RAX: ffffffffffffffda RBX: 00007f63ee45e6d4 RCX: 0000000000455e29 RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 R13: 00000000004bb83b R14: 00000000004c8870 R15: 0000000000000000 INFO: task rs:main Q:Reg:4402 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. rs:main Q:Reg D22856 4402 1 0x00000000 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 file_start_write include/linux/fs.h:2737 [inline] vfs_write+0x452/0x560 fs/read_write.c:548 ksys_write+0x101/0x260 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd58681b19d Code: Bad RIP value. RSP: 002b:00007fd584dbbf90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000400 RCX: 00007fd58681b19d RDX: 0000000000000400 RSI: 0000000002174a90 RDI: 0000000000000005 RBP: 0000000002174a90 R08: 31203031206c754a R09: 2039323a37333a33 R10: 656c6c616b7a7973 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fd584dbc410 R14: 0000000002195170 R15: 0000000002174890 INFO: task syz-executor3:4541 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D21232 4541 4535 0x00000000 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_write include/linux/fs.h:1554 [inline] mnt_want_write+0x3f/0xc0 fs/namespace.c:386 do_unlinkat+0x2b7/0xa30 fs/namei.c:4055 __do_sys_unlink fs/namei.c:4120 [inline] __se_sys_unlink fs/namei.c:4118 [inline] __x64_sys_unlink+0x42/0x50 fs/namei.c:4118 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455b77 Code: Bad RIP value. RSP: 002b:00007ffdf9d20928 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 RDX: 00007ffdf9d20930 RSI: 00007ffdf9d209c0 RDI: 00007ffdf9d209c0 RBP: 00007ffdf9d226d0 R08: 0000000000000000 R09: 0000000000000010 R10: 000000000000000a R11: 0000000000000206 R12: 00000000020f5940 R13: 0000000000000000 R14: 00007ffdf9d220a0 R15: 0000000000702140 INFO: task syz-executor7:4543 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor7 D21352 4543 4537 0x00000000 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_write include/linux/fs.h:1554 [inline] mnt_want_write+0x3f/0xc0 fs/namespace.c:386 do_unlinkat+0x2b7/0xa30 fs/namei.c:4055 __do_sys_unlink fs/namei.c:4120 [inline] __se_sys_unlink fs/namei.c:4118 [inline] __x64_sys_unlink+0x42/0x50 fs/namei.c:4118 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455b77 Code: Bad RIP value. RSP: 002b:00007ffccec15c48 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 RDX: 00007ffccec15c50 RSI: 00007ffccec15ce0 RDI: 00007ffccec15ce0 RBP: 00007ffccec179f0 R08: 0000000000000000 R09: 0000000000000010 R10: 000000000000000a R11: 0000000000000206 R12: 000000000143c940 R13: 0000000000000000 R14: 00007ffccec173c0 R15: 0000000000702140 INFO: task syz-executor1:4545 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor1 D19720 4545 4536 0x00000000 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_write include/linux/fs.h:1554 [inline] mnt_want_write+0x3f/0xc0 fs/namespace.c:386 filename_create+0x13e/0x5b0 fs/namei.c:3640 user_path_create fs/namei.c:3703 [inline] do_mkdirat+0xda/0x310 fs/namei.c:3842 __do_sys_mkdir fs/namei.c:3866 [inline] __se_sys_mkdir fs/namei.c:3864 [inline] __x64_sys_mkdir+0x5c/0x80 fs/namei.c:3864 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455267 Code: Bad RIP value. RSP: 002b:00007ffe7a93faa8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007ffe7a93fad0 RCX: 0000000000455267 RDX: 00007ffe7a940785 RSI: 00000000000001ff RDI: 00007ffe7a940780 RBP: 0000000000000013 R08: 0000000000000000 R09: 0000000000000005 R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000001380 R14: 00007ffe7a940150 R15: 00000000007034c0 INFO: task syz-executor5:4546 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor5 D21232 4546 4539 0x00000000 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_write include/linux/fs.h:1554 [inline] mnt_want_write+0x3f/0xc0 fs/namespace.c:386 do_unlinkat+0x2b7/0xa30 fs/namei.c:4055 __do_sys_unlink fs/namei.c:4120 [inline] __se_sys_unlink fs/namei.c:4118 [inline] __x64_sys_unlink+0x42/0x50 fs/namei.c:4118 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455b77 Code: Bad RIP value. RSP: 002b:00007ffd60685528 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 RDX: 00007ffd60685530 RSI: 00007ffd606855c0 RDI: 00007ffd606855c0 RBP: 00007ffd606872d0 R08: 0000000000000000 R09: 0000000000000010 R10: 000000000000000a R11: 0000000000000206 R12: 0000000001b80940 R13: 0000000000000000 R14: 00007ffd60686ca0 R15: 0000000000702140 INFO: task syz-executor6:14991 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor6 D24696 14991 4548 0x00000004 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_pagefault include/linux/fs.h:1583 [inline] ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380 wp_page_shared mm/memory.c:2676 [inline] do_wp_page+0xf78/0x19b0 mm/memory.c:2776 handle_pte_fault mm/memory.c:3988 [inline] __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160 RIP: 0033:0x4084b0 Code: 00 00 48 8b 44 24 50 4c 89 54 24 30 41 bf 08 07 00 00 48 89 04 24 48 8b 44 24 58 48 89 44 24 08 48 8b 44 24 60 48 89 44 24 10 <48> 8b 44 24 68 48 89 44 24 18 48 8b 44 24 70 48 89 44 24 20 e8 37 RSP: 002b:00007ffc17ad68f0 EFLAGS: 00010283 RAX: 