syzbot

binder: undelivered TRANSACTION_ERROR: 29189
binder: 5488:5488 transaction failed 29189/-22, size 24-8 line 3018
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5489:5489 transaction failed 29189/-22, size 24-8 line 3018
binder: undelivered TRANSACTION_ERROR: 29189
INFO: task syz-executor697:3926 blocked for more than 140 seconds.
      Not tainted 4.9.112-g9e79039 #59
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor697 D29240  3926   3922 0x00000000
 ffff8801d7e5c800 ffff8801d6e88a80 ffff8801d8bdca80 ffff8801d7561800
 ffff8801db221c18 ffff8801d6c37bc8 ffffffff839e907d ffff8801d7e5d0c8
 ffffed003afcba18 ffff8801d7e5c800 00fffc0000000000 ffff8801db2224e8
Call Trace:
 [<ffffffff839ea67f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
 [<ffffffff839eb003>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3590
 [<ffffffff839ef486>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff839ef486>] mutex_lock_nested+0x326/0x870 kernel/locking/mutex.c:621
 [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
 [<ffffffff811a072c>] create_new_namespaces+0x51c/0x730 kernel/nsproxy.c:106
 [<ffffffff811a0f25>] unshare_nsproxy_namespaces+0xa5/0x1d0 kernel/nsproxy.c:205
 [<ffffffff81135609>] SYSC_unshare kernel/fork.c:2244 [inline]
 [<ffffffff81135609>] SyS_unshare+0x319/0x710 kernel/fork.c:2194
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f9f53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/519:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8136675c>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8136675c>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff81425de7>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/3680:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d818c>] __fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/3776:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff839f8122>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff8211edc2>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor697/3926:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by syz-executor697/3927:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by syz-executor697/3928:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by syz-executor697/3929:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by syz-executor697/3931:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by syz-executor697/3932:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff8305d085>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by init/20625:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
1 lock held by init/20626:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
1 lock held by init/20627:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
1 lock held by init/20628:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
1 lock held by init/20629:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
1 lock held by init/20630:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff821191cc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 519 Comm: khungtaskd Not tainted 4.9.112-g9e79039 #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d880fd08 ffffffff81eb3249 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810b9bd0 ffff8801d880fd40
 ffffffff81ebe547 0000000000000001 0000000000000000 0000000000000003
Call Trace:
 [<ffffffff81eb3249>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81eb3249>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81ebe547>] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81ebe4da>] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60
 [<ffffffff810b9cd4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff81366cf4>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff81366cf4>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff81366cf4>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff81366cf4>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
 [<ffffffff8119d0bd>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff839fa11c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3930 Comm: syz-executor697 Not tainted 4.9.112-g9e79039 #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801b5d8e000 task.stack: ffff8801d7548000
RIP: 0010:[<ffffffff8214fb93>] 
c [<ffffffff8214fb93>] outb arch/x86/include/asm/io.h:316 [inline]
RIP: 0010:[<ffffffff8214fb93>] 
c [<ffffffff8214fb93>] io_serial_out+0x73/0x90 drivers/tty/serial/8250/8250_port.c:420
RSP: 0018:ffff8801d754f7b0  EFLAGS: 00000002
RAX: 000000000000004f RBX: 00000000000003f8 RCX: 0000000000000000
RDX: 00000000000003f8 RSI: ffffffff8214fb36 RDI: ffffffff864aae78
RBP: ffff8801d754f7c8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff864aae40
R13: 000000000000004f R14: dffffc0000000000 R15: 000000000000004f
FS:  0000000000840880(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cf090 CR3: 00000001d8386000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff864aae40
c 000000000000004f
c ffffffff82151810
c ffff8801d754f7e8
c
 ffffffff8215185b
c ffffffff85aec18d
c ffffffff864aae40
c ffff8801d754f828
c
 ffffffff8213a059
c ffffffff85aec19c
c ffffffff864aae40
c ffffffff864ab060
c
Call Trace:
 [<ffffffff8215185b>] serial_port_out include/linux/serial_core.h:262 [inline]
 [<ffffffff8215185b>] serial8250_console_putchar+0x4b/0x60 drivers/tty/serial/8250/8250_port.c:3105
 [<ffffffff8213a059>] uart_console_write+0x59/0xf0 drivers/tty/serial/serial_core.c:1859
 [<ffffffff8215da48>] serial8250_console_write+0x528/0x820 drivers/tty/serial/8250/8250_port.c:3170
 [<ffffffff8214a5af>] univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:594
 [<ffffffff8125bccd>] call_console_drivers.isra.18.constprop.28+0x1ad/0x360 kernel/printk/printk.c:1589
 [<ffffffff8125eacf>] console_unlock+0x42f/0xb40 kernel/printk/printk.c:2449
 [<ffffffff8125f628>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1903
 [<ffffffff8125f998>] vprintk+0x28/0x30 kernel/printk/printk.c:1913
 [<ffffffff8125f9bd>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1914
 [<ffffffff8142cbbc>] vprintk_func kernel/printk/internal.h:36 [inline]
 [<ffffffff8142cbbc>] printk+0xaf/0xd7 kernel/printk/printk.c:1975
 [<ffffffff839d2e82>] __ip_vs_init.cold.37+0x36/0x45 net/netfilter/ipvs/ip_vs_core.c:2243
 [<ffffffff8305b78c>] ops_init+0xac/0x380 net/core/net_namespace.c:111
 [<ffffffff8305bc19>] setup_net+0x1b9/0x3f0 net/core/net_namespace.c:291
 [<ffffffff8305d0b9>] copy_net_ns+0x189/0x290 net/core/net_namespace.c:408
 [<ffffffff811a072c>] create_new_namespaces+0x51c/0x730 kernel/nsproxy.c:106
 [<ffffffff811a0f25>] unshare_nsproxy_namespaces+0xa5/0x1d0 kernel/nsproxy.c:205
 [<ffffffff81135609>] SYSC_unshare kernel/fork.c:2244 [inline]
 [<ffffffff81135609>] SyS_unshare+0x319/0x710 kernel/fork.c:2194
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f9f53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 
c00 
c00 
c49 
c8d 
c7c 
c24 
c38 
c48 
cb8 
c00 
c00 
c00 
c00 
c00 
cfc 
cff 
cdf 
c48 
c89 
cfa 
c48 
cc1 
cea 
c03 
cd3 
ce3 
c80 
c3c 
c02 
c00 
c75 
c19 
c41 
c03 
c5c 
c24 
c38 
c44 
c89 
ce8 
c89 
cda 
cee 
c<5b> 
c41 
c5c 
c41 
c5d 
c5d 
cc3 
ce8 
c21 
cc0 
c3e 
cff 
ceb 
cc0 
ce8 
c7a 
cc0 
c3e 
cff 
ceb 
ce0 
c