INFO: task hung in _rcu

INFO: task hung in _rcu_barrier
Status: auto-closed as invalid on 2019/03/23 10:41
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 378d, last: 359d

similar bugs (3):
Kernel	Title	Repro	Count	Last	Reported	Patched	Status
android-414	INFO: task hung in _rcu_barrier (2)		2	89d	101d	0/1	public: reported on 2019/06/09 12:34
android-49	INFO: task hung in _rcu_barrier	C	1	317d	157d	0/3	public: reported C repro on 2019/04/14 08:51
upstream	INFO: task hung in _rcu_barrier		3	338d	380d	0/13	auto-closed as invalid on 2019/04/13 07:47

Sample crash report:

F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
INFO: task kworker/0:1:22 blocked for more than 140 seconds.
      Not tainted 4.14.67+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:1     D27184    22      2 0x80000000
Workqueue: events bpf_map_free_deferred
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_timeout+0x710/0xe60 kernel/time/timer.c:1718
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
 _rcu_barrier+0x27b/0x3f0 kernel/rcu/tree.c:3594
 htab_map_free+0x20/0x3f0 kernel/bpf/hashtab.c:1138
 process_one_work+0x86e/0x15c0 kernel/workqueue.c:2114
 worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task kworker/0:3:5750 blocked for more than 140 seconds.
      Not tainted 4.14.67+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:3     D29056  5750      2 0x80000000
Workqueue: events bpf_map_free_deferred
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
 _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
 htab_map_free+0x20/0x3f0 kernel/bpf/hashtab.c:1138
 process_one_work+0x86e/0x15c0 kernel/workqueue.c:2114
 worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task kworker/u4:14:12784 blocked for more than 140 seconds.
      Not tainted 4.14.67+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:14   D28728 12784      2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
 _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
 netdev_run_todo+0x112/0x750 net/core/dev.c:7865
 sit_exit_net+0x42f/0x600 net/ipv6/sit.c:1869
 ops_exit_list.isra.3+0xa8/0x150 net/core/net_namespace.c:142
 cleanup_net+0x3e9/0x880 net/core/net_namespace.c:483
 process_one_work+0x86e/0x15c0 kernel/workqueue.c:2114
 worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task syz-executor0:15429 blocked for more than 140 seconds.
      Not tainted 4.14.67+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D29016 15429   2034 0x00000004
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
 _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
 netdev_run_todo+0x112/0x750 net/core/dev.c:7865
 tun_detach drivers/net/tun.c:595 [inline]
 tun_chr_close+0x45/0x50 drivers/net/tun.c:2662
 __fput+0x25e/0x6f0 fs/file_table.c:210
 task_work_run+0x116/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x12e/0x150 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
 do_syscall_64+0x35d/0x4b0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x410c51
RSP: 002b:00007ffd55dca460 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000410c51
RDX: 0000000000000000 RSI: 0000000000730e78 RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffffffffff
R10: 00000000009300a0 R11: 0000000000000293 R12: 0000000000000006
R13: 000000000004906b R14: 000000000000010c R15: badc0ffeebadface

