Re: [syzbot] [block?] INFO: task hung in bdev_open

[syzbot <syzbot+5c6179f2c4f1e111df11@syzkaller.appspotmail.com>]

syzbot has found a reproducer for the following issue on:

HEAD commit:    9f35e33144ae x86/its: Fix build errors when CONFIG_MODULES=n
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10639af4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bc44e21a0b824ef8
dashboard link: https://syzkaller.appspot.com/bug?extid=5c6179f2c4f1e111df11
compiler:       Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=115c4e70580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=166c2f68580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0143554b1db5/disk-9f35e331.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ccf3a30abae2/vmlinux-9f35e331.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6e205d989271/bzImage-9f35e331.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5c6179f2c4f1e111df11@syzkaller.appspotmail.com

INFO: task udevd:5194 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D stack:24824 pid:5194  tgid:5194  ppid:1      task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x724/0xe80 kernel/locking/mutex.c:746
 bdev_open+0xe0/0xd30 block/bdev.c:945
 blkdev_open+0x3a8/0x510 block/fops.c:652
 do_dentry_open+0xdf3/0x1970 fs/open.c:956
 vfs_open+0x3b/0x340 fs/open.c:1086
 do_open fs/namei.c:3880 [inline]
 path_openat+0x2ee5/0x3830 fs/namei.c:4039
 do_filp_open+0x1fa/0x410 fs/namei.c:4066
 do_sys_openat2+0x121/0x1c0 fs/open.c:1429
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_openat fs/open.c:1460 [inline]
 __se_sys_openat fs/open.c:1455 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1455
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdfe28a7407
RSP: 002b:00007ffefe105d00 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fdfe2f55880 RCX: 00007fdfe28a7407
RDX: 00000000000a0800 RSI: 000056326f6fe3e0 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 000056324ea0e100 R14: 0000000000000000 R15: 00007ffefe105f90
 </TASK>
INFO: task syz-executor268:5876 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor268 state:D stack:27096 pid:5876  tgid:5872  ppid:5852   task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x724/0xe80 kernel/locking/mutex.c:746
 bdev_release+0x1a9/0x650 block/bdev.c:1128
 blkdev_release+0x15/0x20 block/fops.c:660
 __fput+0x44c/0xa70 fs/file_table.c:465
 task_work_run+0x1d4/0x260 kernel/task_work.c:227
 ptrace_notify+0x281/0x2c0 kernel/signal.c:2520
 ptrace_report_syscall include/linux/ptrace.h:415 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
 syscall_exit_work+0xc2/0x1d0 kernel/entry/common.c:173
 syscall_exit_to_user_mode_prepare+0x6f/0xe0 kernel/entry/common.c:200
 __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
 syscall_exit_to_user_mode+0x12/0x120 kernel/entry/common.c:218
 do_syscall_64+0x103/0x210 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4f6252f929
RSP: 002b:00007f4f624e5218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007f4f625b7328 RCX: 00007f4f6252f929
RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
RBP: 00007f4f625b7320 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4f6258435c
R13: 64626e2f7665642f R14: 0000200000000040 R15: 0000000080000000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8df3dce0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8df3dce0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8df3dce0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6764
2 locks held by kworker/u8:3/53:
 #0: ffff8880b8839b58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:605
 #1: ffff8880b8823b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x318/0x6d0 kernel/sched/psi.c:975
1 lock held by udevd/5194:
 #0: ffff888024977358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 block/bdev.c:945
2 locks held by getty/5587:
 #0: ffff8880303d60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002ffe2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
1 lock held by udevd/5861:
 #0: ffff888024977358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 block/bdev.c:945
1 lock held by syz-executor268/5876:
 #0: ffff888024977358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650 block/bdev.c:1128

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0xfee/0x1030 kernel/hung_task.c:437
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4e/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]
NMI backtrace for cpu 0 skipped: idling at tif_test_bit include/linux/thread_info.h:192 [inline]
NMI backtrace for cpu 0 skipped: idling at tif_need_resched include/linux/thread_info.h:208 [inline]
NMI backtrace for cpu 0 skipped: idling at current_clr_polling_and_test include/linux/sched/idle.h:79 [inline]
NMI backtrace for cpu 0 skipped: idling at default_idle_call+0x1b/0xb0 kernel/sched/idle.c:111


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.