00007ffdffaf0e70
R13: 000055dee79b3d90 R14: 0000000000000003 R15: 000000000000000e
INFO: task systemd-udevd:9318 blocked for more than 140 seconds.
      Not tainted 4.19.163-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd   D25464  9318   4388 0x00000120
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 schedule+0x7f/0x1b0 kernel/sched/core.c:3561
 io_schedule+0x1c/0x70 kernel/sched/core.c:5185
 wait_on_page_bit_common mm/filemap.c:1123 [inline]
 wait_on_page_bit+0x1c1/0x360 mm/filemap.c:1156
 wait_on_page_locked include/linux/pagemap.h:530 [inline]
 wait_on_page_read mm/filemap.c:2795 [inline]
 do_read_cache_page.part.5+0x32b/0xc90 mm/filemap.c:2834
 do_read_cache_page include/linux/pagemap.h:102 [inline]
 read_cache_page+0x40/0x70 mm/filemap.c:2924
 read_mapping_page include/linux/pagemap.h:402 [inline]
 read_dev_sector+0xbd/0x430 block/partition-generic.c:671
 read_part_sector block/partitions/check.h:38 [inline]
 adfspart_check_ICS+0x109/0xd30 block/partitions/acorn.c:366
 check_partition+0x314/0x5da block/partitions/check.c:167
 rescan_partitions+0x19e/0x8c0 block/partition-generic.c:535
 bdev_disk_changed+0x120/0x170 fs/block_dev.c:1435
 __blkdev_get+0xc7d/0x11f0 fs/block_dev.c:1561
 blkdev_get+0x271/0x8c0 fs/block_dev.c:1627
 blkdev_open+0x19f/0x200 fs/block_dev.c:1788
 do_dentry_open+0x3f1/0x1010 fs/open.c:796
 vfs_open+0x9a/0xc0 fs/open.c:902
 do_last fs/namei.c:3421 [inline]
 path_openat+0x905/0x2870 fs/namei.c:3537
 do_filp_open+0x177/0x250 fs/namei.c:3567
 do_sys_open+0x1dd/0x350 fs/open.c:1085
 __do_sys_open fs/open.c:1103 [inline]
 __se_sys_open fs/open.c:1098 [inline]
 __x64_sys_open+0x79/0xb0 fs/open.c:1098
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f01188b5840
Code: Bad RIP value.
RSP: 002b:00007ffdffaf07b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000055dee79b4070 RCX: 00007f01188b5840
RDX: 000055dee70bafe3 RSI: 00000000000a0800 RDI: 000055dee79b2530
RBP: 00007ffdffaf0930 R08: 000055dee70ba670 R09: 0000000000000010
R10: 000055dee70bad0c R11: 0000000000000246 R12: 00007ffdffaf0880
R13: 000055dee79a0820 R14: 0000000000000003 R15: 000000000000000e
INFO: task syz-executor.3:9467 blocked for more than 140 seconds.
      Not tainted 4.19.163-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28232  9467   7812 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 schedule+0x7f/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 blkdev_put+0x25/0x480 fs/block_dev.c:1839
 blkdev_close+0x88/0xd0 fs/block_dev.c:1888
 __fput+0x249/0x7f0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x108/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x185/0x1e0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x417811
Code: Bad RIP value.
RSP: 002b:00007ffee0192f50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000417811
RDX: 0000001b33b20000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffee0193030 R11: 0000000000000293 R12: 000000000118c9a0
R13: 000000000118c9a0 R14: 00000000000003e8 R15: 000000000118c07c
INFO: task syz-executor.3:9471 blocked for more than 140 seconds.
