Re: [syzbot] [kernel?] INFO: task hung in vfs_coredump (2)

[syzbot <syzbot+6ed94e81a1492fe1d512@syzkaller.appspotmail.com>]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in vfs_coredump

INFO: task syz.0.17:6440 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:28400 pid:6440  tgid:6438  ppid:6342   task_flags:0x400640 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_timeout+0x1b2/0x280 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common+0x2e7/0x4c0 kernel/sched/completion.c:121
 wait_for_common kernel/sched/completion.c:132 [inline]
 wait_for_completion_state+0x1c/0x40 kernel/sched/completion.c:269
 coredump_wait fs/coredump.c:534 [inline]
 vfs_coredump+0x80d/0x5570 fs/coredump.c:1197
 get_signal+0x1f2a/0x21e0 kernel/signal.c:3019
 arch_do_signal_or_restart+0x91/0x770 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x86/0x4a0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
 do_syscall_64+0x668/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a20d9af39
RSP: 002b:00007f0a21b690e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007f0a21006098 RCX: 00007f0a20d9af39
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0a2100609c
RBP: 00007f0a21006090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0a21006128 R14: 00007ffdc3a2cb70 R15: 00007ffdc3a2cc58
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: ffffffff8e5ce2e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e5ce2e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e5ce2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
4 locks held by kworker/u8:4/60:
 #0: ffff8880b853b2e0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x140 kernel/sched/core.c:647
 #1: ffff8880b8524648 (psi_seq){-.-.}-{0:0}, at: psi_sched_switch kernel/sched/stats.h:225 [inline]
 #1: ffff8880b8524648 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2c11/0x6120 kernel/sched/core.c:6905
 #2: ffff8880b8526358 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x6e7/0xca0 kernel/time/timer.c:1117
 #3: ffffffff9b0f2e60 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x144/0x490 lib/debugobjects.c:835
2 locks held by getty/5582:
 #0: ffff888032e940a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
1 lock held by syz.0.17/6439:
1 lock held by syz.1.18/6463:
1 lock held by syz.2.19/6486:
2 locks held by syz.3.20/6516:
1 lock held by syz.4.21/6547:
1 lock held by syz.5.22/6577:
1 lock held by syz.6.23/6614:
1 lock held by syz.7.24/6647:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xd25/0x1050 kernel/hung_task.c:515
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6486 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:sha256_transform_rorx+0xdd2/0x1110 lib/crypto/x86/sha256-avx2-asm.S:650
Code: c4 43 7b f0 e3 02 44 03 54 3c 14 09 de 45 31 e6 45 89 dc 21 c6 41 21 dc 45 01 ef 44 01 d1 44 09 e6 45 01 f2 44 01 f9 45 01 fa <45> 89 c7 c4 63 7b f0 e9 19 c4 63 7b f0 f1 0b 41 31 d7 45 31 f5 c4
RSP: 0018:ffffc900033970a0 EFLAGS: 00000a03
RAX: 000000000fc16320 RBX: 0000000041b41c96 RCX: 00000000e2f40420
RDX: 00000000415f425e RSI: 00000000099521a6 RDI: 0000000000000100
RBP: ffffc900033972c0 R08: 00000000ec3afa8e R09: 00000000be60ae5f
R10: 000000006a33a7ef R11: 00000000991721ee R12: 0000000001140086
R13: 0000000077102bc3 R14: 00000000f5b6baa6 R15: 00000000c96a7222
FS:  00007f1f36bc06c0(0000) GS:ffff88812472f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f331ad05ff8 CR3: 000000002b7a6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 sha256_blocks_avx2+0x49/0x90 lib/crypto/x86/sha256.h:31
 sha256_blocks lib/crypto/x86/sha256.h:37 [inline]
 __sha256_update+0x188/0x1c0 lib/crypto/sha256.c:208
 crypto_sha256_update+0x23/0x30 crypto/sha256.c:142
 crypto_shash_finup+0x34b/0x6b0 crypto/shash.c:123
 crypto_shash_update include/crypto/hash.h:1006 [inline]
 ima_calc_file_hash_tfm+0x299/0x350 security/integrity/ima/ima_crypto.c:491
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x18c/0x480 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x887/0xa40 security/integrity/ima/ima_api.c:295
 process_measurement+0xdfe/0x2350 security/integrity/ima/ima_main.c:407
 ima_file_mmap+0x1c4/0x1f0 security/integrity/ima/ima_main.c:505
 security_mmap_file+0x278/0x9b0 security/security.c:2504
 vm_mmap_pgoff+0xec/0x470 mm/util.c:575
 ksys_mmap_pgoff+0x273/0x650 mm/mmap.c:605
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1f35d9af39
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1f36bc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f1f36005fa0 RCX: 00007f1f35d9af39
RDX: 00004000000000df RSI: 0000004000000001 RDI: 0000000000000008
RBP: 00007f1f35e2fee0 R08: ffffffffffffffff R09: 0000300000000000
R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1f36006038 R14: 00007f1f36005fa0 R15: 00007fff0f5b0ad8
 </TASK>


Tested on:

commit:         113ae7b4 Merge tag 'hwmon-for-v7.0-rc5' of git://git.k..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1242ccba580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c91defb609dfc805
dashboard link: https://syzkaller.appspot.com/bug?extid=6ed94e81a1492fe1d512
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10bcccba580000