[syzbot] [kernel?] INFO: task hung in __fput

[syzbot <syzbot+5014f30b0de0d4b77ae3@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    d082ecbc71e9 Linux 6.14-rc4
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=164ae7a4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8de9cc84d5960254
dashboard link: https://syzkaller.appspot.com/bug?extid=5014f30b0de0d4b77ae3
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=114ae7a4580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2538edcc866d/disk-d082ecbc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fe2b2d244cf7/vmlinux-d082ecbc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/471967bae80b/bzImage-d082ecbc.xz

The issue was bisected to:

commit 616db8779b1e3f93075df691432cccc5ef3c3ba0
Author: Tejun Heo <tj@kernel.org>
Date:   Thu May 18 03:02:08 2023 +0000

    workqueue: Automatically mark CPU-hogging work items CPU_INTENSIVE

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1217e7a4580000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=1117e7a4580000
console output: https://syzkaller.appspot.com/x/log.txt?x=1617e7a4580000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5014f30b0de0d4b77ae3@syzkaller.appspotmail.com
Fixes: 616db8779b1e ("workqueue: Automatically mark CPU-hogging work items CPU_INTENSIVE")

INFO: task syz.0.22:6033 blocked for more than 152 seconds.
      Not tainted 6.14.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.22        state:D stack:25656 pid:6033  tgid:6033  ppid:5937   task_flags:0x400040 flags:0x00000004
 <TASK>
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_timeout+0xb0/0x290 kernel/time/sleep_timeout.c:75
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4362
 uhid_dev_destroy drivers/hid/uhid.c:584 [inline]
 uhid_char_release+0xac/0x600 drivers/hid/uhid.c:662
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0f6998d169
RSP: 002b:00007ffe4cd3e698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 0000000000019525 RCX: 00007f0f6998d169
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f0f69ba7ba0 R08: 0000000000000001 R09: 000000024cd3e98f
R10: 00007f0f69800000 R11: 0000000000000246 R12: 00007f0f69ba5fac
R13: 00007f0f69ba5fa0 R14: ffffffffffffffff R15: 00007ffe4cd3e7b0
 </TASK>
INFO: task syz.2.18:6035 blocked for more than 156 seconds.
      Not tainted 6.14.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.18        state:D stack:25984 pid:6035  tgid:6035  ppid:5945   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x18bc/0x4c40 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_timeout+0xb0/0x290 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
 __flush_work+0xa47/0xc60 kernel/workqueue.c:4242
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
RIP: 0033:0x7f4cedb8d169
RAX: 0000000000000000 RBX: 0000000000019540 RCX: 00007f4cedb8d169
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f4cedda7ba0 R08: 0000000000000001 R09: 0000000243e0cb6f
R10: 00007f4ceda00000 R11: 0000000000000246 R12: 00007f4cedda5fac
      Not tainted 6.14.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.17        state:D
 stack:25984 pid:6037  tgid:6037  ppid:5940   task_flags:0x400040 flags:0x00000004
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x18bc/0x4c40 kernel/sched/core.c:6765


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup