bisecting cause commit starting from 9420f1ce01869409d78901c3e036b2c437cbc6b8
building syzkaller on 70301872e129e968c3027d181efb25fce3de8707
testing commit 9420f1ce01869409d78901c3e036b2c437cbc6b8 with gcc (GCC) 8.1.0
kernel signature: 4a6fed718da5110614ea5c049bd643a2b0287785a942dba9e6fda869c6b31401
all runs: crashed: INFO: task hung in io_uring_flush
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: d35692e71b52904c98ea1691dacd5478dfd63167b7666b8c143c39ad64d25185
all runs: crashed: INFO: task hung in io_uring_flush
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: bc2c34173fcf4a14a257f76234041144365439e3e1fec1e42175f71b77903b0b
run #0: crashed: WARNING: refcount bug in io_uring_flush
run #1: crashed: WARNING: refcount bug in io_uring_flush
run #2: crashed: WARNING: refcount bug in io_uring_flush
run #3: crashed: WARNING: refcount bug in io_uring_flush
run #4: crashed: WARNING: refcount bug in io_uring_flush
run #5: crashed: WARNING: refcount bug in io_uring_flush
run #6: crashed: WARNING: refcount bug in io_uring_flush
run #7: crashed: WARNING: refcount bug in io_uring_flush
run #8: crashed: WARNING: refcount bug in io_uring_flush
run #9: boot failed: can't ssh into the instance
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: aa7d67f909a1d9c22ef47023e75a6a5c681da4167af18e5c0d516c210a3fb347
all runs: crashed: WARNING: refcount bug in io_uring_flush
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 5976b44b7fd786c97cfd48dd83d6d674e2e4a7a3d58f26e4c30d39719e618b86
all runs: OK
# git bisect start 7111951b8d4973bda27ff663f2cf18b663d15b48 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 6113 revisions left to test after this (roughly 13 steps)
[9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm
testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0
kernel signature: d72bb66ca7e366c4361ac449513317e01c871027eb49a73081d3e3dc9d210f64
all runs: crashed: INFO: task hung in io_uring_flush
# git bisect bad 9f68e3655aae6d49d6ba05dd263f99f33c2567af
Bisecting: 3686 revisions left to test after this (roughly 12 steps)
[fb95aae6e67c4e319a24b3eea32032d4246a5335] Merge tag 'sound-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit fb95aae6e67c4e319a24b3eea32032d4246a5335 with gcc (GCC) 8.1.0
kernel signature: 6bb2fdbdf69c8b5ada94ebf4787a50fcdd6c245e70c46cbb80f6a2874646259e
all runs: OK
# git bisect good fb95aae6e67c4e319a24b3eea32032d4246a5335
Bisecting: 1843 revisions left to test after this (roughly 11 steps)
[8815a94f27d2f30fe1216ce10c7da0f6ae69ca0f] drm/vmwgfx: move the require_exist handling together
testing commit 8815a94f27d2f30fe1216ce10c7da0f6ae69ca0f with gcc (GCC) 8.1.0
kernel signature: b3e77cff29b50c46e1670633dcdee9d71a67f24dc6ba5979a195aa3384cc972b
all runs: boot failed: general protection fault in do_mount_root
# git bisect skip 8815a94f27d2f30fe1216ce10c7da0f6ae69ca0f
Bisecting: 1842 revisions left to test after this (roughly 11 steps)
[4872e6aa217fbb475ffa0ad7bda0d9acff543f2c] drm/vmwgfx: check master authentication in surface_ref ioctls
testing commit 4872e6aa217fbb475ffa0ad7bda0d9acff543f2c with gcc (GCC) 8.1.0
kernel signature: 78b815d1b47f6324603b7d3395130fdeafa43920ebd2e0da762037d2f93a64ea
all runs: boot failed: general protection fault in do_mount_root
# git bisect skip 4872e6aa217fbb475ffa0ad7bda0d9acff543f2c
Bisecting: 1842 revisions left to test after this (roughly 11 steps)
