INFO: task hung in evdev

INFO: task hung in evdev_release
Status: upstream: reported syz repro on 2018/10/16 06:02
Reported-by: syzbot+a979743610b4755d4d57@syzkaller.appspotmail.com
First crash: 257d, last: 245d

Bisection: introduced by (bisect log):

commit e32d99af6830c9a8f37b4f2637ef0cdc60fa79fb
Author: Jerome Brunet <jbrunet@baylibre.com>
Date: Tue Jul 17 15:42:50 2018 +0000

ASoC: meson: add axg fifos DT binding documentation

Tree: upstream
Crash: INFO: task hung in evdev_release (log)
Repro: syz .config

similar bugs (1):
Kernel	Title	Repro	Bisected	Count	Last	Reported	Patched	Status
android-414	INFO: task hung in evdev_release			1	54d	54d	0/1	public: reported on 2019/05/03 04:41

Sample crash report:

team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
kworker/dying (307) used greatest stack depth: 14800 bytes left
INFO: task syz-executor0:17271 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc7+ #55
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D19016 17271  15650 0x80000002
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3575
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0xbe7/0x1700 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 evdev_release+0x8a/0x1e0 drivers/input/evdev.c:477
 __fput+0x385/0xa30 fs/file_table.c:278
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x1ad7/0x2610 kernel/exit.c:867
 do_group_exit+0x177/0x440 kernel/exit.c:970
 get_signal+0x8b0/0x1980 kernel/signal.c:2513
 do_signal+0x9c/0x21e0 arch/x86/kernel/signal.c:816
 exit_to_usermode_loop+0x2e5/0x380 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457519
Code: 44 0f 7f 41 b0 f3 44 0f 7f 49 c0 f3 44 0f 7f 51 d0 f3 44 0f 7f 59 e0 f3 44 0f 7f 61 f0 c3 48 89 f8 f3 0f 6f 2e f3 0f 6f 76 10 <48> 01 df f3 0f 6f 7e 20 f3 44 0f 6f 46 30 4c 8d 57 e0 49 89 fb f3
RSP: 002b:00007f6cd89eccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000072bfa8 RCX: 0000000000457519
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bfa8
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac
R13: 00007ffda1adeb1f R14: 00007f6cd89ed9c0 R15: 0000000000000001
INFO: task syz-executor1:19103 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc7+ #55
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1   D23568 19103  17558 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3575
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0xbe7/0x1700 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 evdev_close_device drivers/input/evdev.c:447 [inline]
 evdev_release+0xfe/0x1e0 drivers/input/evdev.c:488
 __fput+0x385/0xa30 fs/file_table.c:278
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x410ff1
Code: 30 48 89 4c 24 10 e8 8e 09 00 00 48 8b 44 24 28 48 89 04 24 48 8b 44 24 30 48 89 44 24 08 e8 36 5d 04 00 48 8b 6c 24 18 48 83 <c4> 20 c3 cc cc cc cc cc cc cc cc cc cc cc cc 64 48 8b 0c 25 f8 ff
RSP: 002b:00007ffe35943940 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000410ff1
RDX: 0000000000000000 RSI: 0000000000730488 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffe35943870 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 000000000000000e R15: 0000000000000001
INFO: task syz-executor2:19141 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc7+ #55
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2   D23568 19141  18263 0x00000006
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3575
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0xbe7/0x1700 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 evdev_close_device drivers/input/evdev.c:447 [inline]
 evdev_release+0xfe/0x1e0 drivers/input/evdev.c:488
 __fput+0x385/0xa30 fs/file_table.c:278
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
 get_signal+0x155e/0x1980 kernel/signal.c:2343
 do_signal+0x9c/0x21e0 arch/x86/kernel/signal.c:816
 exit_to_usermode_loop+0x2e5/0x380 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x410ff1
Code: 30 48 89 4c 24 10 e8 8e 09 00 00 48 8b 44 24 28 48 89 04 24 48 8b 44 24 30 48 89 44 24 08 e8 36 5d 04 00 48 8b 6c 24 18 48 83 <c4> 20 c3 cc cc cc cc cc cc cc cc cc cc cc cc 64 48 8b 0c 25 f8 ff
RSP: 002b:00007ffd4fba6dd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000410ff1
