Hello,
syzbot found the following issue on:
HEAD commit: 489fa31ea873 Merge branch 'work.misc' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1034fef8c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc6960c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f39d50c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8121ff3f8044/disk-489fa31e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ba8296ba1bf7/vmlinux-489fa31e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6459f50e23f3/bzImage-489fa31e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/845f6538108c/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
INFO: task kworker/u4:0:9 blocked for more than 143 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:0 state:D stack:21720 pid:9 ppid:2 flags:0x00004000
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
__writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
__writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
wb_check_background_flush fs/fs-writeback.c:2133 [inline]
wb_do_writeback fs/fs-writeback.c:2221 [inline]
wb_workfn+0xd80/0x1100 fs/fs-writeback.c:2248
process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
INFO: task kworker/u4:2:41 blocked for more than 143 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:2 state:D stack:20480 pid:41 ppid:2 flags:0x00004000
Workqueue: writeback wb_workfn (flush-7:5)
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
__writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
__writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
wb_do_writeback fs/fs-writeback.c:2220 [inline]
wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
INFO: task kworker/u4:4:75 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:4 state:D stack:25088 pid:75 ppid:2 flags:0x00004000
Workqueue: writeback wb_workfn (flush-7:1)
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
__writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
__writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
wb_do_writeback fs/fs-writeback.c:2220 [inline]
wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
INFO: task syz-executor359:5222 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:26576 pid:5222 ppid:5113 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
__down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
mmap_read_lock include/linux/mmap_lock.h:117 [inline]
do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
handle_page_fault arch/x86/mm/fault.c:1498 [inline]
exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fd6f371b888
RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
</TASK>
INFO: task syz-executor359:5223 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:24840 pid:5223 ppid:5113 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
__filemap_fdatawrite_range mm/filemap.c:423 [inline]
file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
__generic_file_fsync+0x72/0x190 fs/libfs.c:1132
fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
generic_write_sync include/linux/fs.h:2452 [inline]
generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
call_write_iter include/linux/fs.h:1851 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7b2/0xbb0 fs/read_write.c:584
ksys_write+0x1a0/0x2c0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd6f36ca719
RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
</TASK>
INFO: task syz-executor359:5229 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:26504 pid:5229 ppid:5113 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
migrate_folio_unmap mm/migrate.c:1192 [inline]
migrate_pages_batch mm/migrate.c:1685 [inline]
migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
do_mbind mm/mempolicy.c:1338 [inline]
kernel_mbind mm/mempolicy.c:1485 [inline]
__do_sys_mbind mm/mempolicy.c:1559 [inline]
__se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd6f36ca719
RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
</TASK>
INFO: task syz-executor359:5296 blocked for more than 145 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:27008 pid:5296 ppid:5112 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
__down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
mmap_read_lock include/linux/mmap_lock.h:117 [inline]
do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
handle_page_fault arch/x86/mm/fault.c:1498 [inline]
exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fd6f371b888
RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
</TASK>
INFO: task syz-executor359:5298 blocked for more than 145 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:24840 pid:5298 ppid:5112 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
__filemap_fdatawrite_range mm/filemap.c:423 [inline]
file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
__generic_file_fsync+0x72/0x190 fs/libfs.c:1132
fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
generic_write_sync include/linux/fs.h:2452 [inline]
generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
call_write_iter include/linux/fs.h:1851 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7b2/0xbb0 fs/read_write.c:584
ksys_write+0x1a0/0x2c0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd6f36ca719
RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
</TASK>
INFO: task syz-executor359:5304 blocked for more than 145 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:26504 pid:5304 ppid:5112 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
migrate_folio_unmap mm/migrate.c:1192 [inline]
migrate_pages_batch mm/migrate.c:1685 [inline]
migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
do_mbind mm/mempolicy.c:1338 [inline]
kernel_mbind mm/mempolicy.c:1485 [inline]
__do_sys_mbind mm/mempolicy.c:1559 [inline]
__se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd6f36ca719
RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
</TASK>
INFO: task syz-executor359:5460 blocked for more than 146 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor359 state:D stack:26520 pid:5460 ppid:5115 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
__down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
mmap_read_lock include/linux/mmap_lock.h:117 [inline]
do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
handle_page_fault arch/x86/mm/fault.c:1498 [inline]
exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fd6f371b888
RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
</TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
Showing all locks held in the system:
3 locks held by kworker/u4:0/9:
#0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc900000e7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88807dfe20e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
1 lock held by rcu_tasks_kthre/12:
#0: ffffffff8d127cf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
1 lock held by rcu_tasks_trace/13:
#0: ffffffff8d1284f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
1 lock held by khungtaskd/28:
#0: ffffffff8d127b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
3 locks held by kworker/u4:2/41:
#0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc90000b27d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88801d8680e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
3 locks held by kworker/u4:4/75:
#0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc900020efd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88802c2640e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
2 locks held by kworker/1:2/2494:
#0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc9000a86fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
2 locks held by getty/4750:
#0: ffff88814a0e2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:244
#1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 drivers/tty/n_tty.c:2177
1 lock held by syz-executor359/5222:
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
2 locks held by syz-executor359/5223:
#0: ffff888021e0f768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88802c264460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor359/5229:
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor359/5296:
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
2 locks held by syz-executor359/5298:
#0: ffff88807e2b0fe8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88807dfe2460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor359/5304:
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor359/5460:
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
2 locks held by syz-executor359/5461:
#0: ffff88801da66ae8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff888148d0a460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor359/5467:
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor359/5570:
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
2 locks held by syz-executor359/5571:
#0: ffff88807838a5e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88801d868460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor359/5575:
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor359/5572:
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
2 locks held by syz-executor359/5573:
#0: ffff888026d84d68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88807b6ac460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor359/5576:
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
3 locks held by kworker/u4:3/5614:
#0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc90004defd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88807b6ac0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
3 locks held by kworker/u4:5/6087:
#0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc900055b7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff888148d0a0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
1 lock held by syz-executor359/12461:
#0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
#0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a3/0x890 kernel/rcu/tree_exp.h:989
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
nmi_cpu_backtrace+0x4e5/0x560 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1b4/0x410 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0x1024/0x1070 kernel/hung_task.c:379
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6343 Comm: kworker/u4:9 Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:rcu_sync_is_idle include/linux/rcu_sync.h:36 [inline]
RIP: 0010:percpu_up_read include/linux/percpu-rwsem.h:105 [inline]
RIP: 0010:cpus_read_unlock+0x5f/0x130 kernel/cpu.c:322
Code: 85 db 74 1b e8 c2 4f 20 00 89 c3 31 ff 89 c6 e8 87 23 39 00 85 db 74 5b e8 ce 1f 39 00 eb 05 e8 c7 1f 39 00 8b 1d 41 be a8 0b <31> ff 89 de e8 68 23 39 00 85 db 0f 85 8c 00 00 00 e8 ab 1f 39 00
RSP: 0018:ffffc90005757b70 EFLAGS: 00000293
RAX: ffffffff81538cb2 RBX: 0000000000000000 RCX: ffff888028643a80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90005757c50 R08: ffffffff81538ca9 R09: fffffbfff1ce8d2e
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1104779cc03 R14: 0000000000000000 R15: 1ffff92000aeaf70
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd6fdf0bb8 CR3: 000000000cf30000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
toggle_allocation_gate+0xb5/0x250 mm/kfence/core.c:799
