INFO: task hung in tun_chr

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	INFO: task hung in tun_chr_close				1	1354d	1354d	0/1	auto-closed as invalid on 2020/12/09 18:55
upstream	INFO: task hung in tun_chr_close (4) net	syz	unreliable	error	14	896d	956d	0/26	auto-closed as invalid on 2022/09/18 21:51
upstream	INFO: task hung in tun_chr_close net				5	1680d	2262d	0/26	closed as dup on 2018/02/16 08:24
linux-4.19	INFO: task hung in tun_chr_close (3)				1	631d	631d	0/1	auto-obsoleted due to no activity on 2022/12/03 04:48
upstream	INFO: task hung in rtnetlink_rcv_msg net	C	inconclusive	inconclusive	913	46d	1890d	0/26	upstream: reported C repro on 2019/02/22 17:00
android-49	INFO: task hung in tun_chr_close				1	2176d	2176d	0/3	auto-closed as invalid on 2019/02/22 14:33
linux-4.19	INFO: task hung in tun_chr_close (4)				3	437d	465d	0/1	upstream: reported on 2023/01/18 07:05
linux-4.19	INFO: task hung in tun_chr_close (2)				6	844d	938d	0/1	auto-closed as invalid on 2022/05/04 09:03
upstream	INFO: task hung in tun_chr_close (3) net				1	1068d	1068d	0/26	auto-closed as invalid on 2021/08/23 13:06
android-44	INFO: task hung in tun_chr_close				1	2186d	2186d	0/2	auto-closed as invalid on 2019/02/22 15:23
upstream	INFO: task hung in tun_chr_close (2) net				7	1176d	1397d	0/26	auto-closed as invalid on 2021/05/17 11:47

