bisecting cause commit starting from 4e78c578cb987725eef1cec7d11b6437109e9a49 building syzkaller on a6e3ac3bf259067ffd6e50fe8e4a158f097c1da5 testing commit 4e78c578cb987725eef1cec7d11b6437109e9a49 with gcc (GCC) 8.1.0 kernel signature: 739f818d39665bd64d08a81f674031b693e454e109b1076875680b54bd71e1fb all runs: crashed: INFO: task can't die in nbd_ioctl testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 934f0a134532bbbd345c7e8b605e59600f755e76ac937b8aa8fb348b839f419b all runs: crashed: INFO: task hung in nbd_ioctl testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 8730770d68f8e920985126c577ec2dcb31f1816337898b7dcb97124240c2a41c all runs: crashed: INFO: task hung in nbd_ioctl testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 4ae4066aac269b53531f9918b3ba0dd6fc3d87512114c76bb809662ef2dc626b all runs: crashed: INFO: task hung in nbd_ioctl testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 45aeaceb370a64e3178f2eadba5531b17ec6fa935d31a95bc0d8d72046145e22 all runs: crashed: INFO: task hung in nbd_ioctl testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: bab260d628365ed71ccc1559f08c8204e4cbdf185812bd3fc6ecb52e920a0a9a all runs: crashed: INFO: task hung in nbd_ioctl testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: ee1d6e6cd28eb9e9ba8627ace7cdffb0124f17b2356c9ef1885647a8cb9efdd5 run #0: crashed: possible deadlock in flush_workqueue run #1: crashed: possible deadlock in nbd_config_put run #2: crashed: possible deadlock in worker_thread run #3: crashed: possible deadlock in worker_thread run #4: crashed: possible deadlock in worker_thread run #5: crashed: possible deadlock in worker_thread run #6: crashed: possible deadlock in worker_thread run #7: crashed: possible deadlock in flush_workqueue run #8: crashed: INFO: task hung in nbd_ioctl run #9: crashed: INFO: task hung in nbd_ioctl testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: d48f5d5c0a7d9960417bedfc3c77f0e04878000f3da7c3e8df88535dc40e8299 all runs: OK # git bisect start 219d54332a09e8d8741c1e1982f5eae56099de85 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 7882 revisions left to test after this (roughly 13 steps) [a9f8b38a071b468276a243ea3ea5a0636e848cf2] Merge tag 'for-linus-5.4-1' of git://github.com/cminyard/linux-ipmi testing commit a9f8b38a071b468276a243ea3ea5a0636e848cf2 with gcc (GCC) 8.1.0 kernel signature: 4b76fad8017b679915c2bfbfa53011ebdc97b3a586cb7abc66e363e18828122e run #0: crashed: possible deadlock in flush_workqueue run #1: crashed: possible deadlock in worker_thread run #2: crashed: possible deadlock in flush_workqueue run #3: crashed: possible deadlock in flush_workqueue run #4: crashed: possible deadlock in flush_workqueue run #5: crashed: possible deadlock in flush_workqueue run #6: crashed: possible deadlock in nbd_config_put run #7: crashed: INFO: task hung in nbd_ioctl run #8: crashed: INFO: task hung in nbd_ioctl run #9: crashed: INFO: task hung in nbd_ioctl # git bisect bad a9f8b38a071b468276a243ea3ea5a0636e848cf2 Bisecting: 3920 revisions left to test after this (roughly 12 steps) [fe38bd6862074c0a2b9be7f31f043aaa70b2af5f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit fe38bd6862074c0a2b9be7f31f043aaa70b2af5f with gcc (GCC) 8.1.0 kernel signature: 5f24d9797803f013a68f67b96c2d831091350356d2e18234426fb24ba1362b31 run #0: crashed: INFO: task hung in nbd_config_put run #1: crashed: INFO: task hung in nbd_ioctl run #2: crashed: INFO: task hung in nbd_ioctl run #3: crashed: INFO: task hung in nbd_config_put run #4: crashed: INFO: task hung in nbd_ioctl run #5: crashed: INFO: task hung in nbd_config_put run #6: crashed: INFO: task hung