process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in exit_mm
INFO: task syz-executor.5:5830 blocked for more than 143 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5 state:D stack:27184 pid:5830 ppid:5547 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
__down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
mmap_read_lock include/linux/mmap_lock.h:117 [inline]
exit_mm+0xd3/0x310 kernel/exit.c:539
do_exit+0x612/0x2290 kernel/exit.c:856
do_group_exit+0x206/0x2c0 kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1028
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f490de8c0f9
RSP: 002b:00007ffff62d3228 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f490de8c0f9
RDX: 00007f490de3dfab RSI: ffffffffffffffb8 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffff62d3310
</TASK>
INFO: task syz-executor.5:5831 blocked for more than 143 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5 state:D stack:24840 pid:5831 ppid:5547 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
__filemap_fdatawrite_range mm/filemap.c:423 [inline]
file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
__generic_file_fsync+0x72/0x190 fs/libfs.c:1132
fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
generic_write_sync include/linux/fs.h:2452 [inline]
generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
call_write_iter include/linux/fs.h:1851 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7b2/0xbb0 fs/read_write.c:584
ksys_write+0x1a0/0x2c0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f490de8c0f9
RSP: 002b:00007f490ebd7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f490dfabf80 RCX: 00007f490de8c0f9
RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007f490dee7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffff62d2fef R14: 00007f490ebd7300 R15: 0000000000022000
</TASK>
INFO: task syz-executor.5:5841 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5 state:D stack:26096 pid:5841 ppid:5547 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
migrate_folio_unmap mm/migrate.c:1196 [inline]
migrate_pages_batch mm/migrate.c:1690 [inline]
migrate_pages+0x2b2f/0x64e0 mm/migrate.c:1978
do_mbind mm/mempolicy.c:1338 [inline]
kernel_mbind mm/mempolicy.c:1485 [inline]
__do_sys_mbind mm/mempolicy.c:1559 [inline]
__se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f490de8c0f9
RSP: 002b:00007f490ebb6168 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
RAX: ffffffffffffffda RBX: 00007f490dfac050 RCX: 00007f490de8c0f9
RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
RBP: 00007f490dee7ae9 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffff62d2fef R14: 00007f490ebb6300 R15: 0000000000022000
</TASK>
INFO: task syz-executor.4:5848 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:24632 pid:5848 ppid:5545 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_lock include/linux/pagemap.h:952 [inline]
write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
mpage_writepages+0x107/0x1d0 fs/mpage.c:653
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
__filemap_fdatawrite_range mm/filemap.c:423 [inline]
file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
__generic_file_fsync+0x72/0x190 fs/libfs.c:1132
fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
generic_write_sync include/linux/fs.h:2452 [inline]
generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
call_write_iter include/linux/fs.h:1851 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7b2/0xbb0 fs/read_write.c:584
ksys_write+0x1a0/0x2c0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa254a8c0f9
RSP: 002b:00007fa255899168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fa254babf80 RCX: 00007fa254a8c0f9
RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007fa254ae7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe513c259f R14: 00007fa255899300 R15: 0000000000022000
</TASK>
INFO: task syz-executor.4:5857 blocked for more than 144 seconds.
Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:25992 pid:5857 ppid:5545 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5304 [inline]
__schedule+0x17d8/0x4990 kernel/sched/core.c:6622
schedule+0xc3/0x180 kernel/sched/core.c:6698
io_schedule+0x8c/0x100 kernel/sched/core.c:8884
folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
migrate_folio_unmap mm/migrate.c:1196 [inline]
migrate_pages_batch mm/migrate.c:1690 [inline]
migrate_pages+0x2b2f/0x64e0 mm/migrate.c:1978
do_mbind mm/mempolicy.c:1338 [inline]
kernel_mbind mm/mempolicy.c:1485 [inline]
__do_sys_mbind mm/mempolicy.c:1559 [inline]
__se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa254a8c0f9
RSP: 002b:00007fa255878168 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
RAX: ffffffffffffffda RBX: 00007fa254bac050 RCX: 00007fa254a8c0f9
RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
RBP: 00007fa254ae7ae9 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe513c259f R14: 00007fa255878300 R15: 0000000000022000
</TASK>
Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
#0: ffffffff8d127cf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
1 lock held by rcu_tasks_trace/13:
#0: ffffffff8d1284f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
1 lock held by khungtaskd/28:
#0: ffffffff8d127b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
3 locks held by kworker/u4:3/46:
#0: ffff888144ba4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc90000b77d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff8880769fa0e0 (&type->s_umount_key#51){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
3 locks held by kworker/u4:5/1021:
#0: ffff888144ba4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc9000523fd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88805ba400e0 (&type->s_umount_key#51){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
3 locks held by kworker/u4:6/3088:
#0: ffff888144ba4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc9000d11fd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff8880781e00e0 (&type->s_umount_key#51){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
2 locks held by getty/4746:
#0: ffff88814b328098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:244
#1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 drivers/tty/n_tty.c:2177
3 locks held by kworker/u4:7/5713:
#0: ffff888144ba4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc9000596fd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88805d4ee0e0 (&type->s_umount_key#51){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
1 lock held by syz-executor.5/5830:
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm+0xd3/0x310 kernel/exit.c:539
2 locks held by syz-executor.5/5831:
#0: ffff88802a81d768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff8880781e0460 (sb_writers#14){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor.5/5841:
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88801246d298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor.4/5846:
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm+0xd3/0x310 kernel/exit.c:539
2 locks held by syz-executor.4/5848:
#0: ffff88807cd1e368 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff8880769fa460 (sb_writers#14){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor.4/5857:
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88801246db98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor.3/6449:
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm+0xd3/0x310 kernel/exit.c:539
2 locks held by syz-executor.3/6451:
#0: ffff88801ea74868 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88805d4ee460 (sb_writers#14){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor.3/6458:
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff888029eb2e98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
3 locks held by kworker/u4:8/6462:
#0: ffff888144ba4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
#1: ffffc9000aee7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
#2: ffff88805ba2a0e0 (&type->s_umount_key#51){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
1 lock held by syz-executor.1/6471:
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm+0xd3/0x310 kernel/exit.c:539
2 locks held by syz-executor.1/6473:
#0: ffff88801eaa7268 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88805ba40460 (sb_writers#14){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor.1/6477:
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88802bdd2e98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor.0/6472:
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm+0xd3/0x310 kernel/exit.c:539
2 locks held by syz-executor.0/6474:
#0: ffff88801eaa7768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88805ba2a460 (sb_writers#14){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor.0/6480:
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff88802bdd5b98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
1 lock held by syz-executor.2/7013:
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm+0xd3/0x310 kernel/exit.c:539
2 locks held by syz-executor.2/7016:
#0: ffff88801c4b2368 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
#1: ffff88807d1c6460 (sb_writers#14){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
1 lock held by syz-executor.2/7024:
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
#0: ffff888076231c98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
nmi_cpu_backtrace+0x4e5/0x560 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1b4/0x410 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0x1024/0x1070 kernel/hung_task.c:379
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.2.0-syzkaller-10827-g489fa31ea873-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Workqueue: phy19 ieee80211_iface_work
RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:207 [inline]
RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:239 [inline]
RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]
RIP: 0010:ieee80211_iface_work+0xb7/0xd00 net/mac80211/iface.c:1624
Code: d0 1c 00 00 48 89 df be 08 00 00 00 e8 a2 25 b0 f7 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 cc 23 b0 f7 48 8b 1b <48> 89 de 48 83 e6 01 31 ff e8 3b ae 59 f7 48 83 e3 01 75 32 48 8d
RSP: 0018:ffffc90000107be0 EFLAGS: 00000246
RAX: 1ffff1100bae6556 RBX: 0000000000000000 RCX: ffffffff8a33025e
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88805d732ab0
RBP: ffff88805d730de0 R08: dffffc0000000000 R09: ffffed100bae6557
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88802c759820 R14: dffffc0000000000 R15: ffff8880124c1000
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558b53bc5150 CR3: 000000000cf30000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Tested on:
commit: 489fa31e Merge branch 'work.misc' of git://git.kernel...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=165dd5d2c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=117a8da8c80000
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: [email protected]
Tested on:
commit: 489fa31e Merge branch 'work.misc' of git://git.kernel...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=127939f8c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=13c7e422c80000
Note: testing is done by a robot and is best-effort only.
