Debian GNU/Linux 7 syzkaller ttyS0 executing program syzkaller login: [ 615.391415] INFO: task syzkaller426058:3038 blocked for more than 120 seconds. [ 615.393840] Not tainted 4.13.0-rc6-next-20170825+ #9 [ 615.395448] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 615.397719] syzkaller426058 D22912 3038 3036 0x00000000 [ 615.399438] Call Trace: [ 615.400287] __schedule+0x8e8/0x2070 [ 615.401426] ? __sched_text_start+0x8/0x8 [ 615.402688] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 615.404150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 615.405583] ? find_held_lock+0x39/0x1d0 [ 615.406814] ? _raw_spin_unlock_irqrestore+0x5e/0xba [ 615.408342] schedule+0x108/0x440 [ 615.410376] ? __schedule+0x2070/0x2070 [ 615.411979] ? mark_held_locks+0xb2/0x100 [ 615.413650] ? __local_bh_enable_ip+0x9d/0x160 [ 615.415426] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.417384] ? __lock_sock+0x1d7/0x2f0 [ 615.418883] ? trace_hardirqs_on+0xd/0x10 [ 615.420517] ? __local_bh_enable_ip+0x9d/0x160 [ 615.422278] __lock_sock+0x1dc/0x2f0 [ 615.423709] ? proto_unregister+0x5e0/0x5e0 [ 615.424879] ? finish_wait+0x490/0x490 [ 615.425931] ? lock_sock_nested+0x44/0x110 [ 615.427095] lock_sock_nested+0xf3/0x110 [ 615.428210] tcp_sendmsg+0x21/0x50 [ 615.429057] inet_sendmsg+0x11f/0x5e0 [ 615.429793] ? inet_recvmsg+0x5f0/0x5f0 [ 615.431259] ? selinux_socket_sendmsg+0x36/0x40 [ 615.431926] ? security_socket_sendmsg+0x89/0xb0 [ 615.432667] ? inet_recvmsg+0x5f0/0x5f0 [ 615.433282] sock_sendmsg+0xca/0x110 [ 615.433797] kernel_sendmsg+0x47/0x60 [ 615.434282] sock_no_sendpage+0x1cc/0x280 [ 615.434770] ? sock_no_shutdown+0x10/0x10 [ 615.435314] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.435902] tcp_sendpage_locked+0x10b/0x160 [ 615.436457] tcp_sendpage+0x43/0x60 [ 615.436892] ? tcp_sendpage_locked+0x160/0x160 [ 615.437465] inet_sendpage+0x1aa/0x660 [ 615.437931] ? inet_sendmsg+0x5e0/0x5e0 [ 615.438445] ? inet_sendmsg+0x5e0/0x5e0 [ 615.438885] kernel_sendpage+0x8d/0xe0 [ 615.439322] sock_sendpage+0x92/0xc0 [ 615.439694] ? kernel_sendpage+0xe0/0xe0 [ 615.440127] pipe_to_sendpage+0x290/0x3b0 [ 615.440549] ? direct_splice_actor+0x180/0x180 [ 615.441002] ? check_same_owner+0x320/0x320 [ 615.441464] ? splice_from_pipe_next.part.9+0x22a/0x2e0 [ 615.441998] __splice_from_pipe+0x343/0x750 [ 615.442461] ? direct_splice_actor+0x180/0x180 [ 615.442926] splice_from_pipe+0x1e9/0x330 [ 615.443367] ? direct_splice_actor+0x180/0x180 [ 615.443806] ? splice_shrink_spd+0xb0/0xb0 [ 615.444212] ? security_file_permission+0x89/0x1f0 [ 615.444638] generic_splice_sendpage+0x40/0x50 [ 615.445054] ? splice_from_pipe+0x330/0x330 [ 615.445425] SyS_splice+0x7d5/0x1630 [ 615.445758] ? compat_SyS_vmsplice+0x250/0x250 [ 615.446173] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.446602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 615.447038] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 615.447446] RIP: 0033:0x434f69 [ 615.447719] RSP: 002b:00007ffe7df8c2a8 EFLAGS: 00000207 ORIG_RAX: 0000000000000113 [ 615.448420] RAX: ffffffffffffffda RBX: 00000000004002b0 RCX: 0000000000434f69 [ 615.448982] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 615.449536] RBP: 0000000000000086 R08: 000000000000001f R09: 0000000000000000 [ 615.450097] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000000 [ 615.450631] R13: 00000000004018e0 R14: 0000000000401970 R15: 0000000000000000 [ 615.451203] [ 615.451203] Showing all locks held in the system: [ 615.451675] 2 locks held by khungtaskd/664: [ 615.452450] #0: (rcu_read_lock){....