[fa889d85551e0bd962fdefe1cc113f9ba1d04a36] Merge tag 'gpio-v5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
testing commit fa889d85551e0bd962fdefe1cc113f9ba1d04a36 with gcc (GCC) 8.1.0
kernel signature: 1f82bd80a13e3c3bd2b5a099b06de1860d8697a05e404963eef70ef48d4a39bb
all runs: OK
# git bisect good fa889d85551e0bd962fdefe1cc113f9ba1d04a36
Bisecting: 1827 revisions left to test after this (roughly 11 steps)
[dd22dfa62c9cb2669ed4b181e359645108c69578] Merge branch 'linux-5.6' of git://github.com/skeggsb/linux into drm-next
testing commit dd22dfa62c9cb2669ed4b181e359645108c69578 with gcc (GCC) 8.1.0
kernel signature: 37e6342443e812f84b1a6d1b77912f32ada6b19a0b8a485817686b46685c0356
all runs: boot failed: general protection fault in do_mount_root
# git bisect skip dd22dfa62c9cb2669ed4b181e359645108c69578
Bisecting: 1827 revisions left to test after this (roughly 11 steps)
[1d47d0bb72895e754ffbdc410314ddb9c790c6fa] fbdev: omapfb: use devm_platform_ioremap_resource() to simplify code
testing commit 1d47d0bb72895e754ffbdc410314ddb9c790c6fa with gcc (GCC) 8.1.0
kernel signature: fa40126467b3f1bbb1a31a37a6ad8d90bc3c5cf83e8af6beb282bf561a09b89e
all runs: OK
# git bisect good 1d47d0bb72895e754ffbdc410314ddb9c790c6fa
Bisecting: 1573 revisions left to test after this (roughly 11 steps)
[3d4743131b8de970faa4b979ead0fadfe5d2de9d] Backmerge v5.5-rc7 into drm-next
testing commit 3d4743131b8de970faa4b979ead0fadfe5d2de9d with gcc (GCC) 8.1.0
kernel signature: be8fa8fb39e82d5af42ae1b92dd9433b1ebdf9de911a3e9b8dc36007310b4132
all runs: OK
# git bisect good 3d4743131b8de970faa4b979ead0fadfe5d2de9d
Bisecting: 751 revisions left to test after this (roughly 10 steps)
[7ba31c3f2f1ee095d8126f4d3757fc3b2bc3c838] Merge tag 'staging-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
testing commit 7ba31c3f2f1ee095d8126f4d3757fc3b2bc3c838 with gcc (GCC) 8.1.0
kernel signature: 906e8a0aa560f19e8bc1d04ac404e7ceb1fe7349379ffbe03943fbf33a8d2756
all runs: OK
# git bisect good 7ba31c3f2f1ee095d8126f4d3757fc3b2bc3c838
Bisecting: 303 revisions left to test after this (roughly 9 steps)
[33c84e89abe4a92ab699c33029bd54269d574782] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
testing commit 33c84e89abe4a92ab699c33029bd54269d574782 with gcc (GCC) 8.1.0
kernel signature: 1442782e2a6179f00c34a3535fa7f9fb4e5be260de52997d6e8e4938394fae8c
all runs: OK
# git bisect good 33c84e89abe4a92ab699c33029bd54269d574782
Bisecting: 119 revisions left to test after this (roughly 7 steps)
[893e591b59036f9bc629f55bce715d67bdd266a2] Merge tag 'devicetree-for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
testing commit 893e591b59036f9bc629f55bce715d67bdd266a2 with gcc (GCC) 8.1.0
kernel signature: 746bfbc46cbe552bc223c181ca7fc17ba89419c3464c818a606650d35a795569
all runs: crashed: INFO: task hung in io_uring_flush
# git bisect bad 893e591b59036f9bc629f55bce715d67bdd266a2
Bisecting: 95 revisions left to test after this (roughly 7 steps)
[9ca4c6429f92598a84e4c3292ea7d187c9d7b033] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
testing commit 9ca4c6429f92598a84e4c3292ea7d187c9d7b033 with gcc (GCC) 8.1.0
kernel signature: 50b642711dcaf42fcc51edca037a9df209c6f721a2e00151d69083eb3da79685
all runs: crashed: INFO: task hung in io_uring_flush
# git bisect bad 9ca4c6429f92598a84e4c3292ea7d187c9d7b033
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[66f4af93da5761d2fa05c0dc673a47003cdb9cfe] io_uring: add support for probing opcodes
