INFO: task hung in synchronize

INFO: task hung in synchronize_rcu
Status: upstream: reported on 2019/11/08 21:27
Reported-by: syzbot+2911186fc91302d7feac@syzkaller.appspotmail.com
First crash: 759d, last: 7d07h

similar bugs (6):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in synchronize_rcu (3)	C	done		321	23d	502d	0/22	upstream: reported C repro on 2020/07/22 18:22
android-49	INFO: task hung in synchronize_rcu				1	738d	738d	0/3	auto-closed as invalid on 2020/03/28 16:57
linux-4.14	INFO: task hung in synchronize_rcu	C		error	116	51d	761d	0/1	upstream: reported C repro on 2019/11/07 04:32
upstream	INFO: task hung in synchronize_rcu	syz	done		1206	738d	765d	15/22	fixed on 2019/11/29 15:48
android-414	INFO: task hung in synchronize_rcu				1	756d	756d	0/1	auto-closed as invalid on 2020/03/10 10:42
upstream	INFO: task hung in synchronize_rcu (2)				8	737d	738d	0/22	closed as invalid on 2019/11/30 16:54

Sample crash report:

INFO: task kworker/u4:3:28471 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:3    D25536 28471      2 0x80000000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common+0x29c/0x470 kernel/sched/completion.c:115
 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936
 fsnotify_mark_destroy_workfn+0xfd/0x340 fs/notify/mark.c:795
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 process_scheduled_works kernel/workqueue.c:2212 [inline]
 worker_thread+0x82b/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
device ipvlan15 entered promiscuous mode
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

Showing all locks held in the system:
2 locks held by kworker/u4:0/7:
2 locks held by ksoftirqd/1/18:
2 locks held by kworker/u4:1/23:
 #0: 00000000748c07d1 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000e807ab3d (connector_reaper_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
1 lock held by khungtaskd/1571:
 #0: 000000004557d3ca (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by in:imklog/7822:
 #0: 00000000a1775200 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
2 locks held by agetty/8052:
 #0: 00000000fdc13d1c (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 00000000fba59ba0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154
3 locks held by kworker/0:1/19485:
 #0: 00000000cbb3c113 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000b2688d85 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989
2 locks held by kworker/u4:3/28471:
 #0: 00000000748c07d1 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000c5a36743 ((reaper_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
2 locks held by kworker/0:3/18541:
 #0: 0000000044c87559 ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000006fc85453 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
5 locks held by kworker/1:1/10894:
2 locks held by syz-executor.3/2315:
 #0: 000000006b75f144 (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #0: 000000006b75f144 (&sb->s_type->i_mutex_key#13){+.+.}, at: __sock_release+0x86/0x2a0 net/socket.c:598
 #1: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: ip6mr_sk_done+0xe0/0x370 net/ipv6/ip6mr.c:1564
2 locks held by syz-executor.3/2325:
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779
 #1: 0000000054c9a3ed (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline]
 #1: 0000000054c9a3ed (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x4dc/0x6f0 kernel/rcu/tree_exp.h:667
2 locks held by syz-executor.4/2316:
 #0: 00000000a591b3f2 (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #0: 00000000a591b3f2 (&sb->s_type->i_mutex_key#13){+.+.}, at: __sock_release+0x86/0x2a0 net/socket.c:598
 #1: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: ip6mr_sk_done+0xe0/0x370 net/ipv6/ip6mr.c:1564
2 locks held by syz-executor.1/2317:
 #0: 00000000eefd76d3 (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #0: 00000000eefd76d3 (&sb->s_type->i_mutex_key#13){+.+.}, at: __sock_release+0x86/0x2a0 net/socket.c:598
 #1: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: ip6mr_sk_done+0xe0/0x370 net/ipv6/ip6mr.c:1564
1 lock held by syz-executor.1/2324:
 #0: 00000000868ed180 (rcu_preempt_state.barrier_mutex){+.+.}, at: _rcu_barrier+0x59/0x3e0 kernel/rcu/tree.c:3430
1 lock held by syz-executor.2/2343:
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779
1 lock held by syz-executor.2/2364:
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779
1 lock held by syz-executor.0/2345:
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779
1 lock held by syz-executor.0/2349:
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
 #0: 000000008e0c59f0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1571 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x991/0xe60 kernel/hung_task.c:287
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 10894 Comm: kworker/1:1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events ipvlan_process_multicast
RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline]
RIP: 0010:__in6_dev_get include/net/addrconf.h:340 [inline]
RIP: 0010:fib6_ignore_linkdown net/ipv6/route.c:655 [inline]
RIP: 0010:find_match.part.0+0x84/0x1530 net/ipv6/route.c:673
Code: 4d 85 f6 0f 84 1c 01 00 00 e8 e8 fe 5a fa 49 8d be 40 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 30 12 00 00 4d 8b b6 40 03 00 00 e8 3a 17 49 fa 31 ff 89 c6
RSP: 0018:ffff8880ba107680 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff88805cc7a0c0 RCX: ffff8880ba107800
RDX: 1ffff11012cc9d10 RSI: ffffffff87078688 RDI: ffff88809664e880
RBP: ffff8880ba107728 R08: ffff88809f356c00 R09: ffff8880ba1077f0
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000003
R13: 0000000000000093 R14: ffff88809664e540 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f93e976f718 CR3: 00000000a44a6000 CR4: 00000000003426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 find_match net/ipv6/route.c:670 [inline]
 find_rr_leaf net/ipv6/route.c:719 [inline]
 rt6_select net/ipv6/route.c:769 [inline]
 fib6_table_lookup+0x4c2/0xf40 net/ipv6/route.c:1876
 ip6_pol_route+0x180/0x1270 net/ipv6/route.c:1909
 fib6_rule_lookup+0x10b/0x4e0 net/ipv6/fib6_rules.c:118
 ip6_route_input_lookup net/ipv6/route.c:1990 [inline]
 ip6_route_input+0x6c0/0xaa0 net/ipv6/route.c:2125
 ip6_rcv_finish_core.constprop.0.isra.0+0xd7/0x550 net/ipv6/ip6_input.c:63
 ip6_rcv_finish+0x176/0x2f0 net/ipv6/ip6_input.c:74
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
 process_backlog+0x241/0x700 net/core/dev.c:5849
 napi_poll net/core/dev.c:6280 [inline]
 net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
 </IRQ>
 do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
 do_softirq kernel/softirq.c:328 [inline]
 __local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 ipvlan_process_multicast+0x79c/0xcb0 drivers/net/ipvlan/ipvlan_core.c:284
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
----------------
Code disassembly (best guess):
   0:	4d 85 f6             	test   %r14,%r14
   3:	0f 84 1c 01 00 00    	je     0x125
   9:	e8 e8 fe 5a fa       	callq  0xfa5afef6
   e:	49 8d be 40 03 00 00 	lea    0x340(%r14),%rdi
  15:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1c:	fc ff df
  1f:	48 89 fa             	mov    %rdi,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
* 2a:	0f 85 30 12 00 00    	jne    0x1260 <-- trapping instruction
  30:	4d 8b b6 40 03 00 00 	mov    0x340(%r14),%r14
  37:	e8 3a 17 49 fa       	callq  0xfa491776
  3c:	31 ff                	xor    %edi,%edi
  3e:	89 c6                	mov    %eax,%esi

Crashes (31):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci2-linux-4-19	2021/11/30 02:47	linux-4.19.y	3f8a27f9e27b	d0830353	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/11/29 02:06	linux-4.19.y	3f8a27f9e27b	63eeac02	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/11/03 06:02	linux-4.19.y	3f8a27f9e27b	17f3edd2	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/10/25 08:19	linux-4.19.y	3f8a27f9e27b	4f0000ee	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/10/03 12:50	linux-4.19.y	c2276d585654	db0f5787	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/09/15 16:43	linux-4.19.y	b172b44fcb17	07e953c1	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/08/19 08:55	linux-4.19.y	59456c9cc40c	a2fe1cb5	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/06/22 02:31	linux-4.19.y	eb575cd5d7f6	aba2b2fb	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/06/13 09:07	linux-4.19.y	9a2dc0e6c531	1ba81399	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/06/06 21:47	linux-4.19.y	1722257b8ece	500c2339	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/05/09 15:48	linux-4.19.y	3c8c23092588	bc5434be	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/04/19 02:08	linux-4.19.y	2965db2e004c	7e2b734b	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/03/11 13:59	linux-4.19.y	030194a5b292	c2ca1f2a	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/03/05 01:53	linux-4.19.y	dfb571610ba3	f89ed068	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/02/24 07:03	linux-4.19.y	2d19be4653f5	fcc6d71b	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/02/07 12:06	linux-4.19.y	811218eceeaa	2ce644fc	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/02/03 23:12	linux-4.19.y	811218eceeaa	624dad51	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/02/01 11:17	linux-4.19.y	811218eceeaa	fc9fd31e	.config	log	report	info	INFO: task hung in synchronize_rcu
ci2-linux-4-19	2021/01/09 06:20	linux-4.19.y	4143d798313f	c104d4a3	.config	log	report	info
ci2-linux-4-19	2021/01/05 22:37	linux-4.19.y	3207316b3bee	b1c228e1	.config	log	report	info
ci2-linux-4-19	2020/10/15 05:09	linux-4.19.y	a1b977b49b66	fc7735a2	.config	log	report	info
ci2-linux-4-19	2020/10/02 15:04	linux-4.19.y	b09c34517e1a	062c9832	.config	log	report	info
ci2-linux-4-19	2020/08/07 09:10	linux-4.19.y	961f830af065	cb436c69	.config	log	report
ci2-linux-4-19	2020/05/10 03:19	linux-4.19.y	84920cc7fbe1	8742a2b9	.config	log	report
ci2-linux-4-19	2020/02/20 18:48	linux-4.19.y	4fccc2503536	81230308	.config	log	report
ci2-linux-4-19	2020/01/19 05:25	linux-4.19.y	dc4ba5be1bab	bc8bc756	.config	log	report
ci2-linux-4-19	2020/01/16 02:28	linux-4.19.y	db5b9190ff82	f9b69507	.config	log	report
ci2-linux-4-19	2019/12/30 11:25	linux-4.19.y	672481c2deff	af6b8ef8	.config	log	report
ci2-linux-4-19	2019/12/14 10:56	linux-4.19.y	312017a460d5	eef6e580	.config	log	report
ci2-linux-4-19	2019/12/05 23:21	linux-4.19.y	fb683b5e3f53	9fd5a512	.config	log	report
ci2-linux-4-19	2019/11/08 20:26	linux-4.19.y	5ee93551c703	1e35461e	.config	log	report