in nbd_ioctl run #7: crashed: INFO: task hung in nbd_ioctl run #8: crashed: INFO: task hung in nbd_ioctl run #9: crashed: INFO: task hung in nbd_ioctl # git bisect bad fe38bd6862074c0a2b9be7f31f043aaa70b2af5f Bisecting: 1970 revisions left to test after this (roughly 11 steps) [fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35] Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35 with gcc (GCC) 8.1.0 kernel signature: 9a187b18667308a5a1003486462fdf137db7ae605e1de7489f92acd03eb7b89a all runs: OK # git bisect good fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35 Bisecting: 1254 revisions left to test after this (roughly 10 steps) [ea982ba7f79141d86eb7a440fcba6796ed718b9b] Merge tag 'mmc-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit ea982ba7f79141d86eb7a440fcba6796ed718b9b with gcc (GCC) 8.1.0 kernel signature: 4e1755ba0a40314df91bd962a6c1834c03ec0d54e712c9a53c2d86bc331bca82 run #0: crashed: INFO: task hung in nbd_ioctl run #1: crashed: INFO: task hung in nbd_ioctl run #2: crashed: INFO: task hung in nbd_ioctl run #3: crashed: INFO: task hung in nbd_ioctl run #4: crashed: INFO: task hung in nbd_ioctl run #5: crashed: INFO: task hung in nbd_ioctl run #6: crashed: INFO: task hung in nbd_ioctl run #7: crashed: INFO: task hung in nbd_ioctl run #8: crashed: INFO: task hung in nbd_config_put run #9: crashed: INFO: task hung in nbd_ioctl # git bisect bad ea982ba7f79141d86eb7a440fcba6796ed718b9b Bisecting: 358 revisions left to test after this (roughly 9 steps) [6dec8c15e5faa2a3c02d2e1d1b03b926b545ec0a] Merge tag 'xtensa-20190917' of git://github.com/jcmvbkbc/linux-xtensa testing commit 6dec8c15e5faa2a3c02d2e1d1b03b926b545ec0a with gcc (GCC) 8.1.0 kernel signature: 415fd419d30467222496f7f3baf133f4c4e68e891e7421c2b57325ef158be652 all runs: OK # git bisect good 6dec8c15e5faa2a3c02d2e1d1b03b926b545ec0a Bisecting: 179 revisions left to test after this (roughly 8 steps) [21fa1004ff5d749c90cef77525b73a49ef5583dc] Merge branch 'nvme-5.4' of git://git.infradead.org/nvme into for-5.4/block testing commit 21fa1004ff5d749c90cef77525b73a49ef5583dc with gcc (GCC) 8.1.0 kernel signature: 2a472ae639a68fb9b3ed036e01feb0b69270ff8465c14b3789c4ba9684f181d5 all runs: crashed: INFO: task hung in nbd_ioctl # git bisect bad 21fa1004ff5d749c90cef77525b73a49ef5583dc Bisecting: 89 revisions left to test after this (roughly 7 steps) [10407ec9b42d30a6ebc49f7f84e2bb2131438699] nvme-tcp: Use protocol specific operations while reading socket testing commit 10407ec9b42d30a6ebc49f7f84e2bb2131438699 with gcc (GCC) 8.1.0 kernel signature: 327a509e7c58883d90a24b9b2f9c75eaeb7d951acec0da66d811df99a0341475 all runs: crashed: INFO: task hung in nbd_ioctl # git bisect bad 10407ec9b42d30a6ebc49f7f84e2bb2131438699 Bisecting: 44 revisions left to test after this (roughly 6 steps) [5cc23ed75b629dfb0f8f7a7d0c80e0bab36b3960] block: sed-opal: Add/remove spaces testing commit 5cc23ed75b629dfb0f8f7a7d0c80e0bab36b3960 with gcc (GCC) 8.1.0 kernel signature: 1b39f9408e43846b45f0fdc0814d27d57bdd5fbe036ad55f6ce021ee11837bb9 all runs: OK # git bisect good 5cc23ed75b629dfb0f8f7a7d0c80e0bab36b3960 Bisecting: 22 revisions left to test after this (roughly 5 steps) [97b27821b4854ca744946dae32a3f2fd55bcd5bc] writeback, memcg: Implement foreign dirty flushing testing commit 97b27821b4854ca744946dae32a3f2fd55bcd5bc with gcc (GCC) 8.1.0 kernel signature: d60029ed1f4a000d1f4bdbfe24eb15da8b10c3d7f90129d882ba818dd8d9ac83 run #0: crashed: INFO: task hung in nbd_ioctl run #1: crashed: INFO: task hung in nbd_ioctl run #2: crashed: INFO: task hung in nbd_config_put run #3: crashed: INFO: task hung in nbd_ioctl run #4: crashed: INFO: task hung in nbd_ioctl run #5: crashed: INFO: task hung in nbd_ioctl run #6: crashed: INFO: task hung in nbd_ioctl run #7: crashed: INFO: task hung in nbd_ioctl run #8: crashed: INFO: task hung in nbd_ioctl run #9: crashed: INFO: task hung in nbd_ioctl # git bisect bad 97b27821b4854ca744946dae32a3f2fd55bcd5bc Bisecting: 10 revisions left to test after this (roughly 4 steps) [d4b186ed227b80334abf1fe2c918c0ddc4374f38] null_blk: move duplicate code to callers testing commit d4b186ed227b80334abf1fe2c918c0ddc4374f38 with gcc (GCC) 8.1.0 kernel signature: c974a34862ad40b60b58667b52d918c926929024f4e9fb5f480cc839bd5575ff all runs: crashed: INFO: task hung in nbd_ioctl # git bisect bad d4b186ed227b80334abf1fe2c918c0ddc4374f38 Bisecting: 5 revisions left to test after this (roughly 3 steps) [887e975c4172d0d5670c39ead2f18ba1e4ec8133] nbd: add missing config put testing commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133 with gcc (GCC) 8.1.0 kernel signature: 01d0876f3d5f22754c7cae6c2ca161a30b92fb6839a5a849f9f62f2315f86823 all runs: OK # git bisect good 887e975c4172d0d5670c39ead2f18ba1e4ec8133 Bisecting: 2 revisions left to test after this (roughly 2 steps) [320ea869a12cec206756207c6ca5f817ec45c7f2] block: improve the gap check in __bio_add_pc_page testing commit 320ea869a12cec206756207c6ca5f817ec45c7f2 with gcc (GCC) 8.1.0 kernel signature: 5419e81061e207248dd97c3dac4a7ab42d38ae41e332e8461002841d6c360304 all runs: crashed: INFO: task hung in nbd_ioctl # git bisect bad 320ea869a12cec206756207c6ca5f817ec45c7f2 Bisecting: 0 revisions left to test after this (roughly 1 step) [e9e006f5fcf2bab59149cb38a48a4817c1b538b4] nbd: fix max number of supported devs testing commit e9e006f5fcf2bab59149cb38a48a4817c1b538b4 with gcc (GCC) 8.1.0 kernel signature: 06f025a4a7be21cd755d6a7453d65851189d18d7cdee170ad55d545e7d8fa050 run #0: crashed: INFO: task hung in nbd_ioctl run #1: crashed: INFO: task hung in nbd_ioctl run #2: crashed: INFO: task hung in nbd_ioctl run #3: crashed: INFO: task hung in nbd_ioctl run #4: crashed: INFO: task hung in nbd_ioctl run #5: crashed: INFO: task hung in nbd_ioctl run #6: crashed: INFO: task hung in nbd_config_put run #7: crashed: INFO: task hung in nbd_ioctl run #8: crashed: INFO: task hung in nbd_ioctl run #9: crashed: INFO: task hung in nbd_config_put # git bisect bad e9e006f5fcf2bab59149cb38a48a4817c1b538b4 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2da22da573481cc4837e246d0eee4d518b3f715e] nbd: fix zero cmd timeout handling v2 testing commit 2da22da573481cc4837e246d0eee4d518b3f715e with gcc (GCC) 8.1.0 kernel signature: 865c5ffeae9fed095a661e1712477e8f7dfbdbaedd9d3c7c5a84965df01ab6d2 all runs: OK # git bisect good 2da22da573481cc4837e246d0eee4d518b3f715e e9e006f5fcf2bab59149cb38a48a4817c1b538b4 is the first bad commit commit e9e006f5fcf2bab59149cb38a48a4817c1b538b4 Author: Mike Christie Date: Sun Aug 4 14:10:06 2019 -0500 nbd: fix max number of supported devs This fixes a bug added in 4.10 with commit: commit 9561a7ade0c205bc2ee035a2ac880478dcc1a024 Author: Josef Bacik Date: Tue Nov 22 14:04:40 2016 -0500 nbd: add multi-connection support that limited the number of devices to 256. Before the patch we could create 1000s of devices, but the patch switched us from using our own thread to using a work queue which has a default limit of 256 active works. The problem is that our recv_work function sits in a loop until disconnection but only handles IO for one connection. The work is started when the connection is started/restarted, but if we end up creating 257 or more connections, the queue_work call just queues connection257+'s recv_work and that waits for connection 1 - 256's recv_work to be disconnected and that work instance completing. Instead of reverting back to kthreads, this has us allocate a workqueue_struct per device, so we can block in the work. Cc: stable@vger.kernel.org Reviewed-by: Josef Bacik Signed-off-by: Mike Christie Signed-off-by: Jens Axboe drivers/block/nbd.