syzbot has bisected this issue to:
commit 17bb55487988c5dac32d55a4f085e52f875f98cc
Author: Matthew Wilcox (Oracle) <[email protected]>
Date: Tue May 17 22:12:25 2022 +0000
ntfs: Remove check for PageError
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13fd6e54c80000
start commit: 489fa31ea873 Merge branch 'work.misc' of git://git.kernel...
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=10036e54c80000
console output: https://syzkaller.appspot.com/x/log.txt?x=17fd6e54c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc6960c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f39d50c80000
Reported-by: [email protected]
Fixes: 17bb55487988 ("ntfs: Remove check for PageError")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
On Thu, Mar 02, 2023 at 04:06:28AM -0800, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit 17bb55487988c5dac32d55a4f085e52f875f98cc
> Author: Matthew Wilcox (Oracle) <[email protected]>
> Date: Tue May 17 22:12:25 2022 +0000
>
> ntfs: Remove check for PageError
Syzbot has bisected to the wrong commit. That code (a) isn't going
to be executed by this test, since it doesn't have an ntfs image and
(b) was dead. Never could have been executed.
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13fd6e54c80000
> start commit: 489fa31ea873 Merge branch 'work.misc' of git://git.kernel...
> git tree: upstream
> final oops: https://syzkaller.appspot.com/x/report.txt?x=10036e54c80000
> console output: https://syzkaller.appspot.com/x/log.txt?x=17fd6e54c80000
> kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
> dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc6960c80000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f39d50c80000
>
> Reported-by: [email protected]
> Fixes: 17bb55487988 ("ntfs: Remove check for PageError")
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
On Wed, Mar 1, 2023 at 4:36 PM syzbot
<[email protected]> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 489fa31ea873 Merge branch 'work.misc' of git://git.kernel...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1034fef8c80000
> kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
> dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
> compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc6960c80000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f39d50c80000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/8121ff3f8044/disk-489fa31e.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/ba8296ba1bf7/vmlinux-489fa31e.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6459f50e23f3/bzImage-489fa31e.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/845f6538108c/mount_1.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: [email protected]
>
> INFO: task kworker/u4:0:9 blocked for more than 143 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/u4:0 state:D stack:21720 pid:9 ppid:2 flags:0x00004000
> Workqueue: writeback wb_workfn (flush-7:0)
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_lock include/linux/pagemap.h:952 [inline]
> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
> wb_check_background_flush fs/fs-writeback.c:2133 [inline]
> wb_do_writeback fs/fs-writeback.c:2221 [inline]
> wb_workfn+0xd80/0x1100 fs/fs-writeback.c:2248
> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> kthread+0x270/0x300 kernel/kthread.c:376
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> </TASK>
> INFO: task kworker/u4:2:41 blocked for more than 143 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/u4:2 state:D stack:20480 pid:41 ppid:2 flags:0x00004000
> Workqueue: writeback wb_workfn (flush-7:5)
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_lock include/linux/pagemap.h:952 [inline]
> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
> wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
> wb_do_writeback fs/fs-writeback.c:2220 [inline]
> wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> kthread+0x270/0x300 kernel/kthread.c:376
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> </TASK>
> INFO: task kworker/u4:4:75 blocked for more than 144 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/u4:4 state:D stack:25088 pid:75 ppid:2 flags:0x00004000
> Workqueue: writeback wb_workfn (flush-7:1)
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_lock include/linux/pagemap.h:952 [inline]
> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
> wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
> wb_do_writeback fs/fs-writeback.c:2220 [inline]
> wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> kthread+0x270/0x300 kernel/kthread.c:376
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> </TASK>
> INFO: task syz-executor359:5222 blocked for more than 144 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:26576 pid:5222 ppid:5113 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
> RIP: 0033:0x7fd6f371b888
> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
> </TASK>
> INFO: task syz-executor359:5223 blocked for more than 144 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:24840 pid:5223 ppid:5113 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_lock include/linux/pagemap.h:952 [inline]
> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
> __filemap_fdatawrite_range mm/filemap.c:423 [inline]
> file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
> __generic_file_fsync+0x72/0x190 fs/libfs.c:1132
> fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
> generic_write_sync include/linux/fs.h:2452 [inline]
> generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
> call_write_iter include/linux/fs.h:1851 [inline]
> new_sync_write fs/read_write.c:491 [inline]
> vfs_write+0x7b2/0xbb0 fs/read_write.c:584
> ksys_write+0x1a0/0x2c0 fs/read_write.c:637
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7fd6f36ca719
> RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
> RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
> </TASK>
> INFO: task syz-executor359:5229 blocked for more than 144 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:26504 pid:5229 ppid:5113 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
> migrate_folio_unmap mm/migrate.c:1192 [inline]
> migrate_pages_batch mm/migrate.c:1685 [inline]
> migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
The migration has locked the page, but is waiting for writeback. The
writeback is waiting for the page lock...
I recalled Huge reported the same bug. There is a patch to solve it,
but may be not shown in linus's tree yet. And It seems like the
reproducer is dirtying some files on loop device and calling mbind at
the same time. This does match the reproducer mentioned by Hugh.