Showing all locks held in the system:
3 locks held by kworker/0:1/22:
 #0:  ("events"){+.+.}, at: [<ffffffffa0d27137>] process_one_work+0x787/0x15c0 kernel/workqueue.c:2085
 #1:  ((&map->work)){+.+.}, at: [<ffffffffa0d2716f>] process_one_work+0x7bf/0x15c0 kernel/workqueue.c:2089
 #2:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffa0e47b5b>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
1 lock held by khungtaskd/23:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffffa0e01847>] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by rs:main Q:Reg/1853:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffffa11bcab2>] __fdget_pos+0xa2/0xc0 fs/file.c:768
 #1:  (sb_writers#3){.+.+}, at: [<ffffffffa115b3d7>] file_start_write include/linux/fs.h:2722 [inline]
 #1:  (sb_writers#3){.+.+}, at: [<ffffffffa115b3d7>] vfs_write+0x3d7/0x4d0 fs/read_write.c:545
2 locks held by getty/1951:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffffa191c500>] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffa1917a7f>] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
3 locks held by kworker/0:3/5750:
 #0:  ("events"){+.+.}, at: [<ffffffffa0d27137>] process_one_work+0x787/0x15c0 kernel/workqueue.c:2085
 #1:  ((&map->work)){+.+.}, at: [<ffffffffa0d2716f>] process_one_work+0x7bf/0x15c0 kernel/workqueue.c:2089
 #2:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffa0e47b5b>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
4 locks held by kworker/u4:14/12784:
 #0:  ("%s""netns"){+.+.}, at: [<ffffffffa0d27137>] process_one_work+0x787/0x15c0 kernel/workqueue.c:2085
 #1:  (net_cleanup_work){+.+.}, at: [<ffffffffa0d2716f>] process_one_work+0x7bf/0x15c0 kernel/workqueue.c:2089
 #2:  (net_mutex){+.+.}, at: [<ffffffffa1ed26dc>] cleanup_net+0x14c/0x880 net/core/net_namespace.c:449
 #3:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffa0e47b5b>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529
1 lock held by syz-executor0/15429:
 #0:  (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffffa0e47b5b>] _rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3529

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.67+ #3
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x11b lib/dump_stack.c:53
 nmi_cpu_backtrace.cold.0+0x18/0x8e lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x574/0xa70 kernel/hung_task.c:252
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 14493 Comm: syz-executor7 Not tainted 4.14.67+ #3
task: ffff8801a2fcc680 task.stack: ffff88019e4f8000
RIP: 0033:0x4023c4
RSP: 002b:00007f1bea193690 EFLAGS: 00000286
RAX: 00000000fb08a6d1 RBX: 0000000000000007 RCX: 0000000000457099
RDX: 0000000000000000 RSI: 00007f1bea1936c0 RDI: 0000000000000007
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d7008 R14: 00000000004ca112 R15: 0000000000000000
FS:  00007f1bea194700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2372d1e000 CR3: 00000001d2bf2006 CR4: 00000000001606a0

All crashes (13):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-android-414-kasan-gce-root	2018/09/05 14:54	android-4.14	36b4801b	196410e4	.config	log	report	ast@kernel.org, daniel@iogearbox.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/24 10:34	android-4.14	666c420f	e029c3e0	.config	log	report	davem@davemloft.net, herbert@gondor.apana.org.au, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/23 18:03	android-4.14	666c420f	37079712	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/23 03:56	android-4.14	666c420f	37079712	.config	log	report	davem@davemloft.net, herbert@gondor.apana.org.au, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/22 05:32	android-4.14	666c420f	37079712	.config	log	report	aryabinin@virtuozzo.com, davem@davemloft.net, ebiederm@xmission.com, edumazet@google.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/09 22:35	android-4.14	b859aa7d	6b5120a4	.config	log	report	ast@kernel.org, daniel@iogearbox.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/09 20:22	android-4.14	b859aa7d	6b5120a4	.config	log	report	ast@kernel.org, daniel@iogearbox.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org
ci-android-414-kasan-gce-root	2018/09/09 20:00	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, ebiederm@xmission.com, edumazet@google.com, gregkh@linuxfoundation.org, ktkhai@virtuozzo.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, nicolas.dichtel@6wind.com
ci-android-414-kasan-gce-root	2018/09/09 19:02	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/09 11:54	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/08 23:38	android-4.14	b859aa7d	6b5120a4	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/07 13:38	android-4.14	b859aa7d	69cfeb80	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-android-414-kasan-gce-root	2018/09/07 03:09	android-4.14	b859aa7d	e30d3b52	.config	log	report	aryabinin@virtuozzo.com, davem@davemloft.net, ebiederm@xmission.com, edumazet@google.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org