INFO: task hung in p9_fd

INFO: task hung in p9_fd_close
Status: upstream: reported C repro on 2019/08/19 15:52
Reported-by: syzbot+cb1a7299534706f76d88@syzkaller.appspotmail.com
First crash: 628d, last: 22d

similar bugs (3):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in p9_fd_close	C	error	error	136	2d19h	617d	0/22	upstream: reported C repro on 2019/08/30 19:28
linux-4.14	INFO: task hung in p9_fd_close	C		inconclusive	52	24d	636d	0/1	upstream: reported C repro on 2019/08/11 15:06
upstream	INFO: task can't die in p9_fd_close	C	done		19	18d	255d	0/22	upstream: reported C repro on 2020/08/26 10:38

Sample crash report:

INFO: task syz-executor239:8097 blocked for more than 140 seconds.
      Not tainted 4.19.179-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor239 D28072  8097   8086 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common+0x29c/0x470 kernel/sched/completion.c:115
 __flush_work+0x4bb/0x8b0 kernel/workqueue.c:2925
 __cancel_work_timer+0x412/0x590 kernel/workqueue.c:3012
 p9_conn_destroy net/9p/trans_fd.c:899 [inline]
 p9_fd_close+0x29c/0x520 net/9p/trans_fd.c:934
 p9_client_create+0x901/0x12e0 net/9p/client.c:1084
 v9fs_session_init+0x1dd/0x1770 fs/9p/v9fs.c:421
 v9fs_mount+0x73/0x910 fs/9p/vfs_super.c:135
 mount_fs+0xa3/0x310 fs/super.c:1261
 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x113c/0x2f10 fs/namespace.c:2799
 ksys_mount+0xcf/0x130 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xba/0x150 fs/namespace.c:3026
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x445c39
Code: Bad RIP value.
RSP: 002b:00007f949bc47308 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00000000004cb518 RCX: 0000000000445c39
RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000
RBP: 00000000004cb510 R08: 00000000200001c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb51c
R13: 000000000049b07c R14: 64663d736e617274 R15: 0000000000022000

Showing all locks held in the system:
2 locks held by kworker/0:1/14:
 #0: 0000000094edc173 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2123
 #1: 00000000335ecea8 ((work_completion)(&m->rq)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2127
1 lock held by khungtaskd/1567:
 #0: 00000000aa0a327e (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x991/0xe60 kernel/hung_task.c:287
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4691 Comm: systemd-journal Not tainted 4.19.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:149 [inline]
RIP: 0010:unwind_next_frame+0x231/0x1c60 arch/x86/kernel/unwind_orc.c:422
Code: ff 39 d6 0f 83 df 10 00 00 48 ba 00 00 00 00 00 fc ff df 41 89 f0 4a 8d 3c 85 f8 27 17 8c 49 89 f9 49 c1 e9 03 45 0f b6 0c 11 <48> 89 fa 83 e2 07 83 c2 03 44 38 ca 7c 32 45 84 c9 74 2d 4c 89 44
RSP: 0018:ffff8880a0effa08 EFLAGS: 00000a07
RAX: 0000000000000000 RBX: 1ffff110141dff49 RCX: ffffffff8197d35f
RDX: dffffc0000000000 RSI: 00000000000097d3 RDI: ffffffff8c198744
RBP: 0000000000000001 R08: 00000000000097d3 R09: 0000000000000000
R10: 0000000000074071 R11: 0000000000000001 R12: ffff8880a0effb38
R13: ffff8880a0effb25 R14: ffff8880a0effb28 R15: ffff8880a0effaf0
FS:  00007f7ba8b8d8c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7ba5f61578 CR3: 00000000a0ce8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x110/0x370 mm/slab.c:3557
 getname_flags+0xce/0x590 fs/namei.c:140
 do_sys_open+0x26c/0x520 fs/open.c:1079
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f7ba811d840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffd2aa1a738 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ffd2aa1aa40 RCX: 00007f7ba811d840
RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 00005564bef656d0
RBP: 000000000000000d R08: 000000000000ffc0 R09: 00000000ffffffff
R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00005564bef58040 R14: 00007ffd2aa1aa00 R15: 00005564bef65720

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro
ci2-linux-4-19	2021/02/25 02:46	linux-4.19.y	2d19be46	65a7a854	.config	log	report	syz
ci2-linux-4-19	2020/09/25 22:37	linux-4.19.y	d09b8017	a60cb4cd	.config	log		syz
ci2-linux-4-19	2020/07/11 05:32	linux-4.19.y	dce0f886	a60cb4cd	.config	log		syz
ci2-linux-4-19	2020/06/01 07:35	linux-4.19.y	2d16cf48	a60cb4cd	.config	log		syz
ci2-linux-4-19	2020/04/14 19:09	linux-4.19.y	6dd0e326	a60cb4cd	.config	log		syz
ci2-linux-4-19	2020/02/26 04:13	linux-4.19.y	f25804f3	a60cb4cd	.config	log	report	syz
ci2-linux-4-19	2020/01/02 17:16	linux-4.19.y	c7ecf3e3	a60cb4cd	.config	log		syz

