INFO: task hung in process

INFO: task hung in process_measurement
Status: upstream: reported C repro on 2018/10/01 07:58
Reported-by: syzbot+cdc562bc26a2b2b0a94f@syzkaller.appspotmail.com
First crash: 885d, last: 475d

Cause bisection: introduced by (bisect log) :
commit 8fe5616b20e5742bb5fee0e77dffe2fc76ac92a0
Author: Jyri Sarha <jsarha@ti.com>
Date: Tue Jun 14 08:43:30 2016 +0000

  drm/tilcdc: Restore old dpms state in pm_resume()

Crash: INFO: task hung in process_measurement (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  14c2a7b934e4 dt-bindings: dmaengine: nbpfaxi: Rename bindings documentation file
  7607a121f461 dmaengine: fsldma: Mark expected switch fall-through
  b48b8bc45a8f dmaengine: dw: Update Intel Elkhart Lake Service Engine acronym
  069e4a19f44d dmaengine: ti: unexport filter functions
  3a1144f83c53 MAINTAINERS: dmaengine: dw axi dmac: Fix typo in a path
  698f7a9be9b2 dmaengine: mv_xor_v2: Fix -Wshift-negative-value
  ba1cab79cfc6 dmaengine: fsl-edma: implement .device_synchronize callback
  4f48e29f7673 dmaengine: make mux_configure32 static
  d1b622f68daf dmaengine: pl330: use the same attributes when freeing pl330->mcode_cpu
  057b05d5ac47 dmaengine: qcom: hidma_mgmt: Add of_node_put() before goto
  d071fd294f24 dmaengine: change alignment of mux_configure32 and fsl_edma_chan_mux
  232a7f18cf8e dmaengine: fsl-edma: add i.mx7ulp edma2 version support
  a6bc332373e5 dmaengine: acpi: Set up DMA mask based on CSRT
  4b8584bac040 dmaengine: acpi: Add kernel doc parameter descriptions
  719e25dba443 dmaengine: qcom_hidma: Remove call to memset after dmam_alloc_coherent
  9603a7ab6098 dmaengine: imx-sdma: Remove call to memset after dma_alloc_coherent
  ae923c91aa3b dmaengine: dw: Export struct dw_dma_chip_pdata for wider use
  b3757413b91e dmaengine: dw: platform: Use struct dw_dma_chip_pdata
  e17be6e1b713 dmaengine: Remove dev_err() usage after platform_get_irq()
  7f5d7425748d dmaengine: imx-dma: Mark expected switch fall-through
  f8d9ddbc2851 dmaengine: dw: platform: Enable iDMA 32-bit on Intel Elkhart Lake
  a9afc9ea9399 dmaengine: tegra210-adma: Don't program FIFO threshold
  a9c56721d6ae dmaengine: dw: platform: Use devm_platform_ioremap_resource()
  57dbd0e4b97d dmaengine: stm32-mdma: Switch to use device_property_count_u32()
  e7b8514e4d68 dmaengine: dw: platform: Switch to acpi_dma_controller_register()
  2cb114c4fac7 dmaengine: stm32-dmamux: Switch to use device_property_count_u32()
  84da042e7023 dmaengine: dw: platform: Move handle check to dw_dma_acpi_controller_register()
  b685fe26e9af dmaengine: dw: platform: Split ACPI helpers to separate module
  ffbb569b9cee dt-bindings: dmaengine: shdma: Rename bindings documentation file
  edd14218bd66 dt-bindings: dmaengine: Convert Allwinner A31 and A64 DMA to a schema
  f5e84eae7956 dmaengine: dw: platform: Split OF helpers to separate module
  545a29c811f6 dt-bindings: dmaengine: Convert Allwinner A10 DMA to a schema
  e3b9fef8ddf8 dmaengine: ti: edma: Remove 'Assignment in if condition'
  7a09c09c3007 dmaengine: ti: omap-dma: Remove 'Assignment in if condition'
  b37e3534ac42 dt-bindings: dmaengine: Add YAML schemas for the generic DMA bindings
  9fa2df6eafa0 dmaengine: ti: omap-dma: Remove variable override in omap_dma_tx_status()
  aa3c6ce4eab8 dmaengine: ti: edma: Support for polled (memcpy) completion
  097ffdc75259 dmaengine: ti: edma: Correct the residue calculation (fix for memcpy)
  fb9816f9d05f dmaengine: dmatest: Add support for completion polling
  09104bb1b5d4 dmaengine: iop-adma: remove set but not used variable 'slots_per_op'
  e96b1f64ee28 dmaengine: ti: edma: Clean up the 2x32bit array register accesses
  25af5afe77a8 dmanegine: ioat/dca: Use struct_size() helper
  4689d35c765c dmaengine: ti: omap-dma: Improved memcpy polling support
  37256335bd06 dt-bindings: dmaengine: dma-common: Fix the dma-channel-mask property
  aac8670369dc dmaengine: ti: omap-dma: Readability cleanup in omap_dma_tx_status()
  402096cb5b7d dmaengine: stm32-dma: Use struct_size() helper
  f4c255f1a747 dmaengine: dma-jz4780: Break descriptor chains on JZ4740
  156a599b0716 dmaengine: tegra-apb: Support per-burst residue granularity
  d17d9ea95727 dmaengine: iop-adma.c: fix printk format warning
  72503b25ee36 dmaengine: bcm2835: Print error in case setting DMA mask fails
  c5dbe60664b3 dmaengine: ti: edma: Do not reset reserved paRAM slots
  b2003f61a554 dmaengine: ti: edma: Only reset region0 access registers
  d2bfe7b5d182 dmaengine: edma: make edma_filter_fn private
  9c71b9eb3cb2 dmaengine: omap-dma: make omap_dma_filter_fn private
  c5c6faaee6e0 dmaengine: ti: edma: Use bitmap_set() instead of open coded edma_set_bits()
  04cbfba62085 Merge tag 'dmaengine-5.4-rc1' of git://git.infradead.org/users/vkoul/slave-dma