testing commit 66f4af93da5761d2fa05c0dc673a47003cdb9cfe with gcc (GCC) 8.1.0
kernel signature: d41ec265c053adabb9d4253a38f9632294dd160c8dfcb618a81d74dcb52866a1
all runs: OK
# git bisect good 66f4af93da5761d2fa05c0dc673a47003cdb9cfe
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[3e4827b05d2ac2d377ed136a52829ec46787bf4b] io_uring: add support for epoll_ctl(2)
testing commit 3e4827b05d2ac2d377ed136a52829ec46787bf4b with gcc (GCC) 8.1.0
kernel signature: 941e953c89b74b1fbeb8835dbc01e63905f742808457edc2d364bd295b43db53
all runs: crashed: INFO: task hung in io_uring_flush
# git bisect bad 3e4827b05d2ac2d377ed136a52829ec46787bf4b
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[8cdf2193a3335b4cfb6e023b41ac293d0843d287] io_uring: add comment for drain_next
testing commit 8cdf2193a3335b4cfb6e023b41ac293d0843d287 with gcc (GCC) 8.1.0
kernel signature: a6109c142e2831b22c7a9216529d326901fe8018c45a0d58d0a65d8c8df4a512
all runs: OK
# git bisect good 8cdf2193a3335b4cfb6e023b41ac293d0843d287
Bisecting: 4 revisions left to test after this (roughly 3 steps)
[071698e13ac6ba786dfa22349a7b62deb5a9464d] io_uring: allow registering credentials
testing commit 071698e13ac6ba786dfa22349a7b62deb5a9464d with gcc (GCC) 8.1.0
kernel signature: 393f19930850f888d320e739ec1f4a9e0fceb5595a4064eb3bc8e88927d94099
all runs: OK
# git bisect good 071698e13ac6ba786dfa22349a7b62deb5a9464d
Bisecting: 1 revision left to test after this (roughly 1 step)
[58e41a44c488f3e9601fd8150f58377ef8f44889] eventpoll: abstract out epoll_ctl() handler
testing commit 58e41a44c488f3e9601fd8150f58377ef8f44889 with gcc (GCC) 8.1.0
kernel signature: b831e092303777c1e780882773d5ebddac2f0cd60de953fda5bdc29b2ac5c38a
all runs: crashed: INFO: task hung in io_uring_flush
# git bisect bad 58e41a44c488f3e9601fd8150f58377ef8f44889
Bisecting: 1 revision left to test after this (roughly 1 step)
[75c6a03904e0dd414a4d99a3072075cb5117e5bc] io_uring: support using a registered personality for commands
testing commit 75c6a03904e0dd414a4d99a3072075cb5117e5bc with gcc (GCC) 8.1.0
kernel signature: d251a13dcf7c6c5cdf347ccef907de181c8f9b542ea2132c91553104e47ceb8a
all runs: OK
# git bisect good 75c6a03904e0dd414a4d99a3072075cb5117e5bc
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f86cd20c9454847a524ddbdcdec32c0380ed7c9b] io_uring: fix linked command file table usage
testing commit f86cd20c9454847a524ddbdcdec32c0380ed7c9b with gcc (GCC) 8.1.0
kernel signature: 9e9245e9ab312fa58ae2c78cb21e96488b3ca3566573d8c40b45b076b00dd536
all runs: crashed: INFO: task hung in io_uring_flush
# git bisect bad f86cd20c9454847a524ddbdcdec32c0380ed7c9b
f86cd20c9454847a524ddbdcdec32c0380ed7c9b is the first bad commit
commit f86cd20c9454847a524ddbdcdec32c0380ed7c9b
Author: Jens Axboe <axboe@kernel.dk>
Date:   Wed Jan 29 13:46:44 2020 -0700

    io_uring: fix linked command file table usage
    
    We're not consistent in how the file table is grabbed and assigned if we
    have a command linked that requires the use of it.
    
    Add ->file_table to the io_op_defs[] array, and use that to determine
    when to grab the table instead of having the handlers set it if they
    need to defer. This also means we can kill the IO_WQ_WORK_NEEDS_FILES
    flag. We always initialize work->files, so io-wq can just check for
    that.