Crashes (47):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-linux-4-19	2021/03/08 12:56	linux-4.19.y	2cae3e25	09fbf400	.config	log	report	syz	C		INFO: task hung in p9_fd_close
ci2-linux-4-19	2021/01/15 14:40	linux-4.19.y	675cc038	65a7a854	.config	log	report	syz
ci2-linux-4-19	2021/01/01 07:19	linux-4.19.y	3207316b	79264ae3	.config	log	report	syz
ci2-linux-4-19	2020/12/30 21:16	linux-4.19.y	3207316b	ecb8c012	.config	log	report	syz
ci2-linux-4-19	2020/12/28 09:36	linux-4.19.y	13d2ce42	2242f77f	.config	log	report	syz
ci2-linux-4-19	2020/12/28 01:58	linux-4.19.y	13d2ce42	2242f77f	.config	log	report	syz
ci2-linux-4-19	2020/12/24 14:01	linux-4.19.y	13d2ce42	c2c1d1dd	.config	log	report	syz
ci2-linux-4-19	2020/12/16 18:00	linux-4.19.y	13d2ce42	649595c6	.config	log	report	syz
ci2-linux-4-19	2020/11/28 18:23	linux-4.19.y	0c88e405	3c7136c0	.config	log	report	syz
ci2-linux-4-19	2019/09/09 18:06	linux-4.19.y	e7d2672c	a60cb4cd	.config	log	report	syz
ci2-linux-4-19	2019/08/29 13:30	linux-4.19.y	97ab07e1	cd626f3b	.config	log	report	syz
ci2-linux-4-19	2021/04/17 03:38	linux-4.19.y	2965db2e	7e2b734b	.config	log	report			info	INFO: task hung in p9_fd_close
ci2-linux-4-19	2021/03/28 23:45	linux-4.19.y	78fec161	a8529b82	.config	log	report			info	INFO: task hung in p9_fd_close
ci2-linux-4-19	2021/03/24 21:10	linux-4.19.y	78fec161	607e3baf	.config	log	report			info	INFO: task hung in p9_fd_close
ci2-linux-4-19	2021/03/01 20:22	linux-4.19.y	2d19be46	183afb6c	.config	log	report			info	INFO: task hung in p9_fd_close
ci2-linux-4-19	2021/01/03 06:42	linux-4.19.y	3207316b	79264ae3	.config	log	report			info
ci2-linux-4-19	2021/01/01 12:43	linux-4.19.y	3207316b	79264ae3	.config	log	report			info
ci2-linux-4-19	2020/11/17 19:16	linux-4.19.y	31acccdc	bd2a760b	.config	log	report			info
ci2-linux-4-19	2020/11/13 12:38	linux-4.19.y	31acccdc	4a7fa9b4	.config	log	report			info
ci2-linux-4-19	2020/10/18 17:28	linux-4.19.y	ad326970	fea47c01	.config	log	report			info
ci2-linux-4-19	2020/08/26 21:39	linux-4.19.y	f6d5cb9e	318430cb	.config	log	report
ci2-linux-4-19	2020/08/04 01:38	linux-4.19.y	13af6c74	96dd3623	.config	log	report
ci2-linux-4-19	2020/06/11 04:46	linux-4.19.y	3fc89857	3ab7a05a	.config	log	report
ci2-linux-4-19	2020/05/02 07:01	linux-4.19.y	76567537	bc734e7a	.config	log	report
ci2-linux-4-19	2020/04/15 07:21	linux-4.19.y	6dd0e326	3f3c5574	.config	log	report
ci2-linux-4-19	2020/03/15 18:33	linux-4.19.y	56920971	749688d2	.config	log	report
ci2-linux-4-19	2020/02/26 17:59	linux-4.19.y	f25804f3	251aabb7	.config	log	report
ci2-linux-4-19	2020/01/27 03:17	linux-4.19.y	d183c8e2	dd56146d	.config	log	report
ci2-linux-4-19	2020/01/17 17:10	linux-4.19.y	db5b9190	3de7aabb	.config	log	report
ci2-linux-4-19	2020/01/15 09:31	linux-4.19.y	db5b9190	fa12bd3c	.config	log	report
ci2-linux-4-19	2020/01/15 00:49	linux-4.19.y	db5b9190	fa12bd3c	.config	log	report
ci2-linux-4-19	2020/01/14 16:13	linux-4.19.y	dcd88898	32881205	.config	log	report
ci2-linux-4-19	2020/01/09 12:00	linux-4.19.y	cb1f9a16	ddc3e859	.config	log	report
ci2-linux-4-19	2020/01/09 08:47	linux-4.19.y	3d40d711	ddc3e859	.config	log	report
ci2-linux-4-19	2019/12/03 16:24	linux-4.19.y	174651bd	ab342da3	.config	log	report
ci2-linux-4-19	2019/11/25 09:25	linux-4.19.y	14260788	598ca6c8	.config	log	report
ci2-linux-4-19	2019/11/20 12:27	linux-4.19.y	c555efaf	432c7650	.config	log	report
ci2-linux-4-19	2019/11/19 00:07	linux-4.19.y	c555efaf	d5696d51	.config	log	report
ci2-linux-4-19	2019/11/18 08:11	linux-4.19.y	c555efaf	d5696d51	.config	log	report
ci2-linux-4-19	2019/11/17 03:38	linux-4.19.y	c555efaf	cdac920b	.config	log	report
ci2-linux-4-19	2019/11/04 04:34	linux-4.19.y	ef244c30	b35fad31	.config	log	report
ci2-linux-4-19	2019/11/02 18:25	linux-4.19.y	ef244c30	997ccc67	.config	log	report
ci2-linux-4-19	2019/10/07 06:59	linux-4.19.y	6cad9d0c	f3f7d9c8	.config	log	report
ci2-linux-4-19	2019/09/14 18:40	linux-4.19.y	ee809c7e	32d59357	.config	log	report
ci2-linux-4-19	2019/09/09 13:15	linux-4.19.y	e7d2672c	a60cb4cd	.config	log	report
ci2-linux-4-19	2019/08/21 19:29	linux-4.19.y	a5aa8058	4ea67ff8	.config	log	report
ci2-linux-4-19	2019/08/19 14:51	linux-4.19.y	a5aa8058	b8ceabfc	.config	log	report