INFO: task syz-executor.0:3241 blocked for more than 140 seconds.
Not tainted 4.9.190+ #2
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D27240 3241 2108 0x00000004
0000000000000083 ffff8801c5d70000 ffff8801d1129b80 ffff8801db721000
ffff8801d1885f00 ffff8801db721018 ffff8801ae4cfc78 ffffffff8281a10e
0000000000000000 0000000000000000 00ffffff83c7c1d0 ffff8801db7218f0
Call Trace:
[<0000000028259ce2>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
[<0000000010744790>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579
[<000000003ef5c2ee>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
[<000000003ef5c2ee>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621
[<00000000ab86aecf>] __pipe_lock fs/pipe.c:87 [inline]
[<00000000ab86aecf>] pipe_release+0x4e/0x250 fs/pipe.c:582
[<00000000f4b311ed>] __fput+0x274/0x720 fs/file_table.c:208
[<00000000dc0460d1>] ____fput+0x16/0x20 fs/file_table.c:244
[<00000000e0700a71>] task_work_run+0x108/0x180 kernel/task_work.c:116
[<000000003db28b4c>] tracehook_notify_resume include/linux/tracehook.h:191 [inline]
[<000000003db28b4c>] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163
[<0000000058992ba8>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
[<0000000058992ba8>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
[<0000000058992ba8>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
[<0000000028008a47>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<000000008c505f2f>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline]
#0: (rcu_read_lock){......}, at: [<000000008c505f2f>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263
#1: (tasklist_lock){.+.+..}, at: [<00000000b18a4b6f>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4336
2 locks held by getty/2033:
#0: (&tty->ldisc_sem){++++++}, at: [<00000000fcd0e827>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+...}, at: [<00000000caf66cd9>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.0/3241:
#0: (&pipe->mutex/1){+.+.+.}, at: [<00000000ab86aecf>] __pipe_lock fs/pipe.c:87 [inline]
#0: (&pipe->mutex/1){+.+.+.}, at: [<00000000ab86aecf>] pipe_release+0x4e/0x250 fs/pipe.c:582
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.190+ #2
ffff8801d98d7cc8 ffffffff81b66c51 0000000000000000 0000000000000000
0000000000000000 ffffffff81099a01 dffffc0000000000 ffff8801d98d7d00
ffffffff81b71eec 0000000000000000 0000000000000000 0000000000000000
Call Trace:
[<00000000417ca2cc>] __dump_stack lib/dump_stack.c:15 [inline]
[<00000000417ca2cc>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<000000004d992e9c>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99
[<0000000036672b3a>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60
[<000000007381f56e>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
[<00000000676f002f>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
[<00000000676f002f>] check_hung_task kernel/hung_task.c:126 [inline]
[<00000000676f002f>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline]
[<00000000676f002f>] watchdog+0x670/0xaf0 kernel/hung_task.c:263
[<00000000076e094a>] kthread+0x278/0x310 kernel/kthread.c:211
[<00000000754a5852>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3260 Comm: syz-executor.0 Not tainted 4.9.190+ #2
task: 000000004214e1c9 task.stack: 00000000c6912081
RIP: 0010:[<ffffffff811748e1>] �c [<00000000be6bb4dd>] constant_test_bit arch/x86/include/asm/bitops.h:311 [inline]
RIP: 0010:[<ffffffff811748e1>] �c [<00000000be6bb4dd>] test_ti_thread_flag include/linux/thread_info.h:58 [inline]
RIP: 0010:[<ffffffff811748e1>] �c [<00000000be6bb4dd>] test_tsk_thread_flag include/linux/sched.h:3396 [inline]
