syzbot

INFO: task syz-executor.2:32704 blocked for more than 140 seconds.
      Not tainted 4.9.141+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D28824 32704   2124 0x00000004
 ffff8801cf0c2f80 ffff8801d48e1080 ffff88015d571b80 ffff8801cf4fdf00
 ffff8801db721018 ffff8801472bfcf8 ffffffff828075c2 0000000000000000
 ffff8801cf0c3830 ffffed0039e18705 00ff8801cf0c2f80 ffff8801db7218f0
Call Trace:
 [<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff828094a3>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586
 [<ffffffff8280b51d>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff8280b51d>] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621
 [<ffffffff82053de2>] evdev_flush+0x72/0x120 drivers/input/evdev.c:350
 [<ffffffff81502a77>] filp_close+0xa7/0x140 fs/open.c:1129
 [<ffffffff8156c826>] __close_fd+0x156/0x230 fs/file.c:651
 [<ffffffff81502b5c>] SYSC_close fs/open.c:1148 [inline]
 [<ffffffff81502b5c>] SyS_close+0x4c/0x90 fs/open.c:1146
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2036:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
2 locks held by syz-executor.4/14026:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor.2/32704:
 #0:  (&evdev->mutex){+.+.+.}, at: [<ffffffff82053de2>] evdev_flush+0x72/0x120 drivers/input/evdev.c:350

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000
 0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40
 ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c65d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 32453 Comm: syz-executor.1 Not tainted 4.9.141+ #1
task: ffff8801cb434740 task.stack: ffff8801cf618000
RIP: 0010:[<ffffffff8120716a>] 
c [<ffffffff8120716a>] trace_hardirqs_on_caller+0x35a/0x590 kernel/locking/lockdep.c:2737
RSP: 0018:ffff8801cf61fee0  EFLAGS: 00000803
RAX: dffffc0000000000 RBX: ffff8801cb434740 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801cb434fec
RBP: ffff8801cf61fef0 R08: ffff8801cb434ff0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 000000000ba94e8d
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
FS:  00007fbbdb65f700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020ab9000 CR3: 00000001d419b000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000009
c 000000000000000b
c ffff8801cf61ff48
c ffffffff8100226a
c
 0000000000000001
c 0000000000000000
c 0000000000000001
c ffff8801cb434ff0
c
 0000000000000000
c 0000000000000000
c 1ffff100396868e9
c ffffffff8100584b
c
Call Trace:
 [<ffffffff8100226a>] trace_hardirqs_on_thunk+0x1a/0x1c
 [<ffffffff828178c0>] entry_SYSCALL_64_after_swapgs+0x8a/0xdb
Code: 
c89 
ca3 
c70 
c08 
c00 
c00 
c65 
c48 
c8b 
c1c 
c25 
c00 
c7e 
c01 
c00 
c48 
c8d 
cbb 
cac 
c08 
c00 
c00 
c48 
cb8 
c00 
c00 
c00 
c00 
c00 
cfc 
cff 
cdf 
c48 
c89 
cfa 
c48 
cc1 
cea 
c03 
c0f 
cb6 
c14 
c02 
c<48> 
c89 
cf8 
c83 
ce0 
c07 
c83 
cc0 
c03 
c38 
cd0 
c7c 
c08 
c84 
cd2 
c0f 
c85 
ccd 
c00 
c00 
c00 
c