}, at: [] watchdog+0x1c5/0xd60 [ 615.453085] #1: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0xd2/0x410 [ 615.453770] 1 lock held by rsyslogd/2924: [ 615.454066] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x131/0x1a0 [ 615.454636] 2 locks held by getty/3007: [ 615.454896] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.455503] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.456147] 2 locks held by getty/3008: [ 615.456412] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.456994] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.457640] 2 locks held by getty/3009: [ 615.457901] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.458504] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.459143] 2 locks held by getty/3010: [ 615.459406] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.459988] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.460655] 2 locks held by getty/3011: [ 615.460927] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.461534] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.462175] 2 locks held by getty/3012: [ 615.462429] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.463030] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.463763] 2 locks held by getty/3013: [ 615.464071] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x37/0x40 [ 615.464695] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x2f2/0x1a40 [ 615.465361] 2 locks held by syzkaller426058/3038: [ 615.465726] #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 [ 615.466307] #1: (sk_lock-AF_INET){+.+.}, at: [] tcp_sendpage+0x2e/0x60 [ 615.466959] [ 615.467106] ============================================= [ 615.467106] [ 615.467567] NMI backtrace for cpu 2 [ 615.467809] CPU: 2 PID: 664 Comm: khungtaskd Not tainted 4.13.0-rc6-next-20170825+ #9 [ 615.468358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 615.468908] Call Trace: [ 615.469083] dump_stack+0x194/0x257 [ 615.469325] ? arch_local_irq_restore+0x53/0x53 [ 615.469641] nmi_cpu_backtrace+0x20e/0x240 [ 615.469922] ? kobject_synth_uevent+0xad0/0xad0 [ 615.470229] ? debug_check_no_locks_held+0x140/0x140 [ 615.470564] ? show_regs_print_info+0x65/0x65 [ 615.470872] ? irq_force_complete_move+0x390/0x390 [ 615.471215] nmi_trigger_cpumask_backtrace+0x122/0x180 [ 615.471582] arch_trigger_cpumask_backtrace+0x14/0x20 [ 615.471940] watchdog+0x90c/0xd60 [ 615.472215] ? reset_hung_task_detector+0xa0/0xa0 [ 615.472568] ? complete+0x18/0x80 [ 615.472843] ? __schedule+0x2070/0x2070 [ 615.473695] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 615.474042] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.474438] ? trace_hardirqs_on+0xd/0x10 [ 615.474732] ? __kthread_parkme+0x173/0x240 [ 615.475047] kthread+0x39c/0x470 [ 615.475291] ? reset_hung_task_detector+0xa0/0xa0 [ 615.475628] ? kthread_create_on_node+0x100/0x100 [ 615.475967] ret_from_fork+0x2a/0x40 [ 615.476309] Sending NMI from CPU 2 to CPUs 0-1,3: [ 615.476703] NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff84da2b86 [ 615.476714] NMI backtrace for cpu 3 skipped: idling at pc 0xffffffff84da2b86 [ 615.476719] NMI backtrace for cpu 0 [ 615.476723] CPU: 0 PID: 2921 Comm: rs:main Q:Reg Not tainted 4.13.0-rc6-next-20170825+ #9 [ 615.476724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 615.476728] task: ffff88003ad1e700 task.stack: ffff88003d708000 [ 615.476732] RIP: 0010:unwind_next_frame.part.6+0xde/0xc70 [ 615.476733] RSP: 0018:ffff88003d70f610 EFLAGS: 00000046 [ 615.476735] RAX: dffffc0000000000 RBX: ffff88003d70f740 RCX: ffff88003d70f790 [ 615.476737] RDX: 1ffff10007ae1eef RSI: ffffffff81aa487f RDI: ffff88003d70f740 [ 615.476738] RBP: ffff88003d70f718 R08: ffff88003d70f780 R09: ffff88003d70f778 [ 615.476740] R10: ffff88003d70f6f0 R11: 1ffff100075a3f73 R12: 1ffff10007ae1eca [ 615.476741] R13: 0000000000000000 R14: ffff88003ad1e700 R15: ffff88003ad1efe0 [ 615.476743] FS: 00007f10ad008700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 [ 615.476745] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 615.476747] CR2: 000055f094e23008 CR3: 000000003a5e5000 CR4: 00000000000006f0 [ 615.476752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 615.476753] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 615.476754] Call Trace: [ 615.476757] ? unwind_dump+0x4c0/0x4c0 [ 