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) culprit signature: 06f025a4a7be21cd755d6a7453d65851189d18d7cdee170ad55d545e7d8fa050 parent signature: 865c5ffeae9fed095a661e1712477e8f7dfbdbaedd9d3c7c5a84965df01ab6d2 revisions tested: 22, total time: 4h52m31.125387034s (build: 2h9m14.139012927s, test: 2h40m27.844744941s) first bad commit: e9e006f5fcf2bab59149cb38a48a4817c1b538b4 nbd: fix max number of supported devs recipients (to): ["axboe@kernel.dk" "josef@toxicpanda.com" "mchristi@redhat.com"] recipients (cc): [] crash: INFO: task hung in nbd_config_put INFO: task kworker/u5:6:9225 blocked for more than 143 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u5:6 D27888 9225 2 0x80004000 Workqueue: knbd2-recv recv_work Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_timeout+0x5a7/0x9d0 kernel/time/timer.c:1783 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x3ff/0x560 kernel/sched/completion.c:115 wait_for_completion+0x18/0x20 kernel/sched/completion.c:136 flush_workqueue+0x35d/0x1350 kernel/workqueue.c:2826 drain_workqueue+0x148/0x3a0 kernel/workqueue.c:2939 destroy_workqueue+0x19/0x580 kernel/workqueue.c:4320 nbd_config_put+0x355/0x7b0 drivers/block/nbd.c:1163 recv_work+0xc0c/0xfa0 drivers/block/nbd.c:770 process_one_work+0x7d2/0x1560 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task systemd-udevd:10845 blocked for more than 143 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D28024 10845 5365 0x00004100 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 nbd_open+0x84/0x5c0 drivers/block/nbd.c:1397 __blkdev_get+0x319/0x12e0 fs/block_dev.c:1612 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9db9559840 Code: Bad RIP value. RSP: 002b:00007ffdbf6d2a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055697b593fe0 RCX: 00007f9db9559840 RDX: 0000556979841fe3 RSI: 00000000000a0800 RDI: 000055697b5946a0 RBP: 00007ffdbf6d2bc0 R08: 0000556979841670 R09: 0000000000000010 R10: 0000556979841d0c R11: 0000000000000246 R12: 00007ffdbf6d2b10 R13: 000055697b593c40 R14: 0000000000000003 R15: 000000000000000e INFO: task systemd-udevd:10850 blocked for more than 144 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D28024 10850 5365 0x00000100 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 __blkdev_get+0x1a1/0x12e0 fs/block_dev.c:1596 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9db9559840 Code: Bad RIP value. RSP: 002b:00007ffdbf6d2a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055697b592960 RCX: 00007f9db9559840 RDX: 0000556979841fe3 RSI: 00000000000a0800 RDI: 000055697b593e60 RBP: 00007ffdbf6d2bc0 R08: 0000556979841670 R09: 0000000000000010 R10: 0000556979841d0c R11: 0000000000000246 R12: 00007ffdbf6d2b10 R13: 000055697b584fa0 R14: 0000000000000003 R15: 000000000000000e INFO: task systemd-udevd:10890 blocked for more than 144 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D28312 10890 5365 0x00000100 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 __blkdev_get+0x1a1/0x12e0 fs/block_dev.c:1596 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9db9559840 Code: Bad RIP value. RSP: 002b:00007ffdbf6d2a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055697b592960 RCX: 00007f9db9559840 RDX: 0000556979841fe3 RSI: 00000000000a0800 RDI: 000055697b593e80 RBP: 