RDX: 0000000000000000 RSI: 0000000000730488 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffd4fba6d00 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000009 R15: 0000000000000002
INFO: lockdep is turned off.
NMI backtrace for cpu 0
CPU: 0 PID: 983 Comm: khungtaskd Not tainted 4.19.0-rc7+ #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.3+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1b3/0x1ed lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
 watchdog+0xb3e/0x1050 kernel/hung_task.c:265
 kthread+0x35a/0x420 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.0-rc7+ #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tick_nohz_update_jiffies kernel/time/tick-sched.c:502 [inline]
RIP: 0010:tick_nohz_irq_enter kernel/time/tick-sched.c:1232 [inline]
RIP: 0010:tick_irq_enter+0x279/0x3e0 kernel/time/tick-sched.c:1249
Code: 00 0f 84 02 01 00 00 e8 35 98 0d 00 48 89 df 57 9d 0f 1f 44 00 00 e8 d6 a6 13 00 e8 21 98 0d 00 e8 cc c1 0d 00 e9 1e fe ff ff <e8> 12 98 0d 00 e8 9d 16 1c 02 31 c9 4c 89 f2 48 89 de 89 c7 e8 2e
RSP: 0018:ffff8801daf07c98 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffff8801daf26460 RCX: ffffffff81713bf5
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffff8801daf07cc8 R08: ffff8801d9b103c0 R09: 000000000000000a
R10: fffffbfff145fa09 R11: 0000000000000001 R12: 0000000000000017
R13: ffff8801daf264ac R14: 000000deb5875cd2 R15: 0000000000000004
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 00000001bf8a0000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 irq_enter+0xbd/0xe0 kernel/softirq.c:353
 scheduler_ipi+0x3d0/0xad0 kernel/sched/core.c:1770
 smp_reschedule_interrupt+0x109/0x650 arch/x86/kernel/smp.c:278
 reschedule_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:888
 </IRQ>
RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:57
Code: e9 2c ff ff ff 48 89 c7 48 89 45 d8 e8 63 eb 11 fa 48 8b 45 d8 e9 ca fe ff ff 48 89 df e8 52 eb 11 fa eb 82 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90
RSP: 0018:ffff8801d9b1fc30 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff02
RAX: dffffc0000000000 RBX: 1ffff1003b363f8a RCX: ffffffff8184e1ca
RDX: 1ffffffff1263e54 RSI: ffffffff8184e1e4 RDI: ffffffff8931f2a0
RBP: ffff8801d9b1fc30 R08: ffff8801d9b103c0 R09: ffffed003b5e4732
R10: ffffed003b5e4732 R11: ffff8801daf23993 R12: ffff8801d9b1fcf0
R13: ffffffff89f3bee0 R14: 0000000000000000 R15: 0000000000000001
 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
 default_idle+0xbf/0x490 arch/x86/kernel/process.c:498
 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:489
 default_idle_call+0x6d/0x90 kernel/sched/idle.c:93
 cpuidle_idle_call kernel/sched/idle.c:153 [inline]
 do_idle+0x3db/0x5b0 kernel/sched/idle.c:262
 cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368
 start_secondary+0x447/0x5f0 arch/x86/kernel/smpboot.c:271
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243

All crashes (7):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Maintainers
ci-upstream-kasan-gce-smack-root	2018/10/12 07:02	upstream	9dcd936c	ba6ddb43	.config	log	report	syz	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org
ci-upstream-kasan-gce	2018/10/23 15:00	upstream	58a02287	24fa2ad8	.config	log	report	syz	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org
ci-upstream-kasan-gce-selinux-root	2018/10/12 06:29	upstream	0778a9f2	ba6ddb43	.config	log	report	syz	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org
ci-upstream-kasan-gce	2018/10/12 00:55	upstream	9dcd936c	ba6ddb43	.config	log	report	syz	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org
ci-upstream-kasan-gce-386	2018/10/12 02:02	upstream	9dcd936c	ba6ddb43	.config	log	report	syz	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org
ci-upstream-linux-next-kasan-gce-root	2018/10/11 22:47	linux-next	771b65e8	ba6ddb43	.config	log	report	syz	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org
ci-upstream-linux-next-kasan-gce-root	2018/10/11 20:27	linux-next	771b65e8	ba6ddb43	.config	log	report		dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, rydberg@bitmath.org