INFO: task hung in corrupted (2)

INFO: task hung in corrupted (2)
Status: upstream: reported C repro on 2020/06/01 11:30
Reported-by: syzbot+6921abfb75d6fc79c0eb@syzkaller.appspotmail.com
First crash: 118d, last: 18d

Cause bisection: introduced by (bisect log):

commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

usb: gadget: add raw-gadget interface

Crash: INFO: task hung in fsnotify_mark_destroy_workfn (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Bisected	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in corrupted	syz		1	788d	788d	0/17	closed as invalid on 2018/07/29 11:55
android-44	INFO: task hung in corrupted	syz		1	511d	511d	0/2	public: reported syz repro on 2019/05/02 02:15

Sample crash report:

INFO: task syz-executor531:6843 blocked for more than 143 seconds.
      Not tainted 5.9.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor531 state:D stack:24864 pid: 6843 ppid:  6842 flags:0x00004000
Call Trace:
 context_switch kernel/sched/core.c:3778 [inline]
 __schedule+0x9b9/0xd20 kernel/sched/core.c:4527

Showing all locks held in the system:
1 lock held by khungtaskd/1169:
 #0: ffffffff894fe510 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151
1 lock held by in:imklog/6525:
 #0: ffff88809cfd98f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x253/0x2f0 fs/file.c:930
1 lock held by syz-executor531/6843:
 #0: ffff8880850e8210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline]
 #0: ffff8880850e8210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release net/socket.c:595 [inline]
 #0: ffff8880850e8210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: sock_close+0x94/0x260 net/socket.c:1277
3 locks held by kworker/0:1/6904:
 #0: ffff8880aa463d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 kernel/workqueue.c:2242
 #1: ffffc90005447d80 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2244
 #2: ffff8880978be8d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x111/0x150 net/tls/tls_sw.c:2251

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1169 Comm: khungtaskd Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d6/0x29e lib/dump_stack.c:118
 nmi_cpu_backtrace+0x9f/0x180 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd65/0xdb0 kernel/hung_task.c:295
 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3901 Comm: systemd-journal Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:iterate_groups kernel/sched/psi.c:750 [inline]
RIP: 0010:psi_task_change+0x1a7/0x350 kernel/sched/psi.c:806
Code: 89 48 39 c5 0f 84 a6 00 00 00 48 81 c5 38 01 00 00 eb 1b 41 80 3c 1f 00 48 8b 2c 24 74 08 48 89 ef e8 ed 16 5c 00 48 8b 6d 00 <48> 83 c5 78 48 89 e8 48 c1 e8 03 80 3c 18 00 74 08 48 89 ef e8 d0
RSP: 0018:ffffc90000007c08 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 0000000000000106 RDI: ffff8880a8f34000
RBP: ffffffff89509840 R08: dffffc0000000000 R09: fffffbfff131e2ce
R10: fffffbfff131e2ce R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffff8880a8f35001 R15: 1ffff110151e6a2a
FS:  00007ff3346158c0(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff3319bb000 CR3: 000000009283f000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 psi_enqueue kernel/sched/stats.h:82 [inline]
 enqueue_task kernel/sched/core.c:1572 [inline]
 activate_task+0x203/0x300 kernel/sched/core.c:1595
 ttwu_do_activate kernel/sched/core.c:2510 [inline]
 ttwu_queue kernel/sched/core.c:2700 [inline]
 try_to_wake_up+0x857/0xbb0 kernel/sched/core.c:2978
 __queue_work+0x8b3/0xbb0 kernel/workqueue.c:1491
 call_timer_fn+0x91/0x160 kernel/time/timer.c:1413
 expire_timers kernel/time/timer.c:1453 [inline]
 __run_timers+0x6ad/0x830 kernel/time/timer.c:1755
 run_timer_softirq+0x46/0x80 kernel/time/timer.c:1768
 __do_softirq+0x256/0x6d5 kernel/softirq.c:298
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x91/0xe0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu+0x21f/0x230 kernel/softirq.c:423
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0xd5/0xf0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:770 [inline]
RIP: 0010:lock_acquire+0x195/0x6f0 kernel/locking/lockdep.c:5009
Code: c1 e8 03 80 3c 18 00 74 0c 48 c7 c7 b8 17 4d 89 e8 30 d7 5a 00 48 83 3d c0 2e f3 07 00 0f 84 fc 04 00 00 48 8b 7c 24 08 57 9d <0f> 1f 44 00 00 65 48 8b 04 25 28 00 00 00 48 3b 44 24 48 0f 85 d3
RSP: 0018:ffffc90004b67e78 EFLAGS: 00000286
RAX: 1ffffffff129a2f7 RBX: dffffc0000000000 RCX: e668264dc84383e6
RDX: dffffc0000000000 RSI: ffff8880a9542b28 RDI: 0000000000000286
RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff167d899
R10: fffffbfff167d899 R11: 0000000000000000 R12: ffff8880a9542b24
R13: 0000000000000000 R14: ffffffff894fe510 R15: 1ffff110152a8564
 rcu_lock_acquire+0x2a/0x30 include/linux/rcupdate.h:241
 rcu_read_lock include/linux/rcupdate.h:634 [inline]
 __task_pid_nr_ns+0x27/0x3a0 kernel/pid.c:496
 task_tgid_vnr include/linux/sched.h:1417 [inline]
 __do_sys_getpid+0x1a/0x20 kernel/sys.c:907
 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7ff3338aef17
Code: ff ff ff 48 8b 4d a0 0f b7 51 fe 48 8b 4d a8 66 89 54 08 fe e9 1a ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
RSP: 002b:00007ffd3d173368 EFLAGS: 00000202 ORIG_RAX: 0000000000000027
RAX: ffffffffffffffda RBX: 00005593993801e0 RCX: 00007ff3338aef17
RDX: 00000000ffffffff RSI: 00007ffd3d1733f0 RDI: 00005593993801e0
RBP: 0000000000000f3d R08: 00007ffd3d1a0080 R09: 0000000000000000
R10: 00007ffd3d1a00a8 R11: 0000000000000202 R12: 00007ffd3d1733f0
R13: 00007ffd3d1733e8 R14: 0000559397b50958 R15: 0005aea16ea7bed6

Crashes (14):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce-smack-root	2020/09/06 09:09	upstream	9322c47b	abf9ba4f	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/09/03 01:32	upstream	9c7d619b	abf9ba4f	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/09/01 12:31	upstream	b51594df	d5a3ae1f	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/08/30 20:51	upstream	1127b219	d5a3ae1f	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/08/29 19:09	upstream	4d41ead6	d5a3ae1f	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/08/24 04:33	upstream	cb957121	cef5ae68	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/08/11 05:15	upstream	fc80c51f	7adc7b65	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/08/09 13:45	upstream	06a81c1c	f721e4a0	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/07/05 06:18	upstream	7cc2a8ea	51095195	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/07/05 02:27	upstream	7cc2a8ea	51095195	.config	log	report	syz	C	bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/05/28 11:24	upstream	b0c3ba31	142a0957	.config	log	report	syz	C	davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, mathew.j.martineau@linux.intel.com, matthieu.baerts@tessares.net, mptcp@lists.01.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-smack-root	2020/09/04 08:49	upstream	e28f0104	abf9ba4f	.config	log	report	syz		davem@davemloft.net, kuba@kernel.org, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-kasan-gce-smack-root	2020/07/26 21:34	upstream	04300d66	51265195	.config	log	report	syz		bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-kasan-gce-smack-root	2020/07/15 17:38	upstream	e9919e11	f3bec699	.config	log	report	syz		bhelgaas@google.com, bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org