> do_mbind mm/mempolicy.c:1338 [inline]
> kernel_mbind mm/mempolicy.c:1485 [inline]
> __do_sys_mbind mm/mempolicy.c:1559 [inline]
> __se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7fd6f36ca719
> RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
> RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
> RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
> </TASK>
> INFO: task syz-executor359:5296 blocked for more than 145 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:27008 pid:5296 ppid:5112 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
> RIP: 0033:0x7fd6f371b888
> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
> </TASK>
> INFO: task syz-executor359:5298 blocked for more than 145 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:24840 pid:5298 ppid:5112 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_lock include/linux/pagemap.h:952 [inline]
> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
> __filemap_fdatawrite_range mm/filemap.c:423 [inline]
> file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
> __generic_file_fsync+0x72/0x190 fs/libfs.c:1132
> fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
> generic_write_sync include/linux/fs.h:2452 [inline]
> generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
> call_write_iter include/linux/fs.h:1851 [inline]
> new_sync_write fs/read_write.c:491 [inline]
> vfs_write+0x7b2/0xbb0 fs/read_write.c:584
> ksys_write+0x1a0/0x2c0 fs/read_write.c:637
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7fd6f36ca719
> RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
> RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
> </TASK>
> INFO: task syz-executor359:5304 blocked for more than 145 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:26504 pid:5304 ppid:5112 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
> migrate_folio_unmap mm/migrate.c:1192 [inline]
> migrate_pages_batch mm/migrate.c:1685 [inline]
> migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
> do_mbind mm/mempolicy.c:1338 [inline]
> kernel_mbind mm/mempolicy.c:1485 [inline]
> __do_sys_mbind mm/mempolicy.c:1559 [inline]
> __se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7fd6f36ca719
> RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
> RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
> RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
> </TASK>
> INFO: task syz-executor359:5460 blocked for more than 146 seconds.
> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor359 state:D stack:26520 pid:5460 ppid:5115 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5304 [inline]
> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> schedule+0xc3/0x180 kernel/sched/core.c:6698
> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
> RIP: 0033:0x7fd6f371b888
> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
> </TASK>
> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
>
> Showing all locks held in the system:
> 3 locks held by kworker/u4:0/9:
> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> #1: ffffc900000e7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> #2: ffff88807dfe20e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> 1 lock held by rcu_tasks_kthre/12:
> #0: ffffffff8d127cf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
> 1 lock held by rcu_tasks_trace/13:
> #0: ffffffff8d1284f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
> 1 lock held by khungtaskd/28:
> #0: ffffffff8d127b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
> 3 locks held by kworker/u4:2/41:
> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> #1: ffffc90000b27d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> #2: ffff88801d8680e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> 3 locks held by kworker/u4:4/75:
> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> #1: ffffc900020efd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> #2: ffff88802c2640e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> 2 locks held by kworker/1:2/2494:
> #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> #1: ffffc9000a86fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> 2 locks held by getty/4750:
> #0: ffff88814a0e2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:244
> #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 drivers/tty/n_tty.c:2177
> 1 lock held by syz-executor359/5222:
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> 2 locks held by syz-executor359/5223:
> #0: ffff888021e0f768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> #1: ffff88802c264460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> 1 lock held by syz-executor359/5229:
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> 1 lock held by syz-executor359/5296:
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> 2 locks held by syz-executor359/5298:
> #0: ffff88807e2b0fe8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> #1: ffff88807dfe2460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> 1 lock held by syz-executor359/5304:
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> 1 lock held by syz-executor359/5460:
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> 2 locks held by syz-executor359/5461:
> #0: ffff88801da66ae8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> #1: ffff888148d0a460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> 1 lock held by syz-executor359/5467:
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> 1 lock held by syz-executor359/5570:
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> 2 locks held by syz-executor359/5571:
> #0: ffff88807838a5e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> #1: ffff88801d868460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> 1 lock held by syz-executor359/5575:
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> 1 lock held by syz-executor359/5572:
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> 2 locks held by syz-executor359/5573:
> #0: ffff888026d84d68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> #1: ffff88807b6ac460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> 1 lock held by syz-executor359/5576:
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> 3 locks held by kworker/u4:3/5614:
> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> #1: ffffc90004defd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> #2: ffff88807b6ac0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> 3 locks held by kworker/u4:5/6087:
> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> #1: ffffc900055b7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> #2: ffff888148d0a0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> 1 lock held by syz-executor359/12461:
> #0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
> #0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a3/0x890 kernel/rcu/tree_exp.h:989
>
> =============================================
>
> NMI backtrace for cpu 0
> CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
> nmi_cpu_backtrace+0x4e5/0x560 lib/nmi_backtrace.c:113
> nmi_trigger_cpumask_backtrace+0x1b4/0x410 lib/nmi_backtrace.c:62
> trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
> check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
> watchdog+0x1024/0x1070 kernel/hung_task.c:379
> kthread+0x270/0x300 kernel/kthread.c:376
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> </TASK>
> Sending NMI from CPU 0 to CPUs 1:
> NMI backtrace for cpu 1
> CPU: 1 PID: 6343 Comm: kworker/u4:9 Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
> Workqueue: events_unbound toggle_allocation_gate
> RIP: 0010:rcu_sync_is_idle include/linux/rcu_sync.h:36 [inline]
> RIP: 0010:percpu_up_read include/linux/percpu-rwsem.h:105 [inline]
> RIP: 0010:cpus_read_unlock+0x5f/0x130 kernel/cpu.c:322
> Code: 85 db 74 1b e8 c2 4f 20 00 89 c3 31 ff 89 c6 e8 87 23 39 00 85 db 74 5b e8 ce 1f 39 00 eb 05 e8 c7 1f 39 00 8b 1d 41 be a8 0b <31> ff 89 de e8 68 23 39 00 85 db 0f 85 8c 00 00 00 e8 ab 1f 39 00
> RSP: 0018:ffffc90005757b70 EFLAGS: 00000293
> RAX: ffffffff81538cb2 RBX: 0000000000000000 RCX: ffff888028643a80
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
> RBP: ffffc90005757c50 R08: ffffffff81538ca9 R09: fffffbfff1ce8d2e
> R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
> R13: 1ffff1104779cc03 R14: 0000000000000000 R15: 1ffff92000aeaf70
> FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007ffd6fdf0bb8 CR3: 000000000cf30000 CR4: 00000000003506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> toggle_allocation_gate+0xb5/0x250 mm/kfence/core.c:799
> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> kthread+0x270/0x300 kernel/kthread.c:376
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> </TASK>
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at [email protected].
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this issue, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
Yang Shi <[email protected]> writes:
> On Wed, Mar 1, 2023 at 4:36 PM syzbot
> <[email protected]> wrote:
>>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: 489fa31ea873 Merge branch 'work.misc' of git://git.kernel...
