INFO: task syz-executor.2:1492 blocked for more than 143 seconds. Not tainted 5.1.0-rc6+ #88 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28888 1492 8235 0x80000002 Call Trace: context_switch kernel/sched/core.c:2877 [inline] __schedule+0x813/0x1cc0 kernel/sched/core.c:3518 schedule+0x92/0x180 kernel/sched/core.c:3562 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3620 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_release+0x4e/0x280 fs/pipe.c:589 __fput+0x2e5/0x8d0 fs/file_table.c:278 ____fput+0x16/0x20 fs/file_table.c:309 task_work_run+0x14a/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x90a/0x2fa0 kernel/exit.c:876 do_group_exit+0x135/0x370 kernel/exit.c:980 get_signal+0x399/0x1d50 kernel/signal.c:2577 do_signal+0x87/0x1940 arch/x86/kernel/signal.c:816 exit_to_usermode_loop+0x244/0x2c0 arch/x86/entry/common.c:162 prepare_exit_to_usermode+0x279/0x2e0 arch/x86/entry/common.c:197 retint_user+0x8/0x18 RIP: 0033:0x458db5 Code: Bad RIP value. RSP: 002b:0000000020000040 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458da9 RDX: 0000000020000140 RSI: 0000000020000040 RDI: 0000000000020000 RBP: 000000000073bfa0 R08: 00000000200001c0 R09: 0000000000000000 R10: 0000000020000180 R11: 0000000000000246 R12: 00007f1c1b4db6d4 R13: 00000000004bf166 R14: 00000000004d01a0 R15: 00000000ffffffff Showing all locks held in the system: 1 lock held by khungtaskd/1043: #0: 00000000a245ad74 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5057 1 lock held by rsyslogd/8045: #0: 00000000798cd85e (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801 2 locks held by getty/8189: #0: 00000000cccdaefe (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000047e835c5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/8190: #0: 00000000d39e88c5 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000000179327 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/8191: #0: 00000000e56309cb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000008a2f5ac6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/8192: #0: 000000008bfb6349 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000093b4abe3 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/8193: #0: 000000002898cb2d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000002ad3cae5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/8194: #0: 0000000098712ed0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000a2b5496c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/8195: #0: 00000000d9f82100 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000700a69d1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 3 locks held by kworker/u4:6/31211: #0: 00000000f7af183e (&rq->lock){-.-.}, at: idle_balance kernel/sched/fair.c:10082 [inline] #0: 00000000f7af183e (&rq->lock){-.-.}, at: pick_next_task_fair+0x1214/0x19a0 kernel/sched/fair.c:7091 #1: 00000000a245ad74 (rcu_read_lock){....}, at: __update_idle_core+0x45/0x3f0 kernel/sched/fair.c:6088 #2: 000000009fdddfe4 (&base->lock){-.-.}, at: lock_timer_base+0x56/0x1b0 kernel/time/timer.c:937 1 lock held by syz-executor.2/1470: #0: 00000000d2d6789f (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000d2d6789f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 fs/pipe.c:70 1 lock held by syz-executor.2/1492: #0: 00000000d2d6789f (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d2d6789f (&pipe->mutex/1){+.+.