INFO: task hung in _rcu

INFO: task hung in _rcu_barrier
Status: auto-closed as invalid on 2019/03/23 10:41
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 665d, last: 647d

similar bugs (4):
Kernel	Title	Repro	Count	Last	Reported	Patched	Status
android-414	INFO: task hung in _rcu_barrier (2)		2	376d	388d	0/1	auto-closed as invalid on 2019/10/25 08:36
android-49	INFO: task hung in _rcu_barrier	C	1	604d	445d	0/3	public: reported C repro on 2019/04/14 08:51
linux-4.14	INFO: task hung in _rcu_barrier		3	51d	83d	0/1	upstream: reported on 2020/04/09 13:08
upstream	INFO: task hung in _rcu_barrier		3	626d	668d	0/17	auto-closed as invalid on 2019/04/13 07:47

Sample crash report:

INFO: task kworker/u4:0:5 blocked for more than 140 seconds.
      Not tainted 4.14.71+ #8
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:0    D26032     5      2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
 _rcu_barrier+0x27b/0x3f0 kernel/rcu/tree.c:3594
 netdev_run_todo+0x112/0x750 net/core/dev.c:7865
 vti6_exit_net+0x35f/0x4e0 net/ipv6/ip6_vti.c:1122
 ops_exit_list.isra.3+0xa8/0x150 net/core/net_namespace.c:142
 cleanup_net+0x3e9/0x880 net/core/net_namespace.c:483
 process_one_work+0x86e/0x15c0 kernel/workqueue.c:2114
 worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task kworker/1:4:5499 blocked for more than 140 seconds.
      Not tainted 4.14.71+ #8
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:4     D27136  5499      2 0x80000000
Workqueue: events key_garbage_collector
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
 __wait_rcu_gp+0x250/0x3a0 kernel/rcu/update.c:413
 synchronize_rcu.part.43+0xd2/0xe0 kernel/rcu/tree_plugin.h:764
 key_garbage_collector+0x291/0x7c0 security/keys/gc.c:292
 process_one_work+0x86e/0x15c0 kernel/workqueue.c:2114
 worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task syz-executor3:28213 blocked for more than 140 seconds.
      Not tainted 4.14.71+ #8
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor3   D27480 28213   1847 0x00000004
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
 _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
 netdev_run_todo+0x112/0x750 net/core/dev.c:7865
 tun_detach drivers/net/tun.c:587 [inline]
 tun_chr_close+0x45/0x50 drivers/net/tun.c:2655
 __fput+0x25e/0x6f0 fs/file_table.c:210
 task_work_run+0x116/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x12e/0x150 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
 do_syscall_64+0x35d/0x4b0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x411151
RSP: 002b:00007ffd73f0bd50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000000000a RCX: 0000000000411151
RDX: 0000000000000000 RSI: 00000000007304d8 RDI: 0000000000000009
RBP: 0000000000000000 R08: 00000000000000a0 R09: ffffffffffffffff
R10: 000000000072bfa0 R11: 0000000000000293 R12: 0000000000000008
R13: 000000000005129e R14: 000000000000028d R15: badc0ffeebadface
INFO: task syz-executor0:28232 blocked for more than 140 seconds.
      Not tainted 4.14.71+ #8
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D24984 28232  22806 0x00000004
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
 _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
 netdev_run_todo+0x112/0x750 net/core/dev.c:7865
 rtnl_unlock net/core/rtnetlink.c:106 [inline]
 rtnetlink_rcv_msg+0x3c8/0xb30 net/core/rtnetlink.c:4257
 netlink_rcv_skb+0x130/0x390 net/netlink/af_netlink.c:2432
 netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
 netlink_unicast+0x46d/0x620 net/netlink/af_netlink.c:1312
 netlink_sendmsg+0x664/0xbe0 net/netlink/af_netlink.c:1877
 sock_sendmsg_nosec net/socket.c:645 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:655
 ___sys_sendmsg+0x741/0x890 net/socket.c:2061
 __sys_sendmsg+0xca/0x170 net/socket.c:2095
 SYSC_sendmsg net/socket.c:2106 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2102
 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457679
RSP: 002b:00007f613bc13c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f613bc146d4 RCX: 0000000000457679
RDX: 0000000000000800 RSI: 0000000020000080 RDI: 0000000000000006
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d5890 R14: 00000000004c39ba R15: 0000000000000000

