bisecting fixing commit since c6dd78fcb8eefa15dd861889e0f59d301cb5230c building syzkaller on 32329ceb4bbf58a21007c90edf2fb7ed242345db testing commit c6dd78fcb8eefa15dd861889e0f59d301cb5230c with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in perf_event_free_task run #1: crashed: INFO: task hung in perf_event_free_task run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing current HEAD 1c0cc5f1ae5ee5a6913704c0d75a6e99604ee30a testing commit 1c0cc5f1ae5ee5a6913704c0d75a6e99604ee30a with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in perf_event_free_task run #1: crashed: INFO: task hung in perf_event_free_task run #2: crashed: INFO: task hung in perf_event_free_task run #3: crashed: INFO: task hung in perf_event_free_task run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK revisions tested: 2, total time: 33m14.877121833s (build: 11m29.5054075s, test: 20m12.036368309s) the crash still happens on HEAD crash: INFO: task hung in perf_event_free_task INFO: task syz-executor.3:3043 blocked for more than 143 seconds. Not tainted 5.4.0-rc2+ #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29208 3043 7325 0x00000006 Call Trace: context_switch kernel/sched/core.c:3384 [inline] __schedule+0x8e1/0x1980 kernel/sched/core.c:4069 schedule+0xbd/0x250 kernel/sched/core.c:4136 perf_event_free_task+0x43f/0x630 kernel/events/core.c:11674 copy_process+0x3348/0x6090 kernel/fork.c:2278 _do_fork+0xec/0xbc0 kernel/fork.c:2366 __do_sys_clone kernel/fork.c:2521 [inline] __se_sys_clone kernel/fork.c:2502 [inline] __x64_sys_clone+0x17c/0x230 kernel/fork.c:2502 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459829 Code: dd fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 76 68 48 83 ec 28 48 89 6c 24 20 48 <8d> 6c 24 20 48 8b 44 24 30 48 89 04 24 48 8b 4c 24 38 48 89 4c 24 RSP: 002b:00007fc19ed53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffe RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc19ed546d4 R13: 00000000004bfce6 R14: 00000000004d17f8 R15: 00000000ffffffff Showing all locks held in the system: 3 locks held by kworker/u4:9/683: #0: ffff8880aea34ad8 (&rq->lock){-.-.}, at: newidle_balance+0xa25/0xe80 kernel/sched/fair.c:9817 #1: ffffffff883a2440 (rcu_read_lock){....}, at: __update_idle_core+0x45/0x400 kernel/sched/fair.c:5825 #2: ffff8880aea24a58 (&base->lock){-.-.}, at: lock_timer_base+0xc8/0x160 kernel/time/timer.c:936 1 lock held by khungtaskd/1067: #0: ffffffff883a2440 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27e kernel/locking/lockdep.c:5337 2 locks held by getty/7210: #0: ffff8880a4193090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005ecd2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 2 locks held by getty/7211: #0: ffff8880a0e02090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005ed92e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 2 locks held by getty/7212: #0: ffff88808e828090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005eed2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 2 locks held by getty/7213: #0: ffff888099509090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005ee92e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 2 locks held by getty/7214: #0: ffff8880a749d090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005ef12e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 2 locks held by getty/7215: #0: ffff8880937d5090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005ee52e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 2 locks held by getty/7216: #0: ffff8880a4edd090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:340 #1: ffffc90005ec12e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1930 drivers/tty/n_tty.c:2156 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1067 Comm: khungtaskd Not tainted 5.4.0-rc2+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x115/0x167 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.8+0x4b/0x84 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x16b/0x18d lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x59f/0xb60 kernel/hung_task.c:289 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 683 Comm: kworker/u4:9 Not tainted 5.4.0-rc2+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:__lock_acquire+0x1ee/0x4ef0 kernel/locking/lockdep.c:3868 Code: bd 58 ff ff ff 4c 0f af e0 89 d8 4c 8d 14 80 49 c1 e2 03 85 db 74 48 4a 8d 44 17 d8 48 ba 00 00 00 00 00 fc ff df 48 8d 78 20 <48> 89 fe 48 c1 ee 03 0f b6 14 16 84 d2 74 09 80 fa 03 0f 8e 78 3a RSP: 0018:ffff8880a8b4fb60 EFLAGS: 00000002 RAX: ffff8880a9beee80 RBX: 0000000000000002 RCX: 0000000000000002 RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8880a9beeea0 RBP: ffff8880a8b4fc80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000050 R11: ffff8880a9bee600 R12: 0000000000000029 R13: ffffffff883a2440 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 00000000a829e000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x194/0x3f0 kernel/locking/lockdep.c:4487 rcu_lock_acquire include/linux/rcupdate.h:208 [inline] rcu_read_lock include/linux/rcupdate.h:599 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:407 [inline] batadv_nc_worker+0xee/0x630 net/batman-adv/network-coding.c:718 process_one_work+0x856/0x1610 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352