syzbot

INFO: task syz-executor333:2136 blocked for more than 140 seconds.
      Not tainted 4.9.181+ #9
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor333 D28280  2136   2132 0x00000004
 0000000000000087 ffff8801cb8117c0 0000000000000000 ffff8801db721000
 ffff8801da6b2f80 ffff8801db721018 ffff8801ca03fae0 ffffffff82809e2e
 ffff8801cb8117c0 ffff8801cb8117c0 00ff8801ca03fa30 ffff8801db7218f0
Call Trace:
 [<00000000a71671d7>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
 [<000000009769c186>] __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:549 [inline]
 [<000000009769c186>] rwsem_down_write_failed+0x3a3/0x750 kernel/locking/rwsem-xadd.c:578
 [<000000009b8139a7>] call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
 [<000000006293c5ae>] __down_write arch/x86/include/asm/rwsem.h:125 [inline]
 [<000000006293c5ae>] down_write+0x5c/0xa0 kernel/locking/rwsem.c:54
 [<00000000e739f74b>] inode_lock include/linux/fs.h:771 [inline]
 [<00000000e739f74b>] lock_mount+0x8c/0x2c0 fs/namespace.c:2113
 [<0000000085c530ee>] do_add_mount+0x27/0x340 fs/namespace.c:2496
 [<00000000bd47e6bd>] do_new_mount fs/namespace.c:2563 [inline]
 [<00000000bd47e6bd>] do_mount+0x12ad/0x2970 fs/namespace.c:2871
 [<000000008073a4cc>] SYSC_mount fs/namespace.c:3087 [inline]
 [<000000008073a4cc>] SyS_mount+0xab/0x120 fs/namespace.c:3064
 [<00000000ec1484df>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000c98374f0>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<0000000007438fb9>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline]
 #0:  (rcu_read_lock){......}, at: [<0000000007438fb9>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263
 #1:  (tasklist_lock){.+.+..}, at: [<000000002c5afc67>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4336
2 locks held by getty/2041:
 #0:  (&tty->ldisc_sem){++++++}, at: [<0000000024c567a9>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<00000000d286b6a5>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
1 lock held by syz-executor333/2136:
 #0:  (&type->i_mutex_dir_key#6){++++.+}, at: [<00000000e739f74b>] inode_lock include/linux/fs.h:771 [inline]
 #0:  (&type->i_mutex_dir_key#6){++++.+}, at: [<00000000e739f74b>] lock_mount+0x8c/0x2c0 fs/namespace.c:2113
2 locks held by syz-executor333/2137:
 #0:  (&fc->killsb){.+.+..}, at: [<000000005aa003b6>] fuse_notify_delete fs/fuse/dev.c:1553 [inline]
 #0:  (&fc->killsb){.+.+..}, at: [<000000005aa003b6>] fuse_notify fs/fuse/dev.c:1790 [inline]
 #0:  (&fc->killsb){.+.+..}, at: [<000000005aa003b6>] fuse_dev_do_write+0x1c55/0x22c0 fs/fuse/dev.c:1865
 #1:  (&type->i_mutex_dir_key#6){++++.+}, at: [<000000003e3309d5>] inode_lock include/linux/fs.h:771 [inline]
 #1:  (&type->i_mutex_dir_key#6){++++.+}, at: [<000000003e3309d5>] fuse_reverse_inval_entry+0xaf/0x670 fs/fuse/dir.c:1012
1 lock held by syz-executor333/2139:
 #0:  (&type->i_mutex_dir_key#6){++++.+}, at: [<00000000e739f74b>] inode_lock include/linux/fs.h:771 [inline]
 #0:  (&type->i_mutex_dir_key#6){++++.+}, at: [<00000000e739f74b>] lock_mount+0x8c/0x2c0 fs/namespace.c:2113
1 lock held by syz-executor333/2140:
 #0:  (&type->i_mutex_dir_key#6){++++.+}, at: [<00000000fbc4a954>] inode_lock_shared include/linux/fs.h:781 [inline]
 #0:  (&type->i_mutex_dir_key#6){++++.+}, at: [<00000000fbc4a954>] lookup_slow+0x160/0x480 fs/namei.c:1686

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.181+ #9
 ffff8801d98d7cc8 ffffffff81b57e21 0000000000000000 0000000000000000
 0000000000000000 ffffffff81099901 dffffc0000000000 ffff8801d98d7d00
 ffffffff81b630bc 0000000000000000 0000000000000000 0000000000000000
Call Trace:
