syzbot


INFO: task hung in p9_fd_close

Status: upstream: reported C repro on 2019/08/11 15:06
Reported-by: syzbot+4c95c74a88b035133d2c@syzkaller.appspotmail.com
First crash: 1205d, last: 6d20h

Fix bisection: the fix commit could be any of (bisect log):
  3ffe1e79c174 Linux 4.14.138
  56dfe6252c68 Linux 4.14.188
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in p9_fd_close C error error 484 22d 1186d 23/24 upstream: reported C repro on 2019/08/30 19:28
linux-4.19 INFO: task hung in p9_fd_close C error 201 1d03h 1197d 0/1 upstream: reported C repro on 2019/08/19 15:52
upstream INFO: task can't die in p9_fd_close C done 58 217d 824d 0/24 closed as dup on 2022/08/26 12:44

Sample crash report:
INFO: task syz-executor310:7966 blocked for more than 140 seconds.
      Not tainted 4.14.281-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor310 D28288  7966   7958 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
 flush_work+0x3fe/0x770 kernel/workqueue.c:2894
 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
 p9_conn_destroy net/9p/trans_fd.c:898 [inline]
 p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925
 p9_client_create+0x736/0x12c0 net/9p/client.c:1095
 v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422
 v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2572 [inline]
 do_mount+0xe65/0x2a30 fs/namespace.c:2905
 SYSC_mount fs/namespace.c:3121 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3098
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f0bd02d6359
RSP: 002b:00007f0bd0262278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f0bd035b4f0 RCX: 00007f0bd02d6359
RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
RBP: 00007f0bd03280bc R08: 0000000020000740 R09: 65732f636f72702f
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0bd0262280
R13: 7277732f7665642f R14: 64663d736e617274 R15: 00007f0bd035b4f8

Showing all locks held in the system:
1 lock held by khungtaskd/1534:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff87026b7c>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
2 locks held by kworker/1:2/3586:
 #0:  ("events"){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&m->rq)){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
1 lock held by in:imklog/7642:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff818d6ceb>] __fdget_pos+0x1fb/0x2b0 fs/file.c:819

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1534 Comm: khungtaskd Not tainted 4.14.281-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5b9/0xb40 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4625 Comm: systemd-journal Not tainted 4.14.281-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a1214180 task.stack: ffff8880a1218000
RIP: 0010:____cache_alloc mm/slab.c:3116 [inline]
RIP: 0010:__do_cache_alloc mm/slab.c:3347 [inline]
RIP: 0010:slab_alloc mm/slab.c:3382 [inline]
RIP: 0010:kmem_cache_alloc+0x1ae/0x3c0 mm/slab.c:3550
RSP: 0018:ffff8880a121fb58 EFLAGS: 00000082
RAX: 0000000000000000 RBX: 00000000014080c0 RCX: 0000000000000000
RDX: 000000000000001b RSI: ffffffff87ccff80 RDI: ffffffff87ccffc0
RBP: ffff8880b60bf080 R08: ffffffff8b9ad0c8 R09: 0000000000000000
R10: 0000000000000000 R11: ffff8880a1214180 R12: ffffe8ffffc02a80
R13: 00000000014080c0 R14: ffff8880b60bf080 R15: 0000000000000282
FS:  00007fe3657538c0(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe362b22000 CR3: 00000000a1305000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kmem_cache_zalloc include/linux/slab.h:651 [inline]
 get_empty_filp+0x86/0x3f0 fs/file_table.c:123
 path_openat+0x84/0x2970 fs/namei.c:3545
 do_filp_open+0x179/0x3c0 fs/namei.c:3603
 do_sys_open+0x296/0x410 fs/open.c:1081
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fe364ce2840
RSP: 002b:00007ffccf1a8e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ffccf1a9180 RCX: 00007fe364ce2840
RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055777c2b6460
RBP: 000000000000000d R08: 000000000000ffc0 R09: 00000000ffffffff
R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000055777c2ab040 R14: 00007ffccf1a9140 R15: 000055777c2b64b0
Code: c6 e9 c7 fe ff ff 48 8b 80 a8 04 00 00 a8 04 0f 85 13 ff ff ff 4d 8b 26 e8 90 4a 9b 01 89 c0 4c 03 24 c5 60 9d cc 88 41 8b 14 24 <85> d2 0f 84 73 01 00 00 41 c7 44 24 0c 01 00 00 00 83 ea 01 41 
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	e9 c7 fe ff ff       	jmpq   0xfffffecc
   5:	48 8b 80 a8 04 00 00 	mov    0x4a8(%rax),%rax
   c:	a8 04                	test   $0x4,%al
   e:	0f 85 13 ff ff ff    	jne    0xffffff27
  14:	4d 8b 26             	mov    (%r14),%r12
  17:	e8 90 4a 9b 01       	callq  0x19b4aac
  1c:	89 c0                	mov    %eax,%eax
  1e:	4c 03 24 c5 60 9d cc 	add    -0x773362a0(,%rax,8),%r12
  25:	88
  26:	41 8b 14 24          	mov    (%r12),%edx
* 2a:	85 d2                	test   %edx,%edx <-- trapping instruction
  2c:	0f 84 73 01 00 00    	je     0x1a5
  32:	41 c7 44 24 0c 01 00 	movl   $0x1,0xc(%r12)
  39:	00 00
  3b:	83 ea 01             	sub    $0x1,%edx
  3e:	41                   	rex.B