similar bugs (3):
Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.19	INFO: task hung in process_measurement	2	457d	532d	0/1	auto-closed as invalid on 2020/03/29 20:33
linux-4.14	INFO: task hung in process_measurement	3	352d	408d	0/1	auto-closed as invalid on 2020/07/13 00:59
linux-4.19	INFO: task hung in process_measurement (2)	1	126d	126d	0/1	auto-closed as invalid on 2021/02/23 17:00

Sample crash report:

INFO: task syz-executor029:7515 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7515   7452 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 000000000006f5e3
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7518 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7518   7446 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 000000000006f5e5
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7522 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7522   7479 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000007096c
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7524 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7524   7479 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000071cf6
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7525 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28072  7525   7479 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000071cf9
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7526 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7526   7525 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000071cf9
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1040:
 #0: 00000000b33b1b17 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4389
1 lock held by rsyslogd/7331:
 #0: 00000000472554c3 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:795
2 locks held by getty/7421:
 #0: 000000000946e9a4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000536f8a83 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7422:
 #0: 000000000f00229c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000002fd04631 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7423:
 #0: 00000000d669190c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000fe8f8059 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7424:
 #0: 000000002568e4dd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000006f772cf5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7425:
 #0: 00000000447753f3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000c7c7f008 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7426:
 #0: 00000000afcbf8c7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 0000000026623698 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7427:
 #0: 000000009ab4afd1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000fb54d92a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by syz-executor029/7515:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7517:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2816 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: vfs_write+0x429/0x580 fs/read_write.c:548
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_trylock include/linux/fs.h:777 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: ext4_file_write_iter+0x250/0x1160 fs/ext4/file.c:232
2 locks held by syz-executor029/7518:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7522:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7524:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7525:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7526:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1040 Comm: khungtaskd Not tainted 5.0.0-rc7+ #85
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x9df/0xee0 kernel/hung_task.c:287
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x2/0x10 arch/x86/include/asm/irqflags.h:57