      Not tainted 4.19.163-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28776  9471   7812 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 schedule+0x7f/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 __blkdev_get+0x19a/0x11f0 fs/block_dev.c:1478
 blkdev_get+0x271/0x8c0 fs/block_dev.c:1627
 blkdev_open+0x19f/0x200 fs/block_dev.c:1788
 do_dentry_open+0x3f1/0x1010 fs/open.c:796
 vfs_open+0x9a/0xc0 fs/open.c:902
 do_last fs/namei.c:3421 [inline]
 path_openat+0x905/0x2870 fs/namei.c:3537
 do_filp_open+0x177/0x250 fs/namei.c:3567
 do_sys_open+0x1dd/0x350 fs/open.c:1085
 __do_sys_open fs/open.c:1103 [inline]
 __se_sys_open fs/open.c:1098 [inline]
 __x64_sys_open+0x79/0xb0 fs/open.c:1098
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4179b1
Code: Bad RIP value.
RSP: 002b:00007fd79e183820 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004179b1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fd79e183850
RBP: 000000000118c008 R08: 000000000000000f R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000118bfd4
R13: 00007ffee0192edf R14: 00007fd79e1849c0 R15: 000000000118bfd4
INFO: task syz-executor.2:9518 blocked for more than 140 seconds.
      Not tainted 4.19.163-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D28232  9518   7813 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 schedule+0x7f/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 blkdev_put+0x25/0x480 fs/block_dev.c:1839
 blkdev_close+0x88/0xd0 fs/block_dev.c:1888
 __fput+0x249/0x7f0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x108/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x185/0x1e0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x417811
Code: Bad RIP value.
RSP: 002b:00007fff9ac6fcb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000417811
RDX: 0000001b2bc20000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff9ac6fd90 R11: 0000000000000293 R12: 000000000118c9a0
R13: 000000000118c9a0 R14: 00000000000003e8 R15: 000000000118c07c
INFO: task syz-executor.2:9523 blocked for more than 140 seconds.
      Not tainted 4.19.163-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D28776  9523   7813 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 schedule+0x7f/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 __blkdev_get+0x19a/0x11f0 fs/block_dev.c:1478
 blkdev_get+0x271/0x8c0 fs/block_dev.c:1627
 blkdev_open+0x19f/0x200 fs/block_dev.c:1788
 do_dentry_open+0x3f1/0x1010 fs/open.c:796
 vfs_open+0x9a/0xc0 fs/open.c:902
 do_last fs/namei.c:3421 [inline]
 path_openat+0x905/0x2870 fs/namei.c:3537
 do_filp_open+0x177/0x250 fs/namei.c:3567
 do_sys_open+0x1dd/0x350 fs/open.c:1085
 __do_sys_open fs/open.c:1103 [inline]
 __se_sys_open fs/open.c:1098 [inline]
 __x64_sys_open+0x79/0xb0 fs/open.c:1098
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4179b1
Code: Bad RIP value.
RSP: 002b:00007fd048a6b820 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004179b1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fd048a6b850
RBP: 000000000118c008 R08: 000000000000000f R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000118bfd4
R13: 00007fff9ac6fc3f R14: 00007fd048a6c9c0 R15: 000000000118bfd4

Showing all locks held in the system:
1 lock held by khungtaskd/1565:
 #0: 00000000b2f5f410 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4442
1 lock held by systemd-udevd/9165:
 #0: 0000000009b5ff04 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19a/0x11f0 fs/block_dev.c:1478
1 lock held by systemd-udevd/9318:
 #0: 0000000011bb3362 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19a/0x11f0 fs/block_dev.c:1478
1 lock held by syz-executor.3/9467:
 #0: 0000000011bb3362 (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x25/0x480 fs/block_dev.c:1839
1 lock held by syz-executor.3/9471:
 #0: 0000000011bb3362 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19a/0x11f0 fs/block_dev.c:1478
1 lock held by syz-executor.2/9518:
 #0: 0000000009b5ff04 (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x25/0x480 fs/block_dev.c:1839
1 lock held by syz-executor.2/9523:
 #0: 0000000009b5ff04 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19a/0x11f0 fs/block_dev.c:1478

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1565 Comm: khungtaskd Not tainted 4.19.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x22a lib/dump_stack.c:118
 nmi_cpu_backtrace.cold.0+0x3c/0x78 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0xf6/0x11a lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x5c3/0xb40 kernel/hung_task.c:287
 kthread+0x347/0x410 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x12/0x20 arch/x86/include/asm/irqflags.h:60