615.476760] ? unwind_dump+0x4c0/0x4c0 [ 615.476764] ? block_write_end+0x1c0/0x1c0 [ 615.476767] ? __unwind_start+0x169/0x330 [ 615.476770] unwind_next_frame+0x3e/0x50 [ 615.476773] __save_stack_trace+0x6e/0xd0 [ 615.476777] ? SyS_write+0xef/0x220 [ 615.476780] save_stack_trace+0x16/0x20 [ 615.476783] __lock_acquire+0x20f4/0x4620 [ 615.476787] ? find_held_lock+0x39/0x1d0 [ 615.476791] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 615.476794] ? lock_acquire+0x1d5/0x580 [ 615.476797] ? __fdget_pos+0x131/0x1a0 [ 615.476800] ? lock_release+0xd70/0xd70 [ 615.476803] ? check_same_owner+0x320/0x320 [ 615.476807] ? rcu_note_context_switch+0x710/0x710 [ 615.476809] ? find_held_lock+0x39/0x1d0 [ 615.476812] ? __might_sleep+0x95/0x190 [ 615.476815] ? __fdget_pos+0x131/0x1a0 [ 615.476818] ? __mutex_lock+0x16f/0x1870 [ 615.476820] ? __fdget_pos+0x131/0x1a0 [ 615.476822] ? lock_downgrade+0x990/0x990 [ 615.476825] ? check_noncircular+0x20/0x20 [ 615.476827] ? __fdget_pos+0x131/0x1a0 [ 615.476830] ? __fget+0xbb/0x580 [ 615.476833] ? mutex_lock_io_nested+0x1740/0x1740 [ 615.476836] ? lock_release+0xd70/0xd70 [ 615.476839] ? __lock_is_held+0xbc/0x140 [ 615.476842] ? check_noncircular+0x20/0x20 [ 615.476846] ? __fget+0x362/0x580 [ 615.476848] ? lock_downgrade+0x990/0x990 [ 615.476851] ? check_noncircular+0x20/0x20 [ 615.476854] ? iterate_fd+0x3f0/0x3f0 [ 615.476857] ? __lock_is_held+0xbc/0x140 [ 615.476863] lock_acquire+0x1d5/0x580 [ 615.476865] ? vfs_write+0x410/0x510 [ 615.476869] ? lock_release+0xd70/0xd70 [ 615.476871] ? check_same_owner+0x320/0x320 [ 615.476874] ? __inode_security_revalidate+0xd9/0x130 [ 615.476877] ? rcu_note_context_switch+0x710/0x710 [ 615.476881] ? __might_sleep+0x95/0x190 [ 615.476884] __sb_start_write+0x18f/0x290 [ 615.476886] ? vfs_write+0x410/0x510 [ 615.476889] vfs_write+0x410/0x510 [ 615.476893] SyS_write+0xef/0x220 [ 615.476896] ? SyS_read+0x220/0x220 [ 615.476898] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.476902] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 615.476906] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 615.476908] RIP: 0033:0x7f10aea6619d [ 615.476909] RSP: 002b:00007f10ad007000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 615.476911] RAX: ffffffffffffffda RBX: 0000000000000098 RCX: 00007f10aea6619d [ 615.476913] RDX: 0000000000000098 RSI: 0000000001d25a90 RDI: 0000000000000005 [ 615.476914] RBP: 0000000000000086 R08: 0a3a332c312d3020 R09: 676e69646e655320 [ 615.476916] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f10ae3f9973 [ 615.476923] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000040 [ 615.476926] Code: 92 09 00 00 41 f6 85 88 00 00 00 03 0f 85 65 02 00 00 4c 8d 4b 38 48 b8 00 00 00 00 00 fc ff df 4c 89 ca 48 c1 ea 03 80 3c 02 00 <0f> 85 be 09 00 00 4c 8d 43 28 48 ba 00 00 00 00 00 fc ff df 48 [ 615.477696] Kernel panic - not syncing: hung_task: blocked tasks [ 615.477701] CPU: 2 PID: 664 Comm: khungtaskd Not tainted 4.13.0-rc6-next-20170825+ #9 [ 615.477704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 615.477706] Call Trace: [ 615.477711] dump_stack+0x194/0x257 [ 615.477718] ? arch_local_irq_restore+0x53/0x53 [ 615.477731] panic+0x1e4/0x41c [ 615.477736] ? refcount_error_report+0x214/0x214 [ 615.477752] watchdog+0x91d/0xd60 [ 615.477765] ? reset_hung_task_detector+0xa0/0xa0 [ 615.477769] ? complete+0x18/0x80 [ 615.477779] ? __schedule+0x2070/0x2070 [ 615.477790] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 615.477796] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.477802] ? trace_hardirqs_on+0xd/0x10 [ 615.477806] ? __kthread_parkme+0x173/0x240 [ 615.477814] kthread+0x39c/0x470 [ 615.477818] ? reset_hung_task_detector+0xa0/0xa0 [ 615.477822] ? kthread_create_on_node+0x100/0x100 [ 615.477828] ret_from_fork+0x2a/0x40 [ 615.510230] Dumping ftrace buffer: [ 615.510548] (ftrace buffer empty) [ 615.510853] Kernel Offset: disabled [ 615.511117] Rebooting in 86400 seconds..