INFO: task hung in nbd

INFO: task hung in nbd_ioctl (2)
Status: fixed on 2020/09/25 01:17
Reported-by: syzbot+e36f41d207137b5d12f7@syzkaller.appspotmail.com
Fix commit: 2a63866c tipc: fix shutdown() of connectionless socket
First crash: 509d, last: 237d

similar bugs (6):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.14	INFO: task hung in nbd_ioctl	C		done	18	483d	557d	1/1	fixed on 2019/12/28 10:32
linux-4.14	INFO: task hung in nbd_ioctl (2)	C		done	16	230d	475d	1/1	fixed on 2020/10/21 11:01
upstream	INFO: task hung in nbd_ioctl	C	done		71	535d	570d	14/22	fixed on 2019/11/06 12:39
linux-4.19	INFO: task hung in nbd_ioctl	C			44	13d	558d	0/1	upstream: reported C repro on 2019/10/12 13:11
upstream	INFO: task hung in nbd_ioctl (3)	C	done	unreliable	6	13d	207d	0/22	upstream: reported C repro on 2020/09/28 07:17
linux-4.14	INFO: task hung in nbd_ioctl (3)	C			6	22d	161d	0/1	upstream: reported C repro on 2020/11/13 07:37

Sample crash report:

INFO: task syz-executor.2:10033 blocked for more than 143 seconds.
      Not tainted 5.9.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28360 pid:10033 ppid:  6875 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3778 [inline]
 __schedule+0x8e5/0x21e0 kernel/sched/core.c:4527
 schedule+0xd0/0x2a0 kernel/sched/core.c:4602
 schedule_timeout+0x1d8/0x250 kernel/time/timer.c:1855
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x163/0x260 kernel/sched/completion.c:138
 flush_workqueue+0x3ff/0x13e0 kernel/workqueue.c:2832
 nbd_start_device_ioctl drivers/block/nbd.c:1330 [inline]
 __nbd_ioctl drivers/block/nbd.c:1405 [inline]
 nbd_ioctl+0x7ac/0xb77 drivers/block/nbd.c:1445
 __blkdev_driver_ioctl block/ioctl.c:224 [inline]
 blkdev_ioctl+0x28c/0x700 block/ioctl.c:620
 block_ioctl+0xf9/0x140 fs/block_dev.c:1871
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl fs/ioctl.c:739 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: Bad RIP value.
RSP: 002b:00007fea163e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000012880 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
RBP: 000000000118cf78 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffdc4edcb0f R14: 00007fea163e59c0 R15: 000000000118cf4c

Showing all locks held in the system:
1 lock held by khungtaskd/1165:
 #0: ffffffff89bd6900 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5825
1 lock held by in:imklog/6537:
 #0: ffff88809ebcdb30 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:930
1 lock held by systemd-udevd/9551:
2 locks held by kworker/u5:0/30326:
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
 #1: ffffc90015c3fda8 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1165 Comm: khungtaskd Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd7d/0x1000 kernel/hung_task.c:295
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9551 Comm: systemd-udevd Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:iterate_chain_key kernel/locking/lockdep.c:386 [inline]
RIP: 0010:__lock_acquire+0xc66/0x5640 kernel/locking/lockdep.c:4414
Code: f0 29 c7 89 c6 01 d0 48 8b 54 24 20 c1 c6 04 31 fe 48 c1 e6 20 48 09 c6 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df 0f b6 04 02 <48> 89 74 24 08 84 c0 74 08 3c 03 0f 8e 0b 3c 00 00 8b 45 20 25 00
RSP: 0018:ffffc90000007aa0 EFLAGS: 00000802
RAX: 0000000000000000 RBX: 00000000734ffe93 RCX: 000000008357d655
RDX: 1ffff1100904bd73 RSI: 86ffc811e6eccc48 RDI: 0000000091e6366e
RBP: ffff88804825eb78 R08: 0000000000000000 R09: ffffffff8c5f39e7
R10: fffffbfff18be73c R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88804825e240 R15: 0000000000000000
FS:  00007f92fd1c98c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557ed0bba078 CR3: 000000008c556000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_acquire+0x1f1/0xad0 kernel/locking/lockdep.c:5005
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:159
 debug_object_deactivate lib/debugobjects.c:710 [inline]
 debug_object_deactivate+0x101/0x300 lib/debugobjects.c:698
 debug_hrtimer_deactivate kernel/time/hrtimer.c:425 [inline]
 debug_deactivate kernel/time/hrtimer.c:486 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1492 [inline]
 __hrtimer_run_queues+0x3cb/0xfc0 kernel/time/hrtimer.c:1588
 hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1650
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
 __sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:770 [inline]
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1787 [inline]
RIP: 0010:vprintk_emit+0x64b/0x770 kernel/printk/printk.c:2028
Code: 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 0f 85 e8 00 00 00 48 83 3d 49 b5 58 08 00 74 6b e8 8a b8 16 00 48 89 df 57 9d <0f> 1f 44 00 00 e9 03 ff ff ff e8 76 b8 16 00 49 c1 ed 03 e8 9d 7f
RSP: 0018:ffffc90007207710 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000293 RCX: 0000000000000006
RDX: ffff88804825e240 RSI: ffffffff815d8686 RDI: 0000000000000293
RBP: ffffc90007207750 R08: 0000000000000001 R09: ffffffff8c5f3a2f
R10: fffffbfff18be745 R11: 0000000000000001 R12: 0000000000000025
R13: 1ffffffff136c779 R14: 0000000000000200 R15: 0000000000000000
 vprintk_func+0x8f/0x1a6 kernel/printk/printk_safe.c:393
 printk+0xba/0xed kernel/printk/printk.c:2078
 check_partition block/partitions/core.c:167 [inline]
 blk_add_partitions+0x5be/0xe10 block/partitions/core.c:698
 bdev_disk_changed+0x1ea/0x370 fs/block_dev.c:1416
 __blkdev_get+0xee4/0x1aa0 fs/block_dev.c:1559
 blkdev_get fs/block_dev.c:1639 [inline]
 blkdev_open+0x227/0x300 fs/block_dev.c:1753
 do_dentry_open+0x4b9/0x11b0 fs/open.c:817
 do_open fs/namei.c:3251 [inline]
 path_openat+0x1b9a/0x2730 fs/namei.c:3368
 do_filp_open+0x17e/0x3c0 fs/namei.c:3395
 do_sys_openat2+0x16d/0x420 fs/open.c:1168
 do_sys_open fs/open.c:1184 [inline]
 __do_sys_open fs/open.c:1192 [inline]
 __se_sys_open fs/open.c:1188 [inline]
 __x64_sys_open+0x119/0x1c0 fs/open.c:1188
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f92fc310840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffe74fe6f68 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000557ed0b7c8e0 RCX: 00007f92fc310840
RDX: 0000557ecfcedfe3 RSI: 00000000000a0800 RDI: 0000557ed0b761f0
RBP: 00007ffe74fe70e0 R08: 0000557ecfced670 R09: 0000000000000010
R10: 0000557ecfcedd0c R11: 0000000000000246 R12: 00007ffe74fe7030
R13: 0000557ed0b69690 R14: 0000000000000003 R15: 000000000000000e