 [<0000000032c3cbff>] __dump_stack lib/dump_stack.c:15 [inline]
 [<0000000032c3cbff>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<00000000f3c8ffeb>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99
 [<00000000d3fedbcc>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60
 [<00000000cb1fbe1d>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<000000001bb5c01a>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<000000001bb5c01a>] check_hung_task kernel/hung_task.c:126 [inline]
 [<000000001bb5c01a>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline]
 [<000000001bb5c01a>] watchdog+0x670/0xaf0 kernel/hung_task.c:263
 [<0000000098cea0f6>] kthread+0x278/0x310 kernel/kthread.c:211
 [<000000007a9eada8>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2135 Comm: syz-executor333 Not tainted 4.9.181+ #9
task: 000000005baa50bf task.stack: 000000002be4b064
RIP: 0010:[<ffffffff8120bf70>] 
c [<000000004e2f07c1>] __lock_acquire+0x680/0x4350 kernel/locking/lockdep.c:3335
RSP: 0018:ffff8801cbbbf190  EFLAGS: 00000802
RAX: dffffc0000000000 RBX: 000000000000035d RCX: 1ffff10039702124
RDX: 1ffff10039702120 RSI: ffff8801cb810900 RDI: ffffffff83ccc7b0
RBP: ffff8801cbbbf318 R08: 0000000000000001 R09: ffff8801cb810920
R10: ffff8801cb810900 R11: 0000000000000000 R12: c2709b01d5d0a1d5
R13: 000000000000035d R14: 0000000000000002 R15: ffff8801cb810000
FS:  00007f61ffc3d700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5dd8965000 CR3: 00000001cbb25000 CR4: 00000000001606b0
Stack:
 ffff8801db721000
c ffff8801cbbbf1a8
c 0000000000000001
c ffff8801cbbbf1c0
c
 ffffffff82819b49
c ffff8801db721000
c ffff8801cbbbf218
c ffffffff81169345
c
 ffffffff81169317
c ffffffff8281a511
c ffffffff8281a505
c ffffffff83ccc780
c
Call Trace:
 [<0000000089548341>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
 [<00000000938cdc47>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:112 [inline]
 [<00000000938cdc47>] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159
 [<0000000004659bd2>] prepare_to_wait_event+0x5f/0x750 kernel/sched/wait.c:213
 [<000000004dfeeb30>] request_wait_answer+0x249/0x820 fs/fuse/dev.c:477
 [<00000000a313c6e4>] __fuse_request_send+0x109/0x1b0 fs/fuse/dev.c:498
 [<00000000dd5b5a0d>] fuse_request_send+0x63/0x70 fs/fuse/dev.c:511
 [<0000000025c914a2>] fuse_simple_request+0x2c4/0x660 fs/fuse/dev.c:569
 [<000000003c7e923a>] fuse_lookup_name+0x260/0x640 fs/fuse/dir.c:369
 [<0000000078bf99ab>] fuse_lookup+0xec/0x3b0 fs/fuse/dir.c:407
 [<000000001039f245>] lookup_slow+0x24b/0x480 fs/namei.c:1709
 [<000000001d6fc6fe>] walk_component+0x71e/0xce0 fs/namei.c:1825
 [<000000008b7acf16>] lookup_last fs/namei.c:2307 [inline]
 [<000000008b7acf16>] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324
 [<00000000b3cee808>] filename_lookup+0x1a1/0x3b0 fs/namei.c:2358
 [<00000000f70fe0ea>] user_path_at_empty+0x43/0x50 fs/namei.c:2619
 [<00000000a59b0aaa>] user_path_at include/linux/namei.h:55 [inline]
 [<00000000a59b0aaa>] vfs_fstatat+0xc6/0x170 fs/stat.c:106
 [<00000000fa3bf20d>] vfs_stat fs/stat.c:123 [inline]
 [<00000000fa3bf20d>] SYSC_newstat fs/stat.c:270 [inline]
 [<00000000fa3bf20d>] SyS_newstat+0x94/0x100 fs/stat.c:266
 [<00000000ec1484df>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000c98374f0>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 
c3c 
c02 
c00 
c0f 
c85 
cae 
c2a 
c00 
c00 
c4d 
c8b 
ca7 
ca0 
c08 
c00 
c00 
c45 
c31 
cdb 
c45 
c85 
cf6 
c41 
c0f 
c94 
cc3 
c48 
cb8 
c00 
c00 
c00 
c00 
c00 
cfc 
cff 
cdf 
c4c 
c89 
cd2 
c48 
cc1 
cea 
c03 
c<80> 
c3c 
c02 
c00 
c0f 
c85 
c4b 
c29 
c00 
c00 
c48 
c8b 
c94 
c24 
c80 
c00 
c00 
c00 
c4d 
c89 
c22 
c