    
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 fs/io-wq.c    |  3 +--
 fs/io-wq.h    |  1 -
 fs/io_uring.c | 31 ++++++++++++++++++++-----------
 3 files changed, 21 insertions(+), 14 deletions(-)
culprit signature: 9e9245e9ab312fa58ae2c78cb21e96488b3ca3566573d8c40b45b076b00dd536
parent  signature: d251a13dcf7c6c5cdf347ccef907de181c8f9b542ea2132c91553104e47ceb8a
revisions tested: 24, total time: 6h5m19.548813532s (build: 2h29m8.741187454s, test: 3h33m45.600528666s)
first bad commit: f86cd20c9454847a524ddbdcdec32c0380ed7c9b io_uring: fix linked command file table usage
recipients (to): ["axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"]
recipients (cc): ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
crash: INFO: task hung in io_uring_flush
INFO: task syz-executor.0:8520 blocked for more than 143 seconds.
      Not tainted 5.5.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D27672  8520   7171 0x00000004
Call Trace:
 schedule+0xc4/0x2b0 kernel/sched/core.c:4155
 io_uring_cancel_files fs/io_uring.c:6281 [inline]
 io_uring_flush+0x41f/0x4d0 fs/io_uring.c:6290
 filp_close+0x97/0x120 fs/open.c:1252
 __do_sys_close fs/open.c:1271 [inline]
 __se_sys_close fs/open.c:1269 [inline]
 __x64_sys_close+0x5a/0xa0 fs/open.c:1269
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x416981
Code: Bad RIP value.
RSP: 002b:00007ffdfae2c530 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000416981
RDX: 0000001b33b20000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffdfae2c620 R11: 0000000000000293 R12: 0000000001192f00
R13: 000000000000e1d2 R14: ffffffffffffffff R15: 000000000118bf2c
INFO: task syz-executor.5:8535 blocked for more than 143 seconds.
      Not tainted 5.5.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D27672  8535   7174 0x00000004
Call Trace:
 schedule+0xc4/0x2b0 kernel/sched/core.c:4155
 io_uring_cancel_files fs/io_uring.c:6281 [inline]
 io_uring_flush+0x41f/0x4d0 fs/io_uring.c:6290
 filp_close+0x97/0x120 fs/open.c:1252
 __do_sys_close fs/open.c:1271 [inline]
 __se_sys_close fs/open.c:1269 [inline]
 __x64_sys_close+0x5a/0xa0 fs/open.c:1269
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x416981
Code: Bad RIP value.
RSP: 002b:00007fff98f95700 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000416981
RDX: 0000001b2c020000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff98f957f0 R11: 0000000000000293 R12: 0000000001192f00
R13: 000000000000e33b R14: ffffffffffffffff R15: 000000000118bf2c
INFO: task syz-executor.1:8565 blocked for more than 143 seconds.
      Not tainted 5.5.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D27672  8565   7200 0x00000004
Call Trace:
 schedule+0xc4/0x2b0 kernel/sched/core.c:4155
 io_uring_cancel_files fs/io_uring.c:6281 [inline]
 io_uring_flush+0x41f/0x4d0 fs/io_uring.c:6290
 filp_close+0x97/0x120 fs/open.c:1252
 __do_sys_close fs/open.c:1271 [inline]
 __se_sys_close fs/open.c:1269 [inline]
 __x64_sys_close+0x5a/0xa0 fs/open.c:1269
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x416981
Code: Bad RIP value.
RSP: 002b:00007ffec2d34620 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000416981
RDX: 0000001b2cc20000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffec2d34710 R11: 0000000000000293 R12: 0000000001192f00
R13: 000000000000e41d R14: ffffffffffffffff R15: 000000000118bf2c
INFO: task syz-executor.2:8566 blocked for more than 143 seconds.
      Not tainted 5.5.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D27672  8566   7168 0x00000004
Call Trace:
 schedule+0xc4/0x2b0 kernel/sched/core.c:4155
 io_uring_cancel_files fs/io_uring.c:6281 [inline]
 io_uring_flush+0x41f/0x4d0 fs/io_uring.c:6290
 filp_close+0x97/0x120 fs/open.c:1252
 __do_sys_close fs/open.c:1271 [inline]
 __se_sys_close fs/open.c:1269 [inline]
 __x64_sys_close+0x5a/0xa0 fs/open.c:1269
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x416981
Code: Bad RIP value.