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1034fef8c80000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
>> dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
>> compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc6960c80000
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f39d50c80000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/8121ff3f8044/disk-489fa31e.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/ba8296ba1bf7/vmlinux-489fa31e.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/6459f50e23f3/bzImage-489fa31e.xz
>> mounted in repro: https://storage.googleapis.com/syzbot-assets/845f6538108c/mount_1.gz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: [email protected]
>>
>> INFO: task kworker/u4:0:9 blocked for more than 143 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:kworker/u4:0 state:D stack:21720 pid:9 ppid:2 flags:0x00004000
>> Workqueue: writeback wb_workfn (flush-7:0)
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_lock include/linux/pagemap.h:952 [inline]
>> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
>> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
>> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
>> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
>> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
>> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
>> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
>> wb_check_background_flush fs/fs-writeback.c:2133 [inline]
>> wb_do_writeback fs/fs-writeback.c:2221 [inline]
>> wb_workfn+0xd80/0x1100 fs/fs-writeback.c:2248
>> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
>> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
>> kthread+0x270/0x300 kernel/kthread.c:376
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>> </TASK>
>> INFO: task kworker/u4:2:41 blocked for more than 143 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:kworker/u4:2 state:D stack:20480 pid:41 ppid:2 flags:0x00004000
>> Workqueue: writeback wb_workfn (flush-7:5)
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_lock include/linux/pagemap.h:952 [inline]
>> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
>> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
>> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
>> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
>> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
>> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
>> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
>> wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
>> wb_do_writeback fs/fs-writeback.c:2220 [inline]
>> wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
>> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
>> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
>> kthread+0x270/0x300 kernel/kthread.c:376
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>> </TASK>
>> INFO: task kworker/u4:4:75 blocked for more than 144 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:kworker/u4:4 state:D stack:25088 pid:75 ppid:2 flags:0x00004000
>> Workqueue: writeback wb_workfn (flush-7:1)
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_lock include/linux/pagemap.h:952 [inline]
>> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
>> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
>> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
>> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
>> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
>> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
>> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
>> wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
>> wb_do_writeback fs/fs-writeback.c:2220 [inline]
>> wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
>> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
>> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
>> kthread+0x270/0x300 kernel/kthread.c:376
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>> </TASK>
>> INFO: task syz-executor359:5222 blocked for more than 144 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:26576 pid:5222 ppid:5113 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
>> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
>> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
>> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
>> RIP: 0033:0x7fd6f371b888
>> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
>> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
>> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
>> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
>> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
>> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
>> </TASK>
>> INFO: task syz-executor359:5223 blocked for more than 144 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:24840 pid:5223 ppid:5113 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_lock include/linux/pagemap.h:952 [inline]
>> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
>> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
>> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
>> filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
>> __filemap_fdatawrite_range mm/filemap.c:423 [inline]
>> file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
>> __generic_file_fsync+0x72/0x190 fs/libfs.c:1132
>> fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
>> generic_write_sync include/linux/fs.h:2452 [inline]
>> generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
>> call_write_iter include/linux/fs.h:1851 [inline]
>> new_sync_write fs/read_write.c:491 [inline]
>> vfs_write+0x7b2/0xbb0 fs/read_write.c:584
>> ksys_write+0x1a0/0x2c0 fs/read_write.c:637
>> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
>> entry_SYSCALL_64_after_hwframe+0x63/0xcd
>> RIP: 0033:0x7fd6f36ca719
>> RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
>> RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
>> RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
>> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
>> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
>> </TASK>
>> INFO: task syz-executor359:5229 blocked for more than 144 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:26504 pid:5229 ppid:5113 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
>> migrate_folio_unmap mm/migrate.c:1192 [inline]
>> migrate_pages_batch mm/migrate.c:1685 [inline]
>> migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
>
> The migration has locked the page, but is waiting for writeback. The
> writeback is waiting for the page lock...
>
> I recalled Huge reported the same bug. There is a patch to solve it,
> but may be not shown in linus's tree yet. And It seems like the
> reproducer is dirtying some files on loop device and calling mbind at
> the same time. This does match the reproducer mentioned by Hugh.
Yes. We have fixed a bug report similar. The fix patchset is as
follows,
https://lore.kernel.org/linux-mm/[email protected]/
It will take some time for it to land in Linus's tree.
Best Regards,
Huang, Ying
>> do_mbind mm/mempolicy.c:1338 [inline]
>> kernel_mbind mm/mempolicy.c:1485 [inline]
>> __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> __se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
>> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
>> entry_SYSCALL_64_after_hwframe+0x63/0xcd
>> RIP: 0033:0x7fd6f36ca719
>> RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
>> RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
>> RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
>> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
>> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
>> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
>> </TASK>
>> INFO: task syz-executor359:5296 blocked for more than 145 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:27008 pid:5296 ppid:5112 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
>> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
>> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
>> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
>> RIP: 0033:0x7fd6f371b888
>> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
>> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
>> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
>> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
>> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
>> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
>> </TASK>
>> INFO: task syz-executor359:5298 blocked for more than 145 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:24840 pid:5298 ppid:5112 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_lock include/linux/pagemap.h:952 [inline]
>> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
>> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
>> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
>> filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
>> __filemap_fdatawrite_range mm/filemap.c:423 [inline]
>> file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
>> __generic_file_fsync+0x72/0x190 fs/libfs.c:1132
>> fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
>> generic_write_sync include/linux/fs.h:2452 [inline]
>> generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
>> call_write_iter include/linux/fs.h:1851 [inline]
>> new_sync_write fs/read_write.c:491 [inline]
>> vfs_write+0x7b2/0xbb0 fs/read_write.c:584
>> ksys_write+0x1a0/0x2c0 fs/read_write.c:637
>> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
>> entry_SYSCALL_64_after_hwframe+0x63/0xcd
>> RIP: 0033:0x7fd6f36ca719
>> RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
>> RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
>> RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
>> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
>> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
>> </TASK>
>> INFO: task syz-executor359:5304 blocked for more than 145 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:26504 pid:5304 ppid:5112 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
>> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
>> folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
>> migrate_folio_unmap mm/migrate.c:1192 [inline]
>> migrate_pages_batch mm/migrate.c:1685 [inline]
>> migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
>> do_mbind mm/mempolicy.c:1338 [inline]
>> kernel_mbind mm/mempolicy.c:1485 [inline]
>> __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> __se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
>> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
>> entry_SYSCALL_64_after_hwframe+0x63/0xcd
>> RIP: 0033:0x7fd6f36ca719
>> RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
>> RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
>> RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
>> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
>> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
>> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
>> </TASK>
>> INFO: task syz-executor359:5460 blocked for more than 146 seconds.
>> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> task:syz-executor359 state:D stack:26520 pid:5460 ppid:5115 flags:0x00004004
>> Call Trace:
>> <TASK>
>> context_switch kernel/sched/core.c:5304 [inline]
>> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
>> schedule+0xc3/0x180 kernel/sched/core.c:6698
>> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
>> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
>> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
>> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
>> RIP: 0033:0x7fd6f371b888
>> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
>> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
>> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
>> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
>> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
>> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
>> </TASK>
>> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
>>
>> Showing all locks held in the system:
>> 3 locks held by kworker/u4:0/9:
>> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
>> #1: ffffc900000e7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
>> #2: ffff88807dfe20e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
>> 1 lock held by rcu_tasks_kthre/12:
>> #0: ffffffff8d127cf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
>> 1 lock held by rcu_tasks_trace/13:
>> #0: ffffffff8d1284f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
>> 1 lock held by khungtaskd/28:
>> #0: ffffffff8d127b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
>> 3 locks held by kworker/u4:2/41:
>> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
>> #1: ffffc90000b27d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
>> #2: ffff88801d8680e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
>> 3 locks held by kworker/u4:4/75:
>> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
>> #1: ffffc900020efd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
>> #2: ffff88802c2640e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
>> 2 locks held by kworker/1:2/2494:
>> #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
>> #1: ffffc9000a86fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
>> 2 locks held by getty/4750:
>> #0: ffff88814a0e2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:244
>> #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 drivers/tty/n_tty.c:2177
>> 1 lock held by syz-executor359/5222:
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> 2 locks held by syz-executor359/5223:
>> #0: ffff888021e0f768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
>> #1: ffff88802c264460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
>> 1 lock held by syz-executor359/5229:
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
>> 1 lock held by syz-executor359/5296:
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> 2 locks held by syz-executor359/5298:
>> #0: ffff88807e2b0fe8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
>> #1: ffff88807dfe2460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
>> 1 lock held by syz-executor359/5304:
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
>> 1 lock held by syz-executor359/5460:
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> 2 locks held by syz-executor359/5461:
>> #0: ffff88801da66ae8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
>> #1: ffff888148d0a460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
>> 1 lock held by syz-executor359/5467:
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
>> 1 lock held by syz-executor359/5570:
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> 2 locks held by syz-executor359/5571:
>> #0: ffff88807838a5e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
>> #1: ffff88801d868460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
>> 1 lock held by syz-executor359/5575:
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
>> 1 lock held by syz-executor359/5572:
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
>> 2 locks held by syz-executor359/5573:
>> #0: ffff888026d84d68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
>> #1: ffff88807b6ac460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
>> 1 lock held by syz-executor359/5576:
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
>> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
>> 3 locks held by kworker/u4:3/5614:
>> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
>> #1: ffffc90004defd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
>> #2: ffff88807b6ac0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
>> 3 locks held by kworker/u4:5/6087:
>> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
>> #1: ffffc900055b7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
>> #2: ffff888148d0a0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
>> 1 lock held by syz-executor359/12461:
>> #0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
>> #0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a3/0x890 kernel/rcu/tree_exp.h:989
>>
>> =============================================
>>
>> NMI backtrace for cpu 0
>> CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
>> Call Trace:
>> <TASK>
>> __dump_stack lib/dump_stack.c:88 [inline]
>> dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
>> nmi_cpu_backtrace+0x4e5/0x560 lib/nmi_backtrace.c:113
>> nmi_trigger_cpumask_backtrace+0x1b4/0x410 lib/nmi_backtrace.c:62
>> trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
>> check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
>> watchdog+0x1024/0x1070 kernel/hung_task.c:379
>> kthread+0x270/0x300 kernel/kthread.c:376
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>> </TASK>
>> Sending NMI from CPU 0 to CPUs 1:
>> NMI backtrace for cpu 1
>> CPU: 1 PID: 6343 Comm: kworker/u4:9 Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
>> Workqueue: events_unbound toggle_allocation_gate
>> RIP: 0010:rcu_sync_is_idle include/linux/rcu_sync.h:36 [inline]
>> RIP: 0010:percpu_up_read include/linux/percpu-rwsem.h:105 [inline]
>> RIP: 0010:cpus_read_unlock+0x5f/0x130 kernel/cpu.c:322
>> Code: 85 db 74 1b e8 c2 4f 20 00 89 c3 31 ff 89 c6 e8 87 23 39 00 85
> db 74 5b e8 ce 1f 39 00 eb 05 e8 c7 1f 39 00 8b 1d 41 be a8 0b <31> ff
> 89 de e8 68 23 39 00 85 db 0f 85 8c 00 00 00 e8 ab 1f 39 00
>> RSP: 0018:ffffc90005757b70 EFLAGS: 00000293
>> RAX: ffffffff81538cb2 RBX: 0000000000000000 RCX: ffff888028643a80
>> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
>> RBP: ffffc90005757c50 R08: ffffffff81538ca9 R09: fffffbfff1ce8d2e
>> R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
>> R13: 1ffff1104779cc03 R14: 0000000000000000 R15: 1ffff92000aeaf70
>> FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 00007ffd6fdf0bb8 CR3: 000000000cf30000 CR4: 00000000003506e0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Call Trace:
>> <TASK>
>> toggle_allocation_gate+0xb5/0x250 mm/kfence/core.c:799
>> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
>> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
>> kthread+0x270/0x300 kernel/kthread.c:376
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>> </TASK>
>>
>>
>> ---
>> This report is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at [email protected].
>>
>> syzbot will keep track of this issue. See:
>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>> syzbot can test patches for this issue, for details see:
>> https://goo.gl/tpsmEJ#testing-patches
>>
On Fri, 3 Mar 2023 at 00:43, Huang, Ying <[email protected]> wrote:
>
> Yang Shi <[email protected]> writes:
>
> > On Wed, Mar 1, 2023 at 4:36 PM syzbot
> > <[email protected]> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following issue on:
> >>
> >> HEAD commit: 489fa31ea873 Merge branch 'work.misc' of git://git.kernel...
> >> git tree: upstream
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=1034fef8c80000
> >> kernel config: https://syzkaller.appspot.com/x/.config?x=cbfa7a73c540248d
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=0adf31ecbba886ab504f
> >> compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
> >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc6960c80000
> >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f39d50c80000
> >>
> >> Downloadable assets:
> >> disk image: https://storage.googleapis.com/syzbot-assets/8121ff3f8044/disk-489fa31e.raw.xz
> >> vmlinux: https://storage.googleapis.com/syzbot-assets/ba8296ba1bf7/vmlinux-489fa31e.xz
> >> kernel image: https://storage.googleapis.com/syzbot-assets/6459f50e23f3/bzImage-489fa31e.xz
> >> mounted in repro: https://storage.googleapis.com/syzbot-assets/845f6538108c/mount_1.gz
> >>
> >> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> >> Reported-by: [email protected]
> >>
> >> INFO: task kworker/u4:0:9 blocked for more than 143 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:kworker/u4:0 state:D stack:21720 pid:9 ppid:2 flags:0x00004000
> >> Workqueue: writeback wb_workfn (flush-7:0)
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_lock include/linux/pagemap.h:952 [inline]
> >> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> >> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> >> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> >> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
> >> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
> >> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
> >> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
> >> wb_check_background_flush fs/fs-writeback.c:2133 [inline]
> >> wb_do_writeback fs/fs-writeback.c:2221 [inline]
> >> wb_workfn+0xd80/0x1100 fs/fs-writeback.c:2248
> >> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> >> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> >> kthread+0x270/0x300 kernel/kthread.c:376
> >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> >> </TASK>
> >> INFO: task kworker/u4:2:41 blocked for more than 143 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:kworker/u4:2 state:D stack:20480 pid:41 ppid:2 flags:0x00004000
> >> Workqueue: writeback wb_workfn (flush-7:5)
