Unknown ioctl 35097 Unknown ioctl 35097 kworker/dying (7898) used greatest stack depth: 11608 bytes left INFO: task syz-executor4:19744 blocked for more than 140 seconds. Not tainted 4.19.0-rc2+ #124 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D24072 19744 4636 0x20020004 Call Trace: context_switch kernel/sched/core.c:2825 [inline] __schedule+0x87c/0x1df0 kernel/sched/core.c:3473 schedule+0xfb/0x450 kernel/sched/core.c:3517 schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1544/0x1bb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:794 [inline] sock_recvmsg+0xd0/0x110 net/socket.c:801 ___sys_recvmsg+0x2b6/0x680 net/socket.c:2276 __sys_recvmmsg+0x74c/0xbb0 net/socket.c:2380 __compat_sys_recvmmsg+0x166/0x180 net/compat.c:821 __do_compat_sys_recvmmsg net/compat.c:839 [inline] __se_compat_sys_recvmmsg net/compat.c:835 [inline] __ia32_compat_sys_recvmmsg+0xbd/0x150 net/compat.c:835 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline] do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f9fca9 Code: Bad RIP value. RSP: 002b:00000000f5f7a0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020006880 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Showing all locks held in the system: 1 lock held by khungtaskd/792: #0: 0000000014f6f7fc (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436 2 locks held by rsyslogd/4492: #0: 00000000fb787cb5 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766 #1: 000000003386a3a1 (&rq->lock){-.-.}, at: is_bpf_text_address+0x0/0x170 kernel/bpf/core.c:530 2 locks held by getty/4582: #0: 00000000c304f614 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000001c4e906d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4583: #0: 00000000b847f83d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000005d8f90de (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4584: #0: 0000000084366149 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000008393d64c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4585: #0: 00000000f54c5d5e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000108caaba (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4586: #0: 00000000acaec883 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000bc6d8b36 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4587: #0: 0000000034d7e339 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000039c82531 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4588: #0: 000000000dbe9e0e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000322c741e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by kworker/1:3/5076: #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124 #1: 00000000e829aca3 ((work_completion)(&smc->tcp_listen_work)){+.+.}, at: process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128 2 locks held by kworker/1:6/6644: #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000085ab4bf5 ((wq_completion)"events"){+.+.}, at: process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124 #1: 00000000b1ac57ea ((work_completion)(&smc->tcp_listen_work)){+.+.}, at: process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128 1 lock held by syz-executor4/19744: #0: 00000000111bd36d (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1491 [inline] #0: 00000000111bd36d (sk_lock-AF_ALG){+.+.}, at: aead_recvmsg+0xbb/0x1bb0 crypto/algif_aead.c:332 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 792 Comm: khungtaskd Not tainted 4.19.0-rc2+ #124 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.3+0x48/0x88 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0xb39/0x1040 kernel/hung_task.c:265 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:57