bisecting fixing commit since c98875d930e915d01e8c40c7d3c16f00b3c8abe1 building syzkaller on 53199d6e8aee5f0ebd3775d2b1c674f4e6e64e2b testing commit c98875d930e915d01e8c40c7d3c16f00b3c8abe1 with gcc (GCC) 8.1.0 kernel signature: 778acee875b17de8c901c2e2eb90dfd0105c5bad all runs: crashed: INFO: task hung in aead_recvmsg testing current HEAD 174651bdf802a2139065e8e31ce950e2f3fc4a94 testing commit 174651bdf802a2139065e8e31ce950e2f3fc4a94 with gcc (GCC) 8.1.0 kernel signature: cda5f5a28685d943f6974769c23df19c51954cfb all runs: crashed: INFO: task hung in aead_recvmsg revisions tested: 2, total time: 28m47.227216567s (build: 16m26.983512179s, test: 11m27.147151727s) the crash still happens on HEAD commit msg: Linux 4.19.87 crash: INFO: task hung in aead_recvmsg IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 INFO: task syz-executor.2:7053 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28808 7053 6950 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007fd77f505c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd77f5066d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.2:7062 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28344 7062 6950 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007fd77f4e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd77f4e56d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.5:7052 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28808 7052 6957 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007fa8aeb87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8aeb886d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.5:7064 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28344 7064 6957 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007fa8aeb66c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8aeb676d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.1:7055 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28808 7055 6953 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007f142765ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f142765b6d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.1:7066 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28344 7066 6953 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007f1427639c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f142763a6d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.3:7061 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28808 7061 6952 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007f675d2b3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f675d2b46d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.3:7078 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28344 7078 6952 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007f675d292c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f675d2936d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff INFO: task syz-executor.0:7060 blocked for more than 140 seconds. Not tainted 4.19.87-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28392 7060 6958 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x792/0x1c20 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_timeout+0x6d7/0xda0 kernel/time/timer.c:1782 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x282/0x460 kernel/sched/completion.c:136 crypto_wait_req include/linux/crypto.h:517 [inline] _aead_recvmsg crypto/algif_aead.c:313 [inline] aead_recvmsg+0x1182/0x1fb0 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xb9/0xf0 net/socket.c:802 sock_read_iter+0x226/0x3d0 net/socket.c:879 call_read_iter include/linux/fs.h:1814 [inline] do_iter_readv_writev+0x3f2/0x960 fs/read_write.c:679 do_iter_read+0x1db/0x580 fs/read_write.c:923 vfs_readv+0xc9/0x130 fs/read_write.c:987 do_readv+0x110/0x330 fs/read_write.c:1020 __do_sys_readv fs/read_write.c:1107 [inline] __se_sys_readv fs/read_write.c:1104 [inline] __x64_sys_readv+0x70/0xb0 fs/read_write.c:1104 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: Bad RIP value. RSP: 002b:00007fcfe83c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcfe83c96d4 R13: 00000000004c5985 R14: 00000000004d9fe0 R15: 00000000ffffffff Showing all locks held in the system: 1 lock held by khungtaskd/1039: #0: 0000000026a234e3 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4438 1 lock held by rsyslogd/6709: #0: 00000000b4ea356d (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 2 locks held by getty/6832: #0: 0000000002f67d1d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000ee08842b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 2 locks held by getty/6833: #0: 00000000ac723653 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 0000000078f2a9ed (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 2 locks held by getty/6834: #0: 00000000fa92c9f6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 000000003e7485fc (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 2 locks held by getty/6835: #0: 00000000f4a0d677 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 0000000057a5a451 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 2 locks held by getty/6836: #0: 00000000ba391b64 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 0000000005198edc (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 2 locks held by getty/6837: #0: 00000000d5817fa8 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000bf78b2c7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 2 locks held by getty/6838: #0: 00000000928db410 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000c587d4e6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x18d0 drivers/tty/n_tty.c:2154 1 lock held by syz-executor.2/7053: #0: 0000000035eca976 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 0000000035eca976 (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.2/7062: #0: 00000000730df17b (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 00000000730df17b (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.5/7052: #0: 0000000045612752 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 0000000045612752 (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.5/7064: #0: 00000000563b11ff (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 00000000563b11ff (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.1/7055: #0: 000000001e547236 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 000000001e547236 (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.1/7066: #0: 00000000160d8c9c (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 00000000160d8c9c (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.3/7061: #0: 00000000c6d71f36 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 00000000c6d71f36 (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.3/7078: #0: 00000000f28234e1 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 00000000f28234e1 (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 1 lock held by syz-executor.0/7060: #0: 00000000fa6b3fc9 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1501 [inline] #0: 00000000fa6b3fc9 (sk_lock-AF_ALG){+.+.}, at: af_alg_wait_for_data+0x1b3/0x440 crypto/af_alg.c:772 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1039 Comm: khungtaskd Not tainted 4.19.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x123/0x177 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.4+0x3e/0x76 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xe6/0x11a lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x327/0x3f0 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 32 Comm: kworker/u4:2 Not tainted 4.19.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:__lock_release kernel/locking/lockdep.c:3709 [inline] RIP: 0010:lock_release+0x55e/0x850 kernel/locking/lockdep.c:3922 Code: 7e 0f 85 33 fc ff ff e8 d3 1b b4 ff e9 29 fc ff ff 48 8b 95 60 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 <84> c0 74 08 3c 03 0f 8e b7 02 00 00 41 83 ed 01 45 39 af 78 08 00 RSP: 0018:ffff8880a997fbc0 EFLAGS: 00000806 RAX: 0000000000000000 RBX: 1ffff1101532ff7c RCX: 1ffff1101532e126 RDX: 1ffff1101532e127 RSI: 0000000000000003 RDI: ffff8880a99700c0 RBP: ffff8880a997fc68 R08: 0000000000000000 R09: ffffed101345edc6 R10: ffffed101345edc6 R11: ffff88809a2f6e33 R12: 0000000000000003 R13: 0000000000000003 R14: c616a84955470b19 R15: ffff8880a99700c0 FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000246c000 CR3: 0000000082cfb000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:174 [inline] _raw_spin_unlock_bh+0x1a/0x40 kernel/locking/spinlock.c:200 spin_unlock_bh include/linux/spinlock.h:374 [inline] batadv_nc_purge_paths+0x1d8/0x300 net/batman-adv/network-coding.c:482 batadv_nc_worker+0x1f3/0x630 net/batman-adv/network-coding.c:731 process_one_work+0x835/0x1670 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x327/0x3f0 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415