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_lock include/linux/pagemap.h:952 [inline]
> >> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> >> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> >> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> >> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
> >> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
> >> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
> >> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
> >> wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
> >> wb_do_writeback fs/fs-writeback.c:2220 [inline]
> >> wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
> >> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> >> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> >> kthread+0x270/0x300 kernel/kthread.c:376
> >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> >> </TASK>
> >> INFO: task kworker/u4:4:75 blocked for more than 144 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:kworker/u4:4 state:D stack:25088 pid:75 ppid:2 flags:0x00004000
> >> Workqueue: writeback wb_workfn (flush-7:1)
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_lock include/linux/pagemap.h:952 [inline]
> >> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> >> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> >> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> >> __writeback_single_inode+0x1c4/0x15e0 fs/fs-writeback.c:1600
> >> writeback_sb_inodes+0x92c/0x1360 fs/fs-writeback.c:1891
> >> __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1962
> >> wb_writeback+0x51c/0x1080 fs/fs-writeback.c:2067
> >> wb_check_old_data_flush fs/fs-writeback.c:2167 [inline]
> >> wb_do_writeback fs/fs-writeback.c:2220 [inline]
> >> wb_workfn+0xccb/0x1100 fs/fs-writeback.c:2248
> >> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> >> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> >> kthread+0x270/0x300 kernel/kthread.c:376
> >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> >> </TASK>
> >> INFO: task syz-executor359:5222 blocked for more than 144 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:26576 pid:5222 ppid:5113 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
> >> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
> >> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
> >> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
> >> RIP: 0033:0x7fd6f371b888
> >> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
> >> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
> >> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
> >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
> >> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> >> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
> >> </TASK>
> >> INFO: task syz-executor359:5223 blocked for more than 144 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:24840 pid:5223 ppid:5113 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_lock include/linux/pagemap.h:952 [inline]
> >> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> >> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> >> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> >> filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
> >> __filemap_fdatawrite_range mm/filemap.c:423 [inline]
> >> file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
> >> __generic_file_fsync+0x72/0x190 fs/libfs.c:1132
> >> fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
> >> generic_write_sync include/linux/fs.h:2452 [inline]
> >> generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
> >> call_write_iter include/linux/fs.h:1851 [inline]
> >> new_sync_write fs/read_write.c:491 [inline]
> >> vfs_write+0x7b2/0xbb0 fs/read_write.c:584
> >> ksys_write+0x1a0/0x2c0 fs/read_write.c:637
> >> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> >> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> >> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> >> RIP: 0033:0x7fd6f36ca719
> >> RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> >> RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
> >> RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
> >> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
> >> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> >> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
> >> </TASK>
> >> INFO: task syz-executor359:5229 blocked for more than 144 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:26504 pid:5229 ppid:5113 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
> >> migrate_folio_unmap mm/migrate.c:1192 [inline]
> >> migrate_pages_batch mm/migrate.c:1685 [inline]
> >> migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
> >
> > The migration has locked the page, but is waiting for writeback. The
> > writeback is waiting for the page lock...
> >
> > I recalled Huge reported the same bug. There is a patch to solve it,
> > but may be not shown in linus's tree yet. And It seems like the
> > reproducer is dirtying some files on loop device and calling mbind at
> > the same time. This does match the reproducer mentioned by Hugh.
>
> Yes. We have fixed a bug report similar. The fix patchset is as
> follows,
>
> https://lore.kernel.org/linux-mm/[email protected]/
>
> It will take some time for it to land in Linus's tree.
Let's tell the bot about the fix so that it reports similar issues in future:
#syz fix: migrate_pages: fix deadlock in batched migration
> Best Regards,
> Huang, Ying
>
> >> do_mbind mm/mempolicy.c:1338 [inline]
> >> kernel_mbind mm/mempolicy.c:1485 [inline]
> >> __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> __se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
> >> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> >> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> >> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> >> RIP: 0033:0x7fd6f36ca719
> >> RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
> >> RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
> >> RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
> >> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
> >> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> >> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
> >> </TASK>
> >> INFO: task syz-executor359:5296 blocked for more than 145 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:27008 pid:5296 ppid:5112 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
> >> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
> >> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
> >> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
> >> RIP: 0033:0x7fd6f371b888
> >> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
> >> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
> >> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
> >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
> >> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> >> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
> >> </TASK>
> >> INFO: task syz-executor359:5298 blocked for more than 145 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:24840 pid:5298 ppid:5112 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_lock include/linux/pagemap.h:952 [inline]
> >> write_cache_pages+0x58f/0x1450 mm/page-writeback.c:2440
> >> mpage_writepages+0x107/0x1d0 fs/mpage.c:653
> >> do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
> >> filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:390
> >> __filemap_fdatawrite_range mm/filemap.c:423 [inline]
> >> file_write_and_wait_range+0x20f/0x300 mm/filemap.c:781
> >> __generic_file_fsync+0x72/0x190 fs/libfs.c:1132
> >> fat_file_fsync+0x7e/0x190 fs/fat/file.c:191
> >> generic_write_sync include/linux/fs.h:2452 [inline]
> >> generic_file_write_iter+0x2a1/0x310 mm/filemap.c:4090
> >> call_write_iter include/linux/fs.h:1851 [inline]
> >> new_sync_write fs/read_write.c:491 [inline]
> >> vfs_write+0x7b2/0xbb0 fs/read_write.c:584
> >> ksys_write+0x1a0/0x2c0 fs/read_write.c:637
> >> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> >> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> >> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> >> RIP: 0033:0x7fd6f36ca719
> >> RSP: 002b:00007fd6f36762f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> >> RAX: ffffffffffffffda RBX: 00007fd6f374f7a0 RCX: 00007fd6f36ca719
> >> RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004
> >> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000000
> >> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> >> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7a8
> >> </TASK>
> >> INFO: task syz-executor359:5304 blocked for more than 145 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:26504 pid:5304 ppid:5112 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> io_schedule+0x8c/0x100 kernel/sched/core.c:8884
> >> folio_wait_bit_common+0x86c/0x12b0 mm/filemap.c:1301
> >> folio_wait_writeback+0xec/0x1f0 mm/page-writeback.c:3127
> >> migrate_folio_unmap mm/migrate.c:1192 [inline]
> >> migrate_pages_batch mm/migrate.c:1685 [inline]
> >> migrate_pages+0x2d50/0x6610 mm/migrate.c:1973
> >> do_mbind mm/mempolicy.c:1338 [inline]
> >> kernel_mbind mm/mempolicy.c:1485 [inline]
> >> __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> __se_sys_mbind+0x75a/0x9c0 mm/mempolicy.c:1555
> >> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> >> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
> >> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> >> RIP: 0033:0x7fd6f36ca719
> >> RSP: 002b:00007fd6eb3552e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
> >> RAX: ffffffffffffffda RBX: 00007fd6f374f7b0 RCX: 00007fd6f36ca719
> >> RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
> >> RBP: 00007fd6f371c604 R08: 0000000000000000 R09: 0000000000000002
> >> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f371c0e0
> >> R13: 0000000020000a80 R14: 0030656c69662f2e R15: 00007fd6f374f7b8
> >> </TASK>
> >> INFO: task syz-executor359:5460 blocked for more than 146 seconds.