Crashes (37):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report
ci-upstream-kasan-gce-root	2020/08/28 12:38	upstream	15bc20c6	816e0689	.config	log	report
ci-upstream-kasan-gce-root	2020/08/01 06:40	upstream	d8b9faec	d895b3be	.config	log	report
ci-upstream-kasan-gce-root	2020/07/26 02:05	upstream	23ee3e4e	1f7cc1ca	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/17 12:07	upstream	f8456690	54b3c45e	.config	log	report
ci-upstream-kasan-gce-root	2020/07/17 12:05	upstream	f8456690	54b3c45e	.config	log	report
ci-upstream-kasan-gce-root	2020/07/16 01:23	upstream	e9919e11	f3bec699	.config	log	report
ci-upstream-kasan-gce-root	2020/06/25 09:47	upstream	7ae77150	54566aff	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/06/01 19:25	upstream	3d77e6a8	a0331e89	.config	log	report
ci-upstream-kasan-gce-root	2020/05/31 17:26	upstream	ffeb595d	a0331e89	.config	log	report
ci-upstream-kasan-gce-root	2020/05/26 01:33	upstream	9cb1fd0e	30927cd7	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/05/08 10:47	upstream	6e7f2eac	6c70a1c2	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/05/04 07:25	upstream	262f7a6b	58ae5e18	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/03/29 23:08	upstream	e595dd94	05736b29	.config	log	report
ci-upstream-kasan-gce-root	2020/03/28 04:33	upstream	527630fb	831e9a81	.config	log	report
ci-upstream-kasan-gce-root	2020/03/10 15:59	upstream	30bb5572	35f53e45	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/03/06 12:29	upstream	63623fd4	c88c7b75	.config	log	report
ci-upstream-kasan-gce-root	2020/02/29 17:21	upstream	f8788d86	59b57593	.config	log	report
ci-upstream-kasan-gce-root	2020/02/29 10:55	upstream	f8788d86	59b57593	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/02/28 22:40	upstream	f8788d86	59b57593	.config	log	report
ci-upstream-kasan-gce-root	2020/02/25 12:47	upstream	f8788d86	59b57593	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/02/17 21:56	upstream	11a48a5a	2b411596	.config	log	report
ci-upstream-kasan-gce-root	2020/02/15 18:24	upstream	2019fc96	5d7b90f1	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/02/05 04:33	upstream	33b40134	93e5e335	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/02/02 12:49	upstream	94f2630b	2274ad39	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/01/27 09:16	upstream	a45ea48e	dd56146d	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/01/22 15:58	upstream	d96d875e	8eda0b95	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/01/19 07:20	upstream	244dc268	bc8bc756	.config	log	report
ci-upstream-kasan-gce-root	2019/12/24 18:57	upstream	46cf053e	be5c2c81	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/11/30 17:31	upstream	81b6b964	3a75be00	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/07/03 08:37	linux-next	aab20039	bed10395	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/06/25 09:41	linux-next	e7b08814	54566aff	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/06/25 01:34	linux-next	e7b08814	54566aff	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/05/13 05:42	linux-next	ac935d22	a44eb8f7	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/03/23 09:25	linux-next	770fbb32	78267cec	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/03/04 01:54	linux-next	c99b17ac	c88c7b75	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/03/02 16:55	linux-next	c99b17ac	c88c7b75	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/12/24 18:53	linux-next	7ddd09fc	be5c2c81	.config	log	report