Crashes (78):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2022/06/03 09:03 linux-4.14.y 501eec4f9e13 02dddea8 .config log report syz C INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/02/12 02:16 linux-4.14.y 2c8a3fceddf0 a5f86b15 .config log report syz C INFO: task hung in p9_fd_close
ci2-linux-4-14 2019/08/11 14:05 linux-4.14.y 3ffe1e79c174 acb51638 .config log report syz C
ci2-linux-4-14 2020/12/18 11:25 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report syz
ci2-linux-4-14 2020/12/16 07:11 linux-4.14.y 3f2ecb86cb90 f213e07e .config log report syz
ci2-linux-4-14 2020/12/13 14:45 linux-4.14.y 3f2ecb86cb90 bca53db9 .config log report syz
ci2-linux-4-14 2020/12/13 06:31 linux-4.14.y 3f2ecb86cb90 bca53db9 .config log report syz
ci2-linux-4-14 2020/12/05 01:17 linux-4.14.y c196b3a9c83a 20366b87 .config log report syz
ci2-linux-4-14 2020/12/01 21:19 linux-4.14.y 87335852c5d9 07bfe8a5 .config log report syz
ci2-linux-4-14 2020/11/26 23:15 linux-4.14.y 87335852c5d9 2f1cec62 .config log report syz
ci2-linux-4-14 2019/10/08 00:51 linux-4.14.y 42327896f194 28ac6e64 .config log report syz
ci2-linux-4-14 2022/11/21 22:51 linux-4.14.y e911713e40ca 1c576c23 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/11/14 22:33 linux-4.14.y e911713e40ca 97de9cfc .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/11/08 12:43 linux-4.14.y a901bb6c7db7 060f945e .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/11/08 03:28 linux-4.14.y a901bb6c7db7 6feb842b .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/11/03 04:02 linux-4.14.y a85772d7ba90 7a2ebf95 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/26 13:55 linux-4.14.y 41f36d7859a7 2159e4d2 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/26 01:12 linux-4.14.y 9d5c0b3a8e1a 2159e4d2 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/24 10:50 linux-4.14.y 9d5c0b3a8e1a faae2fda .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/21 08:56 linux-4.14.y 9d5c0b3a8e1a 63e790dd .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/20 20:02 linux-4.14.y 9d5c0b3a8e1a a0fd4dab .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/13 02:32 linux-4.14.y 9d5c0b3a8e1a 3f6b40a1 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/11 18:24 linux-4.14.y 9d5c0b3a8e1a 02b6492e .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/10 09:30 linux-4.14.y 9d5c0b3a8e1a aea5da89 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/10/06 04:03 linux-4.14.y 9d5c0b3a8e1a 2c6543ad .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/08/22 06:57 linux-4.14.y b641242202ed 26a13b38 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/06/14 21:55 linux-4.14.y 1ccc597f801c 127d1faf .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/06/05 07:42 linux-4.14.y 501eec4f9e13 c8857892 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/06/03 02:39 linux-4.14.y 501eec4f9e13 02dddea8 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/06/02 22:53 linux-4.14.y 501eec4f9e13 02dddea8 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/01/16 17:47 linux-4.14.y 4ba8e26127c3 723cfaf0 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2022/01/16 15:14 linux-4.14.y 4ba8e26127c3 723cfaf0 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/12/06 03:26 linux-4.14.y 66722c42ec91 a617004c .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/12/05 12:52 linux-4.14.y 66722c42ec91 a617004c .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/12/04 15:28 linux-4.14.y 66722c42ec91 a617004c .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/05/16 21:44 linux-4.14.y 7d7d1c0ab3eb f54a5c09 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/04/14 09:26 linux-4.14.y 958e517f4e16 3134b37f .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/02/27 02:22 linux-4.14.y 3242aa3a635c 4c37c133 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/02/12 19:14 linux-4.14.y 2c8a3fceddf0 98682e5e .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2021/02/11 23:22 linux-4.14.y 2c8a3fceddf0 a5f86b15 .config log report info INFO: task hung in p9_fd_close