RIP: 0010:[<ffffffff811748e1>] �c [<00000000be6bb4dd>] test_tsk_need_resched include/linux/sched.h:3411 [inline]
RIP: 0010:[<ffffffff811748e1>] �c [<00000000be6bb4dd>] check_preempt_curr+0x131/0x3b0 kernel/sched/core.c:976
RSP: 0018:ffff8801db707c50 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffff8801db721000 RCX: ffff8801db721000
RDX: 0000000000000000 RSI: ffffffff81bcd2ac RDI: ffff8801a9d5981c
RBP: ffff8801db707c98 R08: ffff8801db7218f0 R09: 0000000000000003
R10: ffff8801cf668270 R11: 00000042adfd121a R12: ffffffff82a4ca80
R13: ffffffff82a4ca80 R14: 0000000000000000 R15: ffff8801a9d597c0
FS: 00007f4c2ff4e700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000201c1000 CR3: 00000001c73f3000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffff8801cf668288�c ffff8801db721170�c ffff8801db7218f0�c ffff8801db721000�c
ffff8801db721000�c ffff8801cf668000�c ffff8801db707d80�c 0000000000000000�c
ffff8801cf6687f8�c ffff8801db707cd8�c ffffffff81174b7f�c ffffffff8117409a�c
Call Trace:
<IRQ> �d [<000000002376f83a>] ttwu_do_wakeup.isra.0+0x1f/0x580 kernel/sched/core.c:1707
[<0000000085645ac8>] ttwu_do_activate+0x154/0x200 kernel/sched/core.c:1753
[<00000000f676b07c>] ttwu_queue kernel/sched/core.c:1908 [inline]
[<00000000f676b07c>] try_to_wake_up+0x5a3/0x1030 kernel/sched/core.c:2122
[<0000000099c2eec4>] wake_up_process+0x10/0x20 kernel/sched/core.c:2197
[<000000004a793869>] hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1476
[<00000000bb1d690f>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
[<00000000bb1d690f>] __hrtimer_run_queues+0x313/0xe00 kernel/time/hrtimer.c:1319
[<00000000fbb5c62a>] hrtimer_interrupt+0x1b6/0x450 kernel/time/hrtimer.c:1353
[<00000000028425ba>] local_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:937
[<00000000ff1e574e>] smp_apic_timer_interrupt+0x79/0xb0 arch/x86/kernel/apic/apic.c:961
[<000000003a8e397b>] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:653
<EOI> �d [<00000000cb094bbe>] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline]
<EOI> �d [<00000000cb094bbe>] ? lock_acquire+0x176/0x3d0 kernel/locking/lockdep.c:3759
[<00000000448bb6ae>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22
[<000000007f5cbf92>] ext4_page_mkwrite+0x1a5/0x1040 fs/ext4/inode.c:5768
[<00000000ecd89c9f>] do_page_mkwrite+0x1d1/0x400 mm/memory.c:2061
[<00000000efe1e017>] wp_page_shared mm/memory.c:2326 [inline]
[<00000000efe1e017>] do_wp_page+0xab8/0x20a0 mm/memory.c:2430
[<00000000f53a0c0e>] handle_pte_fault mm/memory.c:3562 [inline]
[<00000000f53a0c0e>] __handle_mm_fault mm/memory.c:3634 [inline]
[<00000000f53a0c0e>] handle_mm_fault+0xeff/0x2420 mm/memory.c:3671
[<000000000dd18bd1>] __do_page_fault+0x3f0/0xa60 arch/x86/mm/fault.c:1401
[<000000002208325f>] do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1464
[<000000007765be44>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:956
[<000000007b24413d>] pipe_to_user+0xb0/0x160 fs/splice.c:1256
[<00000000efac710f>] splice_from_pipe_feed fs/splice.c:521 [inline]
[<00000000efac710f>] __splice_from_pipe+0x351/0x790 fs/splice.c:645
[<00000000c1819c92>] vmsplice_to_user+0x1bd/0x1e0 fs/splice.c:1291
[<000000008ea6c812>] SYSC_vmsplice fs/splice.c:1370 [inline]
[<000000008ea6c812>] SyS_vmsplice+0x114/0x140 fs/splice.c:1353
[<000000005d5048d5>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
[<0000000028008a47>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: �cd0 �c7c �c08 �c84 �cd2 �c0f �c85 �c4a �c01 �c00 �c00 �c41 �c83 �c7f �c5c �c01 �c74 �c0f �c48 �c83 �cc4 �c20 �c5b �c41 �c5c �c41 �c5d �c41 �c5e �c41 �c5f �c5d �cc3 �c48 �cb8 �c00 �c00 �c00 �c00 �c00 �cfc �cff �cdf �c<4c> �c89 �cfa �c48 �cc1 �cea �c03 �c80 �c3c �c02 �c00 �c0f �c85 �c41 �c02 �c00 �c00 �c49 �c8b �c07 �ca8 �c