input: syz1 as /devices/virtual/input/input347
input: syz1 as /devices/virtual/input/input348
INFO: task syz-executor7:22458 blocked for more than 140 seconds.
      Not tainted 4.9.125+ #89
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor7   D29688 22458   2311 0x00000004
 ffff8801cb902f80 ffff8801b8f30b00 ffff8801b8f30b00 ffff8801c9fb97c0
 ffff8801db621018 ffff8801a6147cf8 ffffffff8277d092 0000000000000000
 ffff8801cb903830 ffffed0039720705 00ff8801cb902f80 ffff8801db6218f0
Call Trace:
 [<ffffffff8277e5bf>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff8277ef43>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586
 [<ffffffff82780bc6>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff82780bc6>] mutex_lock_nested+0x326/0x870 kernel/locking/mutex.c:621
 [<ffffffff81fe8522>] evdev_flush+0x72/0x120 drivers/input/evdev.c:350
 [<ffffffff814e2ed7>] filp_close+0xa7/0x140 fs/open.c:1129
 [<ffffffff8154bcc6>] __close_fd+0x156/0x230 fs/file.c:651
 [<ffffffff814e2fbc>] SYSC_close fs/open.c:1148 [inline]
 [<ffffffff814e2fbc>] SyS_close+0x4c/0x90 fs/open.c:1146
 [<ffffffff8100554f>] do_syscall_64+0x19f/0x480 arch/x86/entry/common.c:282
 [<ffffffff8278c193>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff81309cb0>] rcu_read_unlock include/linux/rcupdate.h:927 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff81309cb0>] rcu_lock_break kernel/hung_task.c:143 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff81309cb0>] check_hung_uninterruptible_tasks kernel/hung_task.c:177 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff81309cb0>] watchdog+0x310/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813e68fc>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2255:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff8278a262>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff81cdd442>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor2/19235:
 #0:  (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff81500fb3>] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369
1 lock held by syz-executor2/19236:
 #0:  (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff81500fb3>] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369
1 lock held by syz-executor7/22458:
 #0:  (&evdev->mutex){+.+.+.}, at: [<ffffffff81fe8522>] evdev_flush+0x72/0x120 drivers/input/evdev.c:350

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.125+ #89
 ffff8801d94a7d08 ffffffff81af0ae9 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810967d0 ffff8801d94a7d40
 ffffffff81afb849 0000000000000001 0000000000000000 0000000000000003
Call Trace:
 [<ffffffff81af0ae9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81af0ae9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81afb849>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81afb7dc>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810968d4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8130a04d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8130a04d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8130a04d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8130a04d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff8113d9ad>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff8278c35c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 21859 Comm: syz-executor2 Not tainted 4.9.125+ #89
task: ffff8801910617c0 task.stack: ffff880193290000
RIP: 0010:[<ffffffff81309450>] 
c [<ffffffff81309450>] __sanitizer_cov_trace_pc+0x0/0x50
RSP: 0018:ffff880193297cb0  EFLAGS: 00000246
RAX: 0000000000000003 RBX: fffffffffffff001 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8130c223 RDI: ffffffff84010440
RBP: ffff880193297dc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000050000
R13: 00000000ffffffff R14: dffffc0000000000 R15: ffff880193297e48
FS:  00007fd7b9ae5700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020962000 CR3: 00000001a6ee3000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff8130c13a
c 0000000000000002
c ffff880193297d18
c ffffffff8100226a
c
 00000085ca47e983
c ffffed0043fffa01
c 0000000000000008
c 000000ca00000000
c
 1ffff10032652f9f
c 0000000041b58ab3
c ffffffff82c2d9e1
c ffffffff8130bf90
c
Call Trace:
 [<ffffffff8130e5d6>] __secure_computing+0xa6/0x290 kernel/seccomp.c:692
 [<ffffffff81004940>] syscall_trace_enter+0x550/0xd20 arch/x86/entry/common.c:117
 [<ffffffff8100566c>] do_syscall_64+0x2bc/0x480 arch/x86/entry/common.c:273
 [<ffffffff8278c193>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 
c1c 
c00 
ceb 
c81 
c4c 
c89 
cff 
ce8 
cbf 
ca2 
c1c 
c00 
ce9 
c5f 
cff 
cff 
cff 
c48 
c89 
cdf 
ce8 
c12 
ca2 
c1c 
c00 
ce9 
cf9 
cfe 
cff 
cff 
c66 
c2e 
c0f 
c1f 
c84 
c00 
c00 
c00 
c00 
c00 
c0f 
c1f 
c00 
c<55> 
c48 
c89 
ce5 
c65 
c48 
c8b 
c04 
c25 
c00 
c7e 
c01 
c00 
c65 
c8b 
c15 
c2c 
ce9 
cd0 
c7e 
c81 
c