ci2-linux-4-14 2020/12/02 00:36 linux-4.14.y 87335852c5d9 c42a35e9 .config log report info
ci2-linux-4-14 2020/11/25 18:15 linux-4.14.y 87335852c5d9 3f581b43 .config log report info
ci2-linux-4-14 2020/11/20 20:07 linux-4.14.y 8961076ed318 68068804 .config log report info
ci2-linux-4-14 2020/10/21 12:40 linux-4.14.y 5b7a52cd2eef 99c64d5c .config log report info
ci2-linux-4-14 2020/10/21 11:19 linux-4.14.y 5b7a52cd2eef 99c64d5c .config log report info
ci2-linux-4-14 2020/10/21 09:12 linux-4.14.y cbfa1702aaf6 e761439e .config log report info
ci2-linux-4-14 2020/10/19 09:37 linux-4.14.y cbfa1702aaf6 ff4a3345 .config log report info
ci2-linux-4-14 2020/10/19 04:55 linux-4.14.y cbfa1702aaf6 fea47c01 .config log report info
ci2-linux-4-14 2020/10/18 21:47 linux-4.14.y cbfa1702aaf6 fea47c01 .config log report info
ci2-linux-4-14 2020/10/12 09:23 linux-4.14.y cbfa1702aaf6 4a77ae0b .config log report info
ci2-linux-4-14 2020/09/20 19:19 linux-4.14.y cbfa1702aaf6 9564d2e9 .config log report info
ci2-linux-4-14 2020/09/11 08:43 linux-4.14.y 458a534cac0c ac7ca78e .config log report
ci2-linux-4-14 2020/08/28 22:05 linux-4.14.y d7e78d08fa77 d5a3ae1f .config log report
ci2-linux-4-14 2020/08/25 11:23 linux-4.14.y 6a24ca2506d6 344da168 .config log report
ci2-linux-4-14 2020/05/17 16:15 linux-4.14.y ab9dfda23248 37bccd4e .config log report
ci2-linux-4-14 2020/05/17 10:50 linux-4.14.y ab9dfda23248 37bccd4e .config log report
ci2-linux-4-14 2020/04/09 08:13 linux-4.14.y 4520f06b03ae a8c6a3f8 .config log report
ci2-linux-4-14 2020/03/21 13:43 linux-4.14.y 01364dad1d45 aa6c6a55 .config log report
ci2-linux-4-14 2020/02/24 17:56 linux-4.14.y 98db2bf27b9e 1253d6f0 .config log report
ci2-linux-4-14 2020/02/24 17:53 linux-4.14.y 98db2bf27b9e 1253d6f0 .config log report
ci2-linux-4-14 2019/12/30 01:08 linux-4.14.y e1f7d50ae3a3 af6b8ef8 .config log report
ci2-linux-4-14 2019/12/22 09:36 linux-4.14.y e1f7d50ae3a3 bc586918 .config log report
ci2-linux-4-14 2019/12/16 13:05 linux-4.14.y a844dc4c5442 0ae38e44 .config log report
ci2-linux-4-14 2019/12/15 14:57 linux-4.14.y a844dc4c5442 eef6e580 .config log report
ci2-linux-4-14 2019/12/09 20:39 linux-4.14.y a844dc4c5442 b31eda3d .config log report
ci2-linux-4-14 2019/11/27 18:08 linux-4.14.y 43598c571e7e 0d63f89c .config log report
ci2-linux-4-14 2019/11/27 07:41 linux-4.14.y 43598c571e7e 1048481f .config log report
ci2-linux-4-14 2019/11/23 13:47 linux-4.14.y f56f3d0e65ad 598ca6c8 .config log report
ci2-linux-4-14 2019/11/19 21:45 linux-4.14.y 775d01b65b5d 432c7650 .config log report
ci2-linux-4-14 2019/11/19 20:38 linux-4.14.y 775d01b65b5d 432c7650 .config log report
ci2-linux-4-14 2019/11/17 07:14 linux-4.14.y 775d01b65b5d cdac920b .config log report
ci2-linux-4-14 2019/11/15 03:06 linux-4.14.y 775d01b65b5d 048f2d49 .config log report
ci2-linux-4-14 2019/11/13 17:03 linux-4.14.y 4762bcd451a9 048f2d49 .config log report
ci2-linux-4-14 2019/11/11 13:10 linux-4.14.y c9fda4f22428 dc438b91 .config log report
ci2-linux-4-14 2019/11/02 21:34 linux-4.14.y ddef1e8e3f6e d603afc9 .config log report
ci2-linux-4-14 2019/10/15 13:57 linux-4.14.y e132c8d7b58d b5268b89 .config log report
ci2-linux-4-14 2019/10/14 09:15 linux-4.14.y e132c8d7b58d 2f661ec4 .config log report
ci2-linux-4-14 2019/10/07 05:16 linux-4.14.y db1892238c55 f3f7d9c8 .config log report
* Struck through repros no longer work on HEAD.