bisecting fixing commit since 203ec2fed17ade9582277570eb234be52085f8c5 building syzkaller on f48c20b8f9b2a6c26629f11cc15e1c9c316572c8 testing commit 203ec2fed17ade9582277570eb234be52085f8c5 with gcc (GCC) 8.1.0 kernel signature: 6d9465ba90b32ce2dc86ee5e08f4ba0b39ac9a45 all runs: crashed: INFO: task hung in xlog_grant_head_check testing current HEAD 6794862a16ef41f753abd75c03a152836e4c8028 testing commit 6794862a16ef41f753abd75c03a152836e4c8028 with gcc (GCC) 8.1.0 kernel signature: 8a7fd95bfc291cc109f1d577ebc159c0955ac951 all runs: crashed: INFO: task hung in xlog_grant_head_check revisions tested: 2, total time: 24m0.667907813s (build: 10m57.396746324s, test: 12m12.882004578s) the crash still happens on HEAD commit msg: Merge tag 'for-5.5-rc1-kconfig-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux crash: INFO: task hung in xlog_grant_head_check XFS (loop5): Filesystem has duplicate UUID 984f0b50-42b6-4b06-bc86-cba3e6cc3f80 - can't mount XFS (loop1): Filesystem has duplicate UUID 984f0b50-42b6-4b06-bc86-cba3e6cc3f80 - can't mount XFS (loop3): Filesystem has duplicate UUID 984f0b50-42b6-4b06-bc86-cba3e6cc3f80 - can't mount INFO: task syz-executor2:5872 blocked for more than 122 seconds. Not tainted 5.5.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor2 D26184 5872 4543 0x00004004 Call Trace: context_switch kernel/sched/core.c:3385 [inline] __schedule+0x895/0x1900 kernel/sched/core.c:4081 schedule+0xc0/0x2b0 kernel/sched/core.c:4155 xlog_grant_head_wait+0x123/0x9d0 fs/xfs/xfs_log.c:278 xlog_grant_head_check+0x24d/0x3a0 fs/xfs/xfs_log.c:340 xfs_log_reserve+0x2ea/0xa90 fs/xfs/xfs_log.c:465 xfs_log_write_unmount_record+0x186/0x790 fs/xfs/xfs_log.c:890 xfs_log_unmount_write fs/xfs/xfs_log.c:986 [inline] xfs_log_quiesce+0x3d8/0x490 fs/xfs/xfs_log.c:1049 xfs_log_unmount+0x1a/0xb0 fs/xfs/xfs_log.c:1063 xfs_log_mount_cancel+0x3a/0x50 fs/xfs/xfs_log.c:854 xfs_mountfs+0xecd/0x19b0 fs/xfs/xfs_mount.c:958 xfs_fc_fill_super+0x6d9/0xf20 fs/xfs/xfs_super.c:1506 get_tree_bdev+0x3d7/0x5c0 fs/super.c:1340 xfs_fc_get_tree+0x10/0x20 fs/xfs/xfs_super.c:1550 vfs_get_tree+0x8b/0x2d0 fs/super.c:1545 do_new_mount fs/namespace.c:2822 [inline] do_mount+0x1285/0x1b70 fs/namespace.c:3142 ksys_mount+0xba/0xe0 fs/namespace.c:3351 __do_sys_mount fs/namespace.c:3365 [inline] __se_sys_mount fs/namespace.c:3362 [inline] __x64_sys_mount+0xb9/0x150 fs/namespace.c:3362 do_syscall_64+0xd0/0x600 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45858a Code: Bad RIP value. RSP: 002b:00007fc0db35aba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045858a RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007fc0db35abf0 RBP: 0000000000000001 R08: 00000000200001c0 R09: 0000000020000040 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000001 R14: 00000000006fed98 R15: 0000000000000000 Showing all locks held in the system: 1 lock held by khungtaskd/928: #0: ffffffff88395d40 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x279 kernel/locking/lockdep.c:5334 1 lock held by rsyslogd/4098: 2 locks held by getty/4191: #0: ffff8881cea56090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b422e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4192: #0: ffff8881cdd30090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b562e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4193: #0: ffff8881cdde2090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b6e2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4194: #0: ffff8881cd4e7090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b722e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4195: #0: ffff8881d2e3d090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b662e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4196: #0: ffff8881c1eea090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b6a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4197: #0: ffff8881ce96f090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b3a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 1 lock held by syz-executor2/5872: #0: ffff8881cc9760d8 (&type->s_umount_key#46/1){+.+.}, at: alloc_super+0x134/0x8a0 fs/super.c:229 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 928 Comm: khungtaskd Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x12f/0x187 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.8+0x46/0x83 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x160/0x177 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x624/0xc30 kernel/hung_task.c:289 kthread+0x334/0x3f0 kernel/kthread.c:255 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__lock_release kernel/locking/lockdep.c:4269 [inline] RIP: 0010:lock_release+0x323/0x900 kernel/locking/lockdep.c:4503 Code: 03 0f b6 14 11 84 d2 74 09 80 fa 03 0f 8e b1 05 00 00 66 83 68 22 10 66 f7 40 22 f0 ff 0f 85 3b 01 00 00 4c 89 d1 45 8b 75 c0 <48> ba 00 00 00 00 00 fc ff df 48 c1 e9 03 0f b6 14 11 84 d2 74 09 RSP: 0018:ffffffff88207ae0 EFLAGS: 00000046 RAX: ffffffff8827b918 RBX: 1ffffffff1040f60 RCX: ffffffff8827b910 RDX: 0000000000000003 RSI: ffff8881db026ed8 RDI: ffffffff8827b93a RBP: ffffffff88207bc8 R08: fffffbfff11c48c9 R09: 0000000000000001 R10: ffffffff8827b910 R11: ffffffff88e24647 R12: ffffffff8827b0c0 R13: ffffffff88207ba0 R14: 0000000000000000 R15: ffffffff815a2c24 FS: 0000000000000000(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000458560 CR3: 00000001c15e5000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_unlock+0x15/0x30 kernel/locking/spinlock.c:183 get_next_timer_interrupt+0xf4/0x260 kernel/time/timer.c:1655 tick_nohz_next_event+0x441/0x690 kernel/time/tick-sched.c:703 __tick_nohz_idle_stop_tick kernel/time/tick-sched.c:954 [inline] tick_nohz_idle_stop_tick+0x475/0x9b0 kernel/time/tick-sched.c:984 cpuidle_idle_call kernel/sched/idle.c:151 [inline] do_idle+0x47c/0x6a0 kernel/sched/idle.c:269 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:361 rest_init+0x1a1/0x276 init/main.c:451 arch_call_rest_init+0x9/0xc start_kernel+0x70f/0x74a init/main.c:784 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:490 x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:471 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242