}, at: pipe_release+0x4e/0x280 fs/pipe.c:589 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1043 Comm: khungtaskd Not tainted 5.1.0-rc6+ #88 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0x9b7/0xec0 kernel/hung_task.c:288 kthread+0x357/0x430 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 12246 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #88 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__run_hrtimer kernel/time/hrtimer.c:1387 [inline] RIP: 0010:__hrtimer_run_queues+0x2d7/0xde0 kernel/time/hrtimer.c:1451 Code: 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 16 0a 00 00 49 8b 46 28 48 8b b5 38 ff ff ff 48 8b bd 70 ff ff ff 48 89 85 48 ff ff ff b4 3b af 05 0f 1f 44 00 00 e8 ca 05 0f 00 e8 c5 05 0f 00 65 8b RSP: 0018:ffff8880ae907a68 EFLAGS: 00000046 RAX: ffffffff81852850 RBX: 0000000000000000 RCX: ffffffff816166a2 RDX: 0000000000010100 RSI: 0000000000000086 RDI: ffff8880ae925d00 RBP: ffff8880ae907b58 R08: ffff8880a8620680 R09: ffffed1015d25bc8 R10: ffffed1015d25bc7 R11: ffff8880ae92de3b R12: ffff8880ae925d80 R13: 000000abf44eb9e9 R14: ffff88805dc80b18 R15: dffffc0000000000 FS: 00007f3ee073a700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e621000 CR3: 00000000901a0000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hrtimer_interrupt+0x314/0x770 kernel/time/hrtimer.c:1509 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1035 [inline] smp_apic_timer_interrupt+0x120/0x570 arch/x86/kernel/apic/apic.c:1060 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1/0x20 kernel/kcov.c:175 Code: c3 0f 1f 84 00 00 00 00 00 55 48 89 f2 48 89 fe bf 06 00 00 00 48 89 e5 48 8b 4d 08 e8 18 ff ff ff 5d c3 66 0f 1f 44 00 00 55 <40> 0f b6 d6 40 0f b6 f7 bf 01 00 00 00 48 89 e5 48 8b 4d 08 e8 f6 RSP: 0018:ffff8880ae907d08 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffff8880a8620680 RBX: ffffffff8b02e240 RCX: ffffffff8160bd8b RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff8880ae907dd8 R08: ffff8880a8620680 R09: ffffffff895e6b14 R10: ffff8880a8620f28 R11: ffff8880a8620680 R12: 0000000000000100 R13: ffff8880ae907db0 R14: 1ffff11015d20fa6 R15: 0000000000000001 expire_timers kernel/time/timer.c:1362 [inline] __run_timers kernel/time/timer.c:1681 [inline] __run_timers kernel/time/timer.c:1649 [inline] run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694 __do_softirq+0x266/0x95a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:374 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:414 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 RIP: 0010:proc_pident_instantiate+0x221/0x2a0 fs/proc/base.c:2437 Code: 89 ee e8 32 8a e4 ff 49 89 c4 e8 ca 43 9d ff 4c 89 e0 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 49 c7 c4 fe ff ff ff eb e0 aa 43 9d ff be 02 00 00 00 4c 89 e7 e8 dd 56 e5 ff e9 a0 fe ff RSP: 0018:ffff88805a4df650 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000002 RBX: ffffffff87770738 RCX: ffffffff81d347ac RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000000000000003 RBP: ffff88805a4df680 R08: ffff8880a8620680 R09: ffffed1011dfa5ec R10: ffffed1011dfa5eb R11: ffff88808efd2f5b R12: ffff888094b36b58 R13: ffff88809843a000 R14: ffff88805c956380 R15: 0000000000004000 proc_pident_lookup+0x1ad/0x210 fs/proc/base.c:2467 proc_tgid_base_lookup+0x2c/0x40 fs/proc/base.c:3089 __lookup_slow+0x27e/0x500 fs/namei.c:1669 lookup_slow+0x58/0x80 fs/namei.c:1686 walk_component+0x74b/0x2000 fs/namei.c:1808 link_path_walk.part.0+0x980/0x1340 fs/namei.c:2139 link_path_walk fs/namei.c:2070 [inline] path_openat+0x202/0x46e0 fs/namei.c:3532 do_filp_open+0x1a1/0x280 fs/namei.c:3563 do_sys_open+0x3fe/0x5d0 fs/open.c:1069 __do_sys_open fs/open.c:1087 [inline] __se_sys_open fs/open.c:1082 [inline] __x64_sys_open+0x7e/0xc0 fs/open.c:1082 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x412d41 Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f3ee0739bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000412d41 RDX: 00007f3ee0739be3 RSI: 0000000000000002 RDI: 00007f3ee0739bd0 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000013 R10: 0000000000000008 R11: 0000000000000293 R12: 00007f3ee073a6d4 R13: 00000000004c7d53 R14: 00000000004dde50 R15: 00000000ffffffff