00007ffdbf6d2bc0 R08: 0000556979841670 R09: 0000000000000010 R10: 0000556979841d0c R11: 0000000000000246 R12: 00007ffdbf6d2b10 R13: 000055697b58e920 R14: 0000000000000003 R15: 000000000000000e INFO: task systemd-udevd:10937 blocked for more than 144 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D28024 10937 5365 0x00004100 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 nbd_open+0x84/0x5c0 drivers/block/nbd.c:1397 __blkdev_get+0x319/0x12e0 fs/block_dev.c:1612 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9db9559840 Code: Bad RIP value. RSP: 002b:00007ffdbf6d2a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055697b580180 RCX: 00007f9db9559840 RDX: 0000556979841fe3 RSI: 00000000000a0800 RDI: 000055697b5800c0 RBP: 00007ffdbf6d2bc0 R08: 0000556979841670 R09: 0000000000000010 R10: 0000556979841d0c R11: 0000000000000246 R12: 00007ffdbf6d2b10 R13: 000055697b584c30 R14: 0000000000000003 R15: 000000000000000e INFO: task systemd-udevd:10953 blocked for more than 144 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D28280 10953 5365 0x00000100 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 __blkdev_get+0x1a1/0x12e0 fs/block_dev.c:1596 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9db9559840 Code: Bad RIP value. RSP: 002b:00007ffdbf6d2a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055697b592960 RCX: 00007f9db9559840 RDX: 0000556979841fe3 RSI: 00000000000a0800 RDI: 000055697b580200 RBP: 00007ffdbf6d2bc0 R08: 0000556979841670 R09: 0000000000000010 R10: 0000556979841d0c R11: 0000000000000246 R12: 00007ffdbf6d2b10 R13: 000055697b590b10 R14: 0000000000000003 R15: 000000000000000e INFO: task systemd-udevd:11160 blocked for more than 145 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D27928 11160 5365 0x00000100 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 __blkdev_get+0x1a1/0x12e0 fs/block_dev.c:1596 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9db9559840 Code: Bad RIP value. RSP: 002b:00007ffdbf6d2a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055697b592960 RCX: 00007f9db9559840 RDX: 0000556979841fe3 RSI: 00000000000a0800 RDI: 000055697b590ee0 RBP: 00007ffdbf6d2bc0 R08: 0000556979841670 R09: 0000000000000010 R10: 0000002000000000 R11: 0000000000000246 R12: 00007ffdbf6d2b10 R13: 000055697b593d50 R14: 0000000000000003 R15: 000000000000000e INFO: task syz-executor.2:13905 blocked for more than 145 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28984 13905 9186 0x00000004 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 nbd_open+0x235/0x5c0 drivers/block/nbd.c:1410 __blkdev_get+0x319/0x12e0 fs/block_dev.c:1612 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4179b1 Code: 48 89 04 24 e8 50 2c ff ff 48 8b 6c 24 20 48 83 c4 28 c3 48 89 df 48 8b 44 24 48 e8 19 a4 04 00 48 89 f7 48 8b 44 24 50 e8 0c 04 00 4c 89 c7 48 8b 44 24 30 e8 ff a3 04 00 eb b6 48 8b 44 24 RSP: 002b:00007f88d4d90820 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004179b1 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f88d4d90850 RBP: 000000000118bf60 R08: 000000000000000f R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000293 R12: 000000000118bf2c R13: 00007fff50f20b2f R14: 00007f88d4d919c0 R15: 000000000118bf2c INFO: task syz-executor.2:13919 blocked for more than 145 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28984 13919 9186 0x00000004 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 __blkdev_get+0x1a1/0x12e0 fs/block_dev.c:1596 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4179b1 Code: 48 89 04 24 e8 50 2c ff ff 48 8b 6c 24 20 48 83 c4 28 c3 48 89 df 48 8b 44 24 48 e8 19 a4 04 00 48 89 f7 48 8b 44 24 50 e8 0c 04 00 4c 89 c7 48 8b 44 24 30 e8 ff a3 04 00 eb b6 48 8b 44 24 RSP: 002b:00007f88d4d6f820 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004179b1 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f88d4d6f850 RBP: 000000000118c008 R08: 000000000000000f R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 000000000118bfd4 R13: 00007fff50f20b2f R14: 00007f88d4d709c0 R15: 000000000118bfd4 INFO: task syz-executor.3:13909 blocked for more than 146 seconds. Not tainted 5.3.