RSP: 002b:00007fffb19d2ab0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000416981
RDX: 0000001b33a20000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fffb19d2ba0 R11: 0000000000000293 R12: 0000000001192f00
R13: 000000000000e419 R14: ffffffffffffffff R15: 000000000118bf2c
INFO: task syz-executor.4:8567 blocked for more than 144 seconds.
      Not tainted 5.5.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D27672  8567   7173 0x00000004
Call Trace:
 schedule+0xc4/0x2b0 kernel/sched/core.c:4155
 io_uring_cancel_files fs/io_uring.c:6281 [inline]
 io_uring_flush+0x41f/0x4d0 fs/io_uring.c:6290
 filp_close+0x97/0x120 fs/open.c:1252
 __do_sys_close fs/open.c:1271 [inline]
 __se_sys_close fs/open.c:1269 [inline]
 __x64_sys_close+0x5a/0xa0 fs/open.c:1269
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x416981
Code: Bad RIP value.
RSP: 002b:00007ffdf51abdf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000416981
RDX: 0000001b2be20000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffdf51abee0 R11: 0000000000000293 R12: 0000000001192f00
R13: 000000000000e41a R14: ffffffffffffffff R15: 000000000118bf2c
INFO: task syz-executor.3:8571 blocked for more than 144 seconds.
      Not tainted 5.5.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D27440  8571   7169 0x00000004
Call Trace:
 schedule+0xc4/0x2b0 kernel/sched/core.c:4155
 io_uring_cancel_files fs/io_uring.c:6281 [inline]
 io_uring_flush+0x41f/0x4d0 fs/io_uring.c:6290
 filp_close+0x97/0x120 fs/open.c:1252
 __do_sys_close fs/open.c:1271 [inline]
 __se_sys_close fs/open.c:1269 [inline]
 __x64_sys_close+0x5a/0xa0 fs/open.c:1269
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x416981
Code: Bad RIP value.
RSP: 002b:00007ffd80c15d40 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000416981
RDX: 0000001b33920000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffd80c15e30 R11: 0000000000000293 R12: 0000000001192f00
R13: 000000000000e423 R14: ffffffffffffffff R15: 000000000118bf2c

Showing all locks held in the system:
2 locks held by kworker/u4:3/164:
 #0: ffff8880ae937398 (&rq->lock){-.-.}, at: newidle_balance+0xa6f/0xe80 kernel/sched/fair.c:10177
 #1: ffffffff8899a0c0 (rcu_read_lock){....}, at: __update_idle_core+0x45/0x400 kernel/sched/fair.c:5729
1 lock held by khungtaskd/1120:
 #0: ffffffff8899a0c0 (rcu_read_lock){....}, at: debug_show_all_locks+0x52/0x28d kernel/locking/lockdep.c:5331
1 lock held by in:imklog/6596:
 #0: ffff8880a339b3a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x96/0xb0 fs/file.c:803

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1120 Comm: khungtaskd Not tainted 5.5.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x128/0x182 lib/dump_stack.c:118
 nmi_cpu_backtrace.cold.7+0x4b/0x83 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x183/0x1ac lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0x629/0xc70 kernel/hung_task.c:289
 kthread+0x31d/0x3e0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 164 Comm: kworker/u4:3 Not tainted 5.5.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__lock_acquire+0xadc/0x4370 kernel/locking/lockdep.c:3827
Code: 29 00 00 48 81 c4 f0 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 <0f> 85 70 2b 00 00 49 81 7d 00 a0 c8 96 8a 0f 84 e8 f5 ff ff 83 fe
RSP: 0018:ffffc90001617b08 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 1ffff11012b961c3 RSI: 0000000000000000 RDI: ffff888095cb0e18
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffff8880a9386140 R12: 0000000000000000
R13: ffff888095cb0e18 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fa6c3a000 CR3: 00000000968ca000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:343 [inline]
 batadv_nc_purge_paths+0xb8/0x300 net/batman-adv/network-coding.c:441
 batadv_nc_worker+0x1e6/0x610 net/batman-adv/network-coding.c:719
 process_one_work+0x8d1/0x15b0 kernel/workqueue.c:2264
 worker_thread+0x82/0xb50 kernel/workqueue.c:2410
 kthread+0x31d/0x3e0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352