bisecting fixing commit since 203ec2fed17ade9582277570eb234be52085f8c5 building syzkaller on f48c20b8f9b2a6c26629f11cc15e1c9c316572c8 testing commit 203ec2fed17ade9582277570eb234be52085f8c5 with gcc (GCC) 8.1.0 kernel signature: 975e1f037dac1f29aa367ae16acc0ecce8318923 all runs: crashed: INFO: task hung in xlog_grant_head_check testing current HEAD 040a3c33623ba4bd11588ab0820281b854a3ffaf testing commit 040a3c33623ba4bd11588ab0820281b854a3ffaf with gcc (GCC) 8.1.0 kernel signature: b15a6b8214f9178301f6851f8988fc9a7fbb685e all runs: crashed: INFO: task hung in xlog_grant_head_check revisions tested: 2, total time: 23m16.85545061s (build: 10m9.00161556s, test: 12m30.157847193s) the crash still happens on HEAD commit msg: Merge tag 'iommu-fixes-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu crash: INFO: task hung in xlog_grant_head_check XFS (loop3): Filesystem has duplicate UUID 984f0b50-42b6-4b06-bc86-cba3e6cc3f80 - can't mount XFS (loop2): Filesystem has duplicate UUID 984f0b50-42b6-4b06-bc86-cba3e6cc3f80 - can't mount XFS (loop5): Filesystem has duplicate UUID 984f0b50-42b6-4b06-bc86-cba3e6cc3f80 - can't mount INFO: task syz-executor:5891 blocked for more than 122 seconds. Not tainted 5.5.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor D26232 5891 4550 0x00004004 Call Trace: context_switch kernel/sched/core.c:3385 [inline] __schedule+0x895/0x1900 kernel/sched/core.c:4081 schedule+0xc0/0x2b0 kernel/sched/core.c:4155 xlog_grant_head_wait+0x123/0x9d0 fs/xfs/xfs_log.c:278 xlog_grant_head_check+0x24d/0x3a0 fs/xfs/xfs_log.c:340 xfs_log_reserve+0x2ea/0xa90 fs/xfs/xfs_log.c:465 xfs_log_write_unmount_record+0x186/0x790 fs/xfs/xfs_log.c:890 xfs_log_unmount_write fs/xfs/xfs_log.c:986 [inline] xfs_log_quiesce+0x3d8/0x490 fs/xfs/xfs_log.c:1049 xfs_log_unmount+0x1a/0xb0 fs/xfs/xfs_log.c:1063 xfs_log_mount_cancel+0x3a/0x50 fs/xfs/xfs_log.c:854 xfs_mountfs+0x1089/0x1a00 fs/xfs/xfs_mount.c:1022 xfs_fc_fill_super+0x6d9/0xf20 fs/xfs/xfs_super.c:1506 get_tree_bdev+0x3d7/0x5c0 fs/super.c:1342 xfs_fc_get_tree+0x10/0x20 fs/xfs/xfs_super.c:1550 vfs_get_tree+0x8b/0x2d0 fs/super.c:1547 do_new_mount fs/namespace.c:2822 [inline] do_mount+0x1285/0x1b70 fs/namespace.c:3142 __do_sys_mount fs/namespace.c:3351 [inline] __se_sys_mount fs/namespace.c:3328 [inline] __x64_sys_mount+0x169/0x1c0 fs/namespace.c:3328 do_syscall_64+0xd0/0x600 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45858a Code: 48 89 ac 24 00 80 00 00 48 8d ac 24 00 80 00 00 48 8b 59 20 48 85 db 75 27 48 c7 c0 00 00 00 00 cc 48 c7 c0 01 00 00 00 cc 48 <8b> ac 24 00 80 00 00 48 81 c4 08 80 00 00 c3 e8 82 d9 ff ff eb 90 RSP: 002b:00007fe902f0aba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045858a RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007fe902f0abf0 RBP: 0000000000000001 R08: 00000000200001c0 R09: 0000000020000040 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000001 R14: 00000000006fed98 R15: 0000000000000000 Showing all locks held in the system: 1 lock held by khungtaskd/931: #0: ffffffff88395d00 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x279 kernel/locking/lockdep.c:5334 1 lock held by rsyslogd/4109: 2 locks held by getty/4199: #0: ffff8881cd48a090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b6a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4200: #0: ffff8881ccc75090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b862e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4201: #0: ffff8881ccc74090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b942e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4202: #0: ffff8881bf8bd090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b722e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4203: #0: ffff8881cc81b090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b8a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4204: #0: ffff8881ccf7a090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b902e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 2 locks held by getty/4205: #0: ffff8881c2378090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90000b622e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1920 drivers/tty/n_tty.c:2156 1 lock held by syz-executor/5891: #0: ffff8881be5f20d8 (&type->s_umount_key#46/1){+.+.}, at: alloc_super+0x134/0x8a0 fs/super.c:229 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 931 Comm: khungtaskd Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x12f/0x187 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.8+0x46/0x83 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x160/0x177 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x624/0xc30 kernel/hung_task.c:289 kthread+0x334/0x3f0 kernel/kthread.c:255 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:arch_local_irq_disable arch/x86/include/asm/paravirt.h:757 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:770 [inline] RIP: 0010:__local_bh_disable_ip+0x84/0x120 kernel/softirq.c:116 Code: a0 cb 32 88 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 93 00 00 00 48 83 3d dc e7 f2 06 00 <74> 6e fa 66 0f 1f 44 00 00 65 01 35 74 3a c2 7e 65 8b 05 6d 3a c2 RSP: 0018:ffff8881db009ec8 EFLAGS: 00000082 RAX: dffffc0000000000 RBX: 0000000000000086 RCX: 0000000000000000 RDX: 1ffffffff1065974 RSI: 0000000000000100 RDI: ffffffff8832cba0 RBP: ffff8881db009ee0 R08: ffffed103b606fad R09: ffffed103b606fad R10: ffffed103b606fac R11: ffff8881db037d63 R12: ffffffff813ffb2b R13: ffff8881db000000 R14: 0000000000000000 R15: ffffffff88137160 FS: 0000000000000000(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 00000001d1756000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __do_softirq+0xdf/0x94c kernel/softirq.c:269 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x1bb/0x1e0 kernel/softirq.c:413 scheduler_ipi+0x368/0x5a0 kernel/sched/core.c:2348 smp_reschedule_interrupt+0x75/0x440 arch/x86/kernel/smp.c:244 reschedule_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:853 RIP: 0010:native_safe_halt+0x12/0x20 arch/x86/include/asm/irqflags.h:61 Code: 1c bc fa e9 ef fe ff ff 48 89 df e8 d8 1c bc fa eb a4 cc cc cc cc cc cc 55 48 89 e5 e9 07 00 00 00 0f 00 2d f0 3d 48 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00 RSP: 0018:ffffffff88207ce8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff02 RAX: dffffc0000000000 RBX: ffffffff8827b040 RCX: 0000000000000000 RDX: 1ffffffff1065976 RSI: 0000000000000006 RDI: ffffffff8832cbb0 RBP: ffffffff88207ce8 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff88e25c40 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:144 [inline] default_idle+0x54/0x310 arch/x86/kernel/process.c:699 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:690 default_idle_call+0x87/0xa0 kernel/sched/idle.c:94 cpuidle_idle_call kernel/sched/idle.c:154 [inline] do_idle+0x486/0x6a0 kernel/sched/idle.c:269 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:361 rest_init+0x1a1/0x276 init/main.c:451 arch_call_rest_init+0x9/0xc start_kernel+0x70f/0x74a init/main.c:784 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:490 x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:471 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242