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28984 13909 9191 0x00000004 Call Trace: context_switch kernel/sched/core.c:3254 [inline] __schedule+0x7b0/0x1850 kernel/sched/core.c:3880 schedule+0x8f/0x260 kernel/sched/core.c:3944 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4003 __mutex_lock_common kernel/locking/mutex.c:1007 [inline] __mutex_lock+0x420/0x1460 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 nbd_open+0x84/0x5c0 drivers/block/nbd.c:1397 __blkdev_get+0x319/0x12e0 fs/block_dev.c:1612 blkdev_get+0x18e/0x210 fs/block_dev.c:1750 blkdev_open+0x19f/0x200 fs/block_dev.c:1886 do_dentry_open+0x3f1/0x1010 fs/open.c:797 vfs_open+0x9a/0xc0 fs/open.c:906 do_last fs/namei.c:3416 [inline] path_openat+0x89e/0x29c0 fs/namei.c:3533 do_filp_open+0x177/0x250 fs/namei.c:3563 do_sys_open+0x1dd/0x3b0 fs/open.c:1089 __do_sys_open fs/open.c:1107 [inline] __se_sys_open fs/open.c:1102 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1102 do_syscall_64+0x96/0x440 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4179b1 Code: 48 89 04 24 e8 50 2c ff ff 48 8b 6c 24 20 48 83 c4 28 c3 48 89 df 48 8b 44 24 48 e8 19 a4 04 00 48 89 f7 48 8b 44 24 50 e8 0c 04 00 4c 89 c7 48 8b 44 24 30 e8 ff a3 04 00 eb b6 48 8b 44 24 RSP: 002b:00007fdaa44c8820 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004179b1 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fdaa44c8850 RBP: 000000000118bf60 R08: 000000000000000f R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 000000000118bf2c R13: 00007ffc23a8d81f R14: 00007fdaa44c99c0 R15: 000000000118bf2c INFO: lockdep is turned off. NMI backtrace for cpu 1 CPU: 1 PID: 1581 Comm: khungtaskd Not tainted 5.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x86/0xca lib/dump_stack.c:113 nmi_cpu_backtrace.cold.0+0x49/0x86 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x195/0x1be lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x6a3/0xb60 kernel/hung_task.c:289 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_purge_orig RIP: 0010:__kasan_check_write+0x0/0x20 mm/kasan/common.c:97 Code: ff ff 90 90 90 90 90 90 90 90 55 89 f6 31 d2 48 89 e5 48 8b 4d 08 e8 7f 25 00 00 5d c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 <55> 89 f6 ba 01 00 00 00 48 89 e5 48 8b 4d 08 e8 5c 25 00 00 5d c3 RSP: 0018:ffff8880b57dfb78 EFLAGS: 00000246 RAX: 0000000000000001 RBX: ffff88809d29de08 RCX: ffffffff814c9935 RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8880b57dfba8 RBP: ffff8880b57dfc10 R08: ffffed1013a53bc2 R09: ffffed1013a53bc2 R10: ffffed1013a53bc1 R11: ffff88809d29de0b R12: 1ffff11016afbf71 R13: ffff8880b57dfbe8 R14: ffff88809d29de18 R15: ffff88809d29de10 FS: 0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fefdddb9000 CR3: 00000000a4470000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:136 [inline] _raw_spin_lock_bh+0x39/0x40 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:343 [inline] batadv_purge_orig_ref+0x175/0xf60 net/batman-adv/originator.c:1350 batadv_purge_orig+0x14/0x60 net/batman-adv/originator.c:1379 process_one_work+0x7d2/0x1560 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352