> >> Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> >> task:syz-executor359 state:D stack:26520 pid:5460 ppid:5115 flags:0x00004004
> >> Call Trace:
> >> <TASK>
> >> context_switch kernel/sched/core.c:5304 [inline]
> >> __schedule+0x17d8/0x4990 kernel/sched/core.c:6622
> >> schedule+0xc3/0x180 kernel/sched/core.c:6698
> >> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
> >> rwsem_down_read_slowpath+0x5f4/0x950 kernel/locking/rwsem.c:1086
> >> __down_read_common+0x61/0x2c0 kernel/locking/rwsem.c:1250
> >> mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
> >> RIP: 0033:0x7fd6f371b888
> >> RSP: 002b:00007ffd6fdf2398 EFLAGS: 00010206
> >> RAX: 00007fd6f374ebd0 RBX: 00007fd6f374d1a8 RCX: 0000000000000001
> >> RDX: 00007fd6f3688d30 RSI: 0000000000000000 RDI: 00007fd6f374ebd0
> >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000010
> >> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> >> R13: 0000000000000001 R14: 00007fd6f37543e0 R15: 0000000000000001
> >> </TASK>
> >> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
> >>
> >> Showing all locks held in the system:
> >> 3 locks held by kworker/u4:0/9:
> >> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> >> #1: ffffc900000e7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> >> #2: ffff88807dfe20e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> >> 1 lock held by rcu_tasks_kthre/12:
> >> #0: ffffffff8d127cf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
> >> 1 lock held by rcu_tasks_trace/13:
> >> #0: ffffffff8d1284f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 kernel/rcu/tasks.h:510
> >> 1 lock held by khungtaskd/28:
> >> #0: ffffffff8d127b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
> >> 3 locks held by kworker/u4:2/41:
> >> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> >> #1: ffffc90000b27d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> >> #2: ffff88801d8680e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> >> 3 locks held by kworker/u4:4/75:
> >> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> >> #1: ffffc900020efd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> >> #2: ffff88802c2640e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> >> 2 locks held by kworker/1:2/2494:
> >> #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> >> #1: ffffc9000a86fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> >> 2 locks held by getty/4750:
> >> #0: ffff88814a0e2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:244
> >> #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 drivers/tty/n_tty.c:2177
> >> 1 lock held by syz-executor359/5222:
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> 2 locks held by syz-executor359/5223:
> >> #0: ffff888021e0f768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> >> #1: ffff88802c264460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> >> 1 lock held by syz-executor359/5229:
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> #0: ffff88807d1df698 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> >> 1 lock held by syz-executor359/5296:
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> 2 locks held by syz-executor359/5298:
> >> #0: ffff88807e2b0fe8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> >> #1: ffff88807dfe2460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> >> 1 lock held by syz-executor359/5304:
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> #0: ffff88802cd0ae98 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> >> 1 lock held by syz-executor359/5460:
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> 2 locks held by syz-executor359/5461:
> >> #0: ffff88801da66ae8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> >> #1: ffff888148d0a460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> >> 1 lock held by syz-executor359/5467:
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> #0: ffff888022485298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> >> 1 lock held by syz-executor359/5570:
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> 2 locks held by syz-executor359/5571:
> >> #0: ffff88807838a5e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> >> #1: ffff88801d868460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> >> 1 lock held by syz-executor359/5575:
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> #0: ffff88807d295298 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> >> 1 lock held by syz-executor359/5572:
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1358 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: handle_page_fault arch/x86/mm/fault.c:1498 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x558/0x8a0 arch/x86/mm/fault.c:1554
> >> 2 locks held by syz-executor359/5573:
> >> #0: ffff888026d84d68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 fs/file.c:1046
> >> #1: ffff88807b6ac460 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x26d/0xbb0 fs/read_write.c:580
> >> 1 lock held by syz-executor359/5576:
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: do_mbind mm/mempolicy.c:1312 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: kernel_mbind mm/mempolicy.c:1485 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_mbind mm/mempolicy.c:1559 [inline]
> >> #0: ffff88807d1dc098 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x47d/0x9c0 mm/mempolicy.c:1555
> >> 3 locks held by kworker/u4:3/5614:
> >> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> >> #1: ffffc90004defd20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> >> #2: ffff88807b6ac0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> >> 3 locks held by kworker/u4:5/6087:
> >> #0: ffff8881451bb938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0
> >> #1: ffffc900055b7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 kernel/workqueue.c:2365
> >> #2: ffff888148d0a0e0 (&type->s_umount_key#43){++++}-{3:3}, at: trylock_super+0x1f/0xf0 fs/super.c:414
> >> 1 lock held by syz-executor359/12461:
> >> #0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
> >> #0: ffffffff8d12d1f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a3/0x890 kernel/rcu/tree_exp.h:989
> >>
> >> =============================================
> >>
> >> NMI backtrace for cpu 0
> >> CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
> >> Call Trace:
> >> <TASK>
> >> __dump_stack lib/dump_stack.c:88 [inline]
> >> dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
> >> nmi_cpu_backtrace+0x4e5/0x560 lib/nmi_backtrace.c:113
> >> nmi_trigger_cpumask_backtrace+0x1b4/0x410 lib/nmi_backtrace.c:62
> >> trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
> >> check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
> >> watchdog+0x1024/0x1070 kernel/hung_task.c:379
> >> kthread+0x270/0x300 kernel/kthread.c:376
> >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> >> </TASK>
> >> Sending NMI from CPU 0 to CPUs 1:
> >> NMI backtrace for cpu 1
> >> CPU: 1 PID: 6343 Comm: kworker/u4:9 Not tainted 6.2.0-syzkaller-10827-g489fa31ea873 #0
> >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
> >> Workqueue: events_unbound toggle_allocation_gate
> >> RIP: 0010:rcu_sync_is_idle include/linux/rcu_sync.h:36 [inline]
> >> RIP: 0010:percpu_up_read include/linux/percpu-rwsem.h:105 [inline]
> >> RIP: 0010:cpus_read_unlock+0x5f/0x130 kernel/cpu.c:322
> >> Code: 85 db 74 1b e8 c2 4f 20 00 89 c3 31 ff 89 c6 e8 87 23 39 00 85
> > db 74 5b e8 ce 1f 39 00 eb 05 e8 c7 1f 39 00 8b 1d 41 be a8 0b <31> ff
> > 89 de e8 68 23 39 00 85 db 0f 85 8c 00 00 00 e8 ab 1f 39 00
> >> RSP: 0018:ffffc90005757b70 EFLAGS: 00000293
> >> RAX: ffffffff81538cb2 RBX: 0000000000000000 RCX: ffff888028643a80
> >> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
> >> RBP: ffffc90005757c50 R08: ffffffff81538ca9 R09: fffffbfff1ce8d2e
> >> R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
> >> R13: 1ffff1104779cc03 R14: 0000000000000000 R15: 1ffff92000aeaf70
> >> FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
> >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >> CR2: 00007ffd6fdf0bb8 CR3: 000000000cf30000 CR4: 00000000003506e0
> >> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> >> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> >> Call Trace:
> >> <TASK>
> >> toggle_allocation_gate+0xb5/0x250 mm/kfence/core.c:799
> >> process_one_work+0x915/0x13a0 kernel/workqueue.c:2390
> >> worker_thread+0xa63/0x1210 kernel/workqueue.c:2537
> >> kthread+0x270/0x300 kernel/kthread.c:376
> >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> >> </TASK>
> >>
> >>
> >> ---
> >> This report is generated by a bot. It may contain errors.
> >> See https://goo.gl/tpsmEJ for more information about syzbot.
> >> syzbot engineers can be reached at [email protected].
> >>
> >> syzbot will keep track of this issue. See:
> >> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> >> syzbot can test patches for this issue, for details see:
> >> https://goo.gl/tpsmEJ#testing-patches