INFO: task syz-executor.4:6831 blocked for more than 143 seconds. Not tainted 5.15.152-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:21080 pid: 6831 ppid: 1 flags:0x00004002 Call Trace: <TASK> context_switch kernel/sched/core.c:5030 [inline] __schedule+0x12c4/0x45b0 kernel/sched/core.c:6376 schedule+0x11b/0x1f0 kernel/sched/core.c:6459 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518 __mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 tun_detach drivers/net/tun.c:699 [inline] tun_chr_close+0x3a/0x1b0 drivers/net/tun.c:3435 __fput+0x3bf/0x890 fs/file_table.c:280 task_work_run+0x129/0x1a0 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0x6a3/0x2480 kernel/exit.c:872 do_group_exit+0x144/0x310 kernel/exit.c:994 __do_sys_exit_group kernel/exit.c:1005 [inline] __se_sys_exit_group kernel/exit.c:1003 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1003 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f3119c87da9 RSP: 002b:00007ffd6e02d348 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3119c87da9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 RBP: 00007f3119cd444b R08: 00007ffd6e02b0e6 R09: 000000000005712a R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001c R13: 000000000005712a R14: 0000000000056d53 R15: 000000000000001e </TASK> Showing all locks held in the system: 3 locks held by kworker/1:0/21: #0: ffff888011c71938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283 #1: ffffc90000db7d20 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285 #2: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7f/0xb70 net/wireless/reg.c:2436 1 lock held by khungtaskd/27: #0: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 5 locks held by kworker/u4:3/396: #0: ffff8880143d4938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283 #1: ffffc90002c17d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285 #2: ffff88807f03e0e0 (&type->s_umount_key#32){++++}-{3:3}, at: trylock_super+0x1b/0xf0 fs/super.c:418 #3: ffff88807f040bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1f6/0x3d10 fs/ext4/inode.c:2677 #4: ffff88807f042990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x12b9/0x1570 fs/jbd2/transaction.c:462 3 locks held by kworker/1:2/1066: #0: ffff88814a722138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283 #1: ffffc90005207d20 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285 #2: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4655 2 locks held by getty/3255: #0: ffff888024a46098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252 #1: ffffc90002bab2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158 3 locks held by kworker/u4:6/3636: 4 locks held by kworker/u4:8/4180: #0: ffff888011dcd138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283 #1: ffffc9000b63fd20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285 #2: ffffffff8d9cfe50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 net/core/net_namespace.c:558 #3: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0xa4f/0xc40 net/core/dev.c:10652 1 lock held by syz-executor.4/6831: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:699 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0 drivers/net/tun.c:3435 3 locks held by kworker/0:12/7317: #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283 #1: ffffc900051e7d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285 #2: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251 2 locks held by kworker/0:13/7318: #0: ffff888011c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283 #1: ffffc900051f7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285 2 locks held by syz-executor.2/7858: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:699 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0 drivers/net/tun.c:3435 #1: ffffffff8c923ce8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #1: ffffffff8c923ce8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740 kernel/rcu/tree_exp.h:845 1 lock held by syz-executor.1/8047: #0: ffff88807f040bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1f6/0x3d10 fs/ext4/inode.c:2677 1 lock held by syz-executor.1/8061: 1 lock held by syz-executor.2/8065: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 1 lock held by syz-executor.1/8088: 1 lock held by syz-executor.1/8108: 2 locks held by syz-executor.0/8119: 1 lock held by syz-executor.1/8125: 1 lock held by syz-executor.4/8131: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 2 locks held by syz-executor.0/8145: 2 locks held by syz-executor.1/8149: 1 lock held by syz-executor.1/8157: 1 lock held by syz-executor.0/8161: 2 locks held by syz-executor.0/8178: #0: ffff88807f040bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1f6/0x3d10 fs/ext4/inode.c:2677 #1: ffff88807f042990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x12b9/0x1570 fs/jbd2/transaction.c:462 1 lock held by syz-executor.1/8211: #0: ffff88807f040bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1f6/0x3d10 fs/ext4/inode.c:2677 1 lock held by syz-executor.0/8216: #0: ffff88807f040bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1f6/0x3d10 fs/ext4/inode.c:2677 3 locks held by syz-executor.1/8257: 3 locks held by syz-executor.1/8280: 1 lock held by syz-executor.0/8309: 1 lock held by syz-executor.0/8630: 1 lock held by syz-executor.0/8647: 1 lock held by syz-executor.0/8661: 1 lock held by syz-executor.0/8679: 2 locks held by syz-executor.1/8688: 1 lock held by syz-executor.3/8701: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:699 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0 drivers/net/tun.c:3435 1 lock held by syz-executor.0/8705: 1 lock held by syz-executor.3/8711: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 1 lock held by syz-executor.1/8718: 1 lock held by syz-executor.0/8728: 1 lock held by syz-executor.1/8746: 3 locks held by syz-executor.0/8768: 1 lock held by syz-executor.0/8778: 1 lock held by syz-executor.1/8787: #0: ffff88807f040bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1f6/0x3d10 fs/ext4/inode.c:2677 1 lock held by syz-executor.2/8803: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 1 lock held by syz-executor.0/8805: 1 lock held by syz-executor.0/8819: 2 locks held by syz-executor.1/8830: 1 lock held by syz-executor.4/8840: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 2 locks held by syz-executor.0/8997: 4 locks held by syz-executor.0/9118: 4 locks held by syz-executor.1/9120: 4 locks held by syz-executor.1/9130: 4 locks held by syz-executor.0/9134: 2 locks held by syz-executor.0/9143: 2 locks held by syz-executor.1/9149: 2 locks held by syz-executor.1/9159: 4 locks held by syz-executor.0/9164: 2 locks held by syz-executor.0/9173: 4 locks held by syz-executor.0/9177: 4 locks held by syz-executor.1/9183: 2 locks held by syz-executor.0/9196: 2 locks held by syz-executor.1/9439: 1 lock held by syz-executor.3/9453: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 3 locks held by syz-executor.0/9457: 4 locks held by syz-executor.1/9467: 4 locks held by syz-executor.1/9566: 3 locks held by syz-executor.0/9703: 3 locks held by syz-executor.0/9713: 1 lock held by syz-executor.2/9726: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 1 lock held by syz-executor.4/9849: #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d9dba08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5626 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xe72/0xeb0 kernel/hung_task.c:295 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 </TASK> Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8787 Comm: syz-executor.1 Not tainted 5.15.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 RIP: 0010:lock_is_held_type+0xa/0x180 kernel/locking/lockdep.c:5651 Code: 48 c7 c6 e0 13 8b 8a e8 d4 19 30 f7 0f 0b eb bf e8 ab fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 57 41 56 41 55 41 54 53 <48> 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 bd ff ff ff RSP: 0018:ffffc90003a8ee90 EFLAGS: 00000286 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff888018ec8000 RDX: ffff888018ec8000 RSI: 00000000ffffffff RDI: ffff88805a4118d8 RBP: ffff88805a4118d8 R08: ffffffff81a89244 R09: fffff940001968a7 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90003a8ef80 R13: 1ffff92000751df0 R14: ffffea0000cb4500 R15: ffff88807050b180 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5d67b7f978 CR3: 0000000061d0a000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> lock_is_held include/linux/lockdep.h:287 [inline] xa_entry include/linux/xarray.h:1182 [inline] xas_reload+0xfd/0x470 include/linux/xarray.h:1558 find_get_entry mm/filemap.c:1996 [inline] find_get_pages_range+0x3d5/0x780 mm/filemap.c:2163 pagevec_lookup_range+0x2e/0x70 mm/swap.c:1104 mpage_release_unused_pages+0x30b/0x9a0 fs/ext4/inode.c:1581 ext4_writepages+0x2c66/0x3d10 fs/ext4/inode.c:2835 do_writepages+0x481/0x730 mm/page-writeback.c:2364 filemap_fdatawrite_wbc+0x1d6/0x230 mm/filemap.c:400 __filemap_fdatawrite_range mm/filemap.c:433 [inline] __filemap_fdatawrite mm/filemap.c:439 [inline] filemap_flush+0x10c/0x150 mm/filemap.c:466 ext4_release_file+0x7d/0x300 fs/ext4/file.c:141 __fput+0x3bf/0x890 fs/file_table.c:280 task_work_run+0x129/0x1a0 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0x6a3/0x2480 kernel/exit.c:872 do_group_exit+0x144/0x310 kernel/exit.c:994 get_signal+0xc66/0x14e0 kernel/signal.c:2889 arch_do_signal_or_restart+0xc3/0x1890 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop+0x97/0x130 kernel/entry/common.c:172 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208 irqentry_exit_to_user_mode+0x5/0x40 kernel/entry/common.c:314 exc_page_fault+0x342/0x740 arch/x86/mm/fault.c:1544 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:568 RIP: 0033:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 002b:00000000200001b8 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 00007f396faacf80 RCX: 00007f396f97eda9 RDX: 00000000200001c0 RSI: 00000000200001b0 RDI: 0000000008003080 RBP: 00007f396f9cb47a R08: 0000000020000240 R09: 0000000020000240 R10: 0000000020000200 R11: 0000000000000202 R12: 0000000000000000 R13: 000000000000000b R14: 00007f396faacf80 R15: 00007ffeb8375788 </TASK>

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/03/18 08:53	linux-5.15.y	b95c01af2113	d615901c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-perf	INFO: task hung in tun_chr_close

Crashes (1):

Assets (help?)