Showing all locks held in the system:
4 locks held by kworker/u4:0/5:
 #0:  ("%s""netns"){+.+.}, at: [<ffffffffad7275d7>] process_one_work+0x787/0x15c0 kernel/workqueue.c:2085
 #1:  (net_cleanup_work){+.+.}, at: [<ffffffffad72760f>] process_one_work+0x7bf/0x15c0 kernel/workqueue.c:2089
 #2:  (net_mutex){+.+.}, at: [<ffffffffae8db58c>] cleanup_net+0x14c/0x880 net/core/net_namespace.c:449
 #3:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffad8481ab>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
1 lock held by khungtaskd/23:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffffad801e67>] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by rs:main Q:Reg/1631:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffffadbbd162>] __fdget_pos+0xa2/0xc0 fs/file.c:768
 #1:  (sb_writers#4){.+.+}, at: [<ffffffffadb5ba57>] file_start_write include/linux/fs.h:2722 [inline]
 #1:  (sb_writers#4){.+.+}, at: [<ffffffffadb5ba57>] vfs_write+0x3d7/0x4d0 fs/read_write.c:545
2 locks held by getty/1761:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffffae3245e0>] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffae31fb5f>] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
2 locks held by kworker/1:4/5499:
 #0:  ("events"){+.+.}, at: [<ffffffffad7275d7>] process_one_work+0x787/0x15c0 kernel/workqueue.c:2085
 #1:  (key_gc_work){+.+.}, at: [<ffffffffad72760f>] process_one_work+0x7bf/0x15c0 kernel/workqueue.c:2089
1 lock held by syz-executor3/28213:
 #0:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffad8481ab>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
1 lock held by syz-executor0/28232:
 #0:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffad8481ab>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.71+ #8
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x11b lib/dump_stack.c:53
 nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x574/0xa70 kernel/hung_task.c:252
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 28158 Comm: syz-executor2 Not tainted 4.14.71+ #8
task: ffff8801a12b5e00 task.stack: ffff880181570000
RIP: 0033:0x401574
RSP: 002b:00007f4338931690 EFLAGS: 00000206
RAX: 000000001bd04955 RBX: 0000000000000007 RCX: 0000000000457679
RDX: 0000000000000000 RSI: 00007f43389316c0 RDI: 0000000000000007
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d7cf0 R14: 00000000004c49b7 R15: 0000000000000000
FS:  00007f4338932700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000e12978 CR3: 000000018493a002 CR4: 00000000001606a0

Crashes (13):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-android-414-kasan-gce-root	2018/09/24 10:34	android-4.14	666c420f	e029c3e0	.config	log	report	davem@davemloft.net, herbert@gondor.apana.org.au, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/23 18:03	android-4.14	666c420f	37079712	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/23 03:56	android-4.14	666c420f	37079712	.config	log	report	davem@davemloft.net, herbert@gondor.apana.org.au, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/22 05:32	android-4.14	666c420f	37079712	.config	log	report	aryabinin@virtuozzo.com, davem@davemloft.net, ebiederm@xmission.com, edumazet@google.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/09 22:35	android-4.14	b859aa7d	6b5120a4	.config	log	report	ast@kernel.org, daniel@iogearbox.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/09 20:22	android-4.14	b859aa7d	6b5120a4	.config	log	report	ast@kernel.org, daniel@iogearbox.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/09 20:00	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, ebiederm@xmission.com, edumazet@google.com, gregkh@linuxfoundation.org, ktkhai@virtuozzo.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, nicolas.dichtel@6wind.com
ci-android-414-kasan-gce-root	2018/09/09 19:02	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/09 11:54	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/08 23:38	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/07 13:38	android-4.14	b859aa7d	69cfeb80	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/07 03:09	android-4.14	b859aa7d	e30d3b52	.config	log	report	aryabinin@virtuozzo.com, davem@davemloft.net, ebiederm@xmission.com, edumazet@google.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/05 14:54	android-4.14	36b4801b	196410e4	.config	log	report	ast@kernel.org, daniel@iogearbox.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org