syzbot

IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
INFO: task init:12200 blocked for more than 120 seconds.
      Not tainted 4.9.76-g9154940 #20
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init            D27568 12200      1 0x00000000
 ffff8801d8590000 ffff8801d7e8cfc0 ffff8801d84e8540 ffff8801d80ab000
 ffff8801db321b98 ffff8801c5aef7c8 ffffffff8389f9fb 0000000000000000
 0000000000000007
IPv6: Can't replace route, no match found
 00ff8801d8590000 ffff8801db322468 ffff8801db322490
 [<ffffffff838a0f9f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3550
 [<ffffffff838a1923>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3583
 [<ffffffff838a6f32>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff838a6f32>] mutex_lock_nested+0x312/0x870 kernel/locking/mutex.c:621
 [<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
 [<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
 [<ffffffff8157a9fb>] chrdev_open+0x22b/0x4c0 fs/char_dev.c:392
 [<ffffffff81565aa7>] do_dentry_open+0x607/0xc60 fs/open.c:766
 [<ffffffff81569555>] vfs_open+0x105/0x220 fs/open.c:879
 [<ffffffff8159fcdc>] do_last fs/namei.c:3408 [inline]
 [<ffffffff8159fcdc>] path_openat+0x5ac/0x2910 fs/namei.c:3531
 [<ffffffff815a5837>] do_filp_open+0x197/0x290 fs/namei.c:3566
 [<ffffffff8156a032>] do_sys_open+0x352/0x4c0 fs/open.c:1072
 [<ffffffff8156a1cd>] SYSC_open fs/open.c:1090 [inline]
 [<ffffffff8156a1cd>] SyS_open+0x2d/0x40 fs/open.c:1085
 [<ffffffff838b0aa8>] entry_SYSCALL_64_fastpath+0x23/0xe2

Showing all locks held in the system:
2 locks held by khungtaskd/514:
 #0:  (rcu_read_lock){......}, at: [<ffffffff81371d35>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff81371d35>] watchdog+0x125/0xa70 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff81236eb0>] debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/3200:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d21af>] __fdget_pos+0x9f/0xc0 fs/file.c:781
2 locks held by getty/3328:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff838aec72>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff82008494>] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133
1 lock held by init/12200:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
1 lock held by init/12201:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
1 lock held by init/12202:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
1 lock held by init/12204:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
1 lock held by init/12205:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 514 Comm: khungtaskd Not tainted 4.9.76-g9154940 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d926fd00 ffffffff81d93149 0000000000000000 0000000000000000
 0000000000000000 0000000000000001 ffffffff810ba750 ffff8801d926fd38
 ffffffff81d9e26d 0000000000000000 0000000000000000 ffff8801d8590418
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81d9e26d>] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99
 [<ffffffff81d9e3a7>] nmi_trigger_cpumask_backtrace+0x117/0x190 lib/nmi_backtrace.c:60
 [<ffffffff810ba844>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff81372300>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff81372300>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff81372300>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff81372300>] watchdog+0x6f0/0xa70 kernel/hung_task.c:239
 [<ffffffff811996ad>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff838b0db6>] ret_from_fork+0x46/0x60 arch/x86/entry/entry_64.S:460
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 28011 Comm: syzkaller512129 Not tainted 4.9.76-g9154940 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801c65db000 task.stack: ffff8801c1fc8000
RIP: 0010:[<ffffffff81dc0399>] 
c [<ffffffff81dc0399>] clear_page_c_e+0x9/0x10 arch/x86/lib/clear_page_64.S:54
RSP: 0018:ffff8801c1fcfc20  EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00000000071e8000 RCX: 0000000000000000
RDX: 1ffff10038cbb83d RSI: ffffffff844de0e0 RDI: ffff8801c7997000
RBP: ffff8801c1fcfc68 R08: 0000000000000000 R09: 0000000000025960
R10: ffffffffffffffe8 R11: 0000000000000000 R12: dffffc0000000000
R13: 00000000071e6580 R14: ffff880000000000 R15: ffff8801c65db000
FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000089ea840
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000ffe854cc CR3: 00000001caa50000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff814d4979
c ffffffff8124746d
c ffffea0007613bc0
c ffffea0007613bc0
c
 ffff8801c1fcfdc0
c ffffea00071e0000
c ffff8801c65673e0
c ffffea00071e0020
c
 ffff8801c0d72a00
c ffff8801c1fcfcd8
c ffffffff81547ef2
c ffff8801c65db8b0
c
Call Trace:
 [<ffffffff81547ef2>] __do_huge_pmd_anonymous_page mm/huge_memory.c:558 [inline]
 [<ffffffff81547ef2>] do_huge_pmd_anonymous_page+0x6c2/0x10d0 mm/huge_memory.c:700
 [<ffffffff814cee1b>] create_huge_pmd mm/memory.c:3403 [inline]
 [<ffffffff814cee1b>] __handle_mm_fault mm/memory.c:3553 [inline]
 [<ffffffff814cee1b>] handle_mm_fault+0x158b/0x2530 mm/memory.c:3614
 [<ffffffff810dd632>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810dddd7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838b1dc8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1038
Code: 
c89 
c47 
c18 
c48 
c89 
c47 
c20 
c48 
c89 
c47 
c28 
c48 
c89 
c47 
c30 
c48 
c89 
c47 
c38 
c48 
c8d 
c7f 
c40 
c75 
cd9 
c90 
cc3 
c0f 
c1f 
c80 
c00 
c00 
c00 
c00 
cb9 
c00 
c10 
c00 
c00 
c31 
cc0 
cf3 
caa 
c<c3> 
c90 
c90 
c90 
c90 
c90 
c90 
c55 
c48 
c89 
ce5 
c41 
c57 
c41 
c56 
c41 
c55 
c41 
c54 
c49 
c89 
c