Crashes (49):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-root	2019/02/23 17:19	upstream	cb268d80	18107ce0	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2018/09/30 16:22	upstream	291d0e5d	41e4b329	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/02/23 14:16	linux-next	94a47529	18107ce0	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2018/09/30 17:19	linux-next	4794a36b	41e4b329	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2019/11/13 02:00	upstream	100d46bd	048f2d49	.config	log	report
ci-upstream-kasan-gce-root	2019/08/17 08:19	upstream	2d63ba3e	8fd428a1	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/07/26 17:32	upstream	6789f873	3e5d1beb	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/03/11 16:41	upstream	12ad143e	12365b99	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/02/03 17:59	upstream	12491ed3	c198d5dd	.config	log	report
ci-upstream-kasan-gce-root	2019/01/25 10:21	upstream	d73aba11	b5d78bce	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/01/05 01:57	upstream	96d4f267	0127e3ba	.config	log	report
ci-upstream-kasan-gce-root	2018/12/14 06:58	upstream	65e08c5e	fe7127be	.config	log	report
ci-upstream-kasan-gce-root	2018/11/24 10:51	upstream	7c98a426	ecc7c870	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/22 16:51	upstream	92b41928	2ee77802	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/20 01:08	upstream	f2ce1065	adf636a8	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/18 15:42	upstream	1ce80e0f	adf636a8	.config	log	report
ci-upstream-kasan-gce-root	2018/11/14 13:35	upstream	ccda4af0	5f5f6d14	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/10/22 14:32	upstream	84df9525	ecb386fe	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/10/16 00:33	upstream	f0a7d188	8cd30605	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/10/11 00:14	upstream	b8db9e69	5f818b4b	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/10/08 23:42	upstream	0854ba5f	8b311eaf	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/10/05 05:04	upstream	10be83cc	8b311eaf	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/09/30 11:59	upstream	291d0e5d	41e4b329	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/09/30 11:59	upstream	291d0e5d	41e4b329	.config	log	report
ci-upstream-net-this-kasan-gce	2018/10/09 04:04	net	e2a322a0	8b311eaf	.config	log	report
ci-upstream-net-this-kasan-gce	2018/10/06 14:47	net	35f3625c	8b311eaf	.config	log	report
ci-upstream-net-this-kasan-gce	2018/10/03 13:54	net	45ec3185	0f3e0261	.config	log	report
ci-upstream-net-this-kasan-gce	2018/10/02 23:23	net	ad5f97fa	a316a2af	.config	log	report
ci-upstream-net-this-kasan-gce	2018/10/02 08:04	net	1ad98e9d	e06f7713	.config	log	report
ci-upstream-net-this-kasan-gce	2018/10/01 06:50	net	43955a45	41e4b329	.config	log	report
ci-upstream-net-this-kasan-gce	2018/09/30 20:03	net	43955a45	41e4b329	.config	log	report
ci-upstream-net-this-kasan-gce	2018/09/28 08:01	net	d4ce5808	0c2fa87b	.config	log	report
ci-upstream-net-this-kasan-gce	2018/09/28 06:44	net	d4ce5808	0c2fa87b	.config	log	report
ci-upstream-net-kasan-gce	2019/03/12 22:30	net-next	d9862cfb	a71bfb62	.config	log	report
ci-upstream-net-kasan-gce	2018/10/26 14:20	net-next	44adbac8	a8292de9	.config	log	report
ci-upstream-net-kasan-gce	2018/10/25 11:17	net-next	44adbac8	a8292de9	.config	log	report
ci-upstream-net-kasan-gce	2018/10/20 02:03	net-next	9333f207	ecb386fe	.config	log	report
ci-upstream-net-kasan-gce	2018/10/17 14:24	net-next	aadd4355	1ba7fd7e	.config	log	report
ci-upstream-net-kasan-gce	2018/10/08 02:25	net-next	5057ef7f	8b311eaf	.config	log	report
ci-upstream-net-kasan-gce	2018/10/07 17:28	net-next	72438f8c	8b311eaf	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/01/13 11:19	linux-next	b808822a	c3f3344c	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/01/08 02:56	linux-next	a85b6b4f	69d69aa9	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/26 06:28	linux-next	442b8cea	3d3ec907	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/18 21:54	linux-next	442b8cea	adf636a8	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/16 21:24	linux-next	442b8cea	b08ee62a	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/10/10 07:46	linux-next	7f304930	8b311eaf	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/10/10 01:44	linux-next	570b7bde	8b311eaf	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/10/02 17:13	linux-next	62f3d259	a316a2af	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/09/30 12:00	linux-next	4794a36b	41e4b329	.config	log	report