0000001b2f820ad0 RBX: 0000000000000000 RCX: 0000001b30820000 RDX: 0000001b2f820ad4 RSI: 0000000000000004 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffc17ad6930 R11: 0000000000000246 R12: 0000000000000026 R13: 0000000000000002 R14: 000000000072bf48 R15: 000000000072bf48 INFO: task syz-executor4:15001 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D24520 15001 4547 0x00000004 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_pagefault include/linux/fs.h:1583 [inline] ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380 wp_page_shared mm/memory.c:2676 [inline] do_wp_page+0xf78/0x19b0 mm/memory.c:2776 handle_pte_fault mm/memory.c:3988 [inline] __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160 RIP: 0033:0x4084b0 Code: 00 00 48 8b 44 24 50 4c 89 54 24 30 41 bf 08 07 00 00 48 89 04 24 48 8b 44 24 58 48 89 44 24 08 48 8b 44 24 60 48 89 44 24 10 <48> 8b 44 24 68 48 89 44 24 18 48 8b 44 24 70 48 89 44 24 20 e8 37 RSP: 002b:00007ffe9bb18b50 EFLAGS: 00010283 RAX: 0000001b2f624404 RBX: 0000000000000000 RCX: 0000001b30620000 RDX: 0000001b2f624408 RSI: 00000000007308a8 RDI: 000000000000000a RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffe9bb18b90 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000002 R14: 000000000072c098 R15: 000000000072c098 INFO: task syz-executor2:15030 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor2 D24696 15030 4544 0x00000004 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_pagefault include/linux/fs.h:1583 [inline] ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380 wp_page_shared mm/memory.c:2676 [inline] do_wp_page+0xf78/0x19b0 mm/memory.c:2776 handle_pte_fault mm/memory.c:3988 [inline] __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160 RIP: 0033:0x4084b0 Code: 00 00 48 8b 44 24 50 4c 89 54 24 30 41 bf 08 07 00 00 48 89 04 24 48 8b 44 24 58 48 89 44 24 08 48 8b 44 24 60 48 89 44 24 10 <48> 8b 44 24 68 48 89 44 24 18 48 8b 44 24 70 48 89 44 24 20 e8 37 RSP: 002b:00007ffeb874d020 EFLAGS: 00010287 RAX: 0000001b2f22183c RBX: 0000000000000000 RCX: 0000001b30220000 RDX: 0000001b2f221840 RSI: 00000000007301f0 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffeb874d060 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000002 R14: 000000000072bea0 R15: 000000000072bea0 INFO: task syz-executor0:15034 blocked for more than 140 seconds. Not tainted 4.18.0-rc4+ #139 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D24672 15034 4542 0x00000004 Call Trace: context_switch kernel/sched/core.c:2853 [inline] __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501 schedule+0xfb/0x450 kernel/sched/core.c:3545 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x2d7/0x300 fs/super.c:1403 sb_start_write include/linux/fs.h:1554 [inline] mnt_want_write+0x3f/0xc0 fs/namespace.c:386 filename_create+0x13e/0x5b0 fs/namei.c:3640 user_path_create fs/namei.c:3703 [inline] do_mkdirat+0xda/0x310 fs/namei.c:3842 __do_sys_mkdir fs/namei.c:3866 [inline] __se_sys_mkdir fs/namei.c:3864 [inline] __x64_sys_mkdir+0x5c/0x80 fs/namei.c:3864 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455267 Code: Bad RIP value. RSP: 002b:00007f5ba8f5fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 0000000020000128 RCX: 0000000000455267 RDX: 0000000000000014 RSI: 00000000000001ff RDI: 0000000020000040 RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000014 R13: 0000000000000001 R14: 00000000004d3e38 R15: 0000000000000000 Showing all locks held in the system: 1 lock held by khungtaskd/901: #0: 000000007b0b723c (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4461 2 locks held by rs:main Q:Reg/4402: #0: 000000005978b9ce (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766 #1: 0000000073e6720e (sb_writers#6){++++}, at: file_start_write include/linux/fs.h:2737 [inline] #1: 0000000073e6720e (sb_writers#6){++++}, at: vfs_write+0x452/0x560 fs/read_write.c:548 1 lock held by rsyslogd/4404: 2 locks held by getty/4494: #0: 000000006a0f78e6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000b04887ba (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4495: #0: 000000008dac2f72 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 000000007e2665e8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4496: #0: 00000000f63a55fc (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000c4bdeff8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4497: #0: 0000000011238c9a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 000000009d1f827f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4498: #0: 00000000786f4403 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000b9bb654d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4499: #0: 0000000079cac1b7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000ad1fb394 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 2 locks held by getty/4500: #0: 000000002b9ed2f9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 000000003f2593f7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140 1 lock held by syz-executor3/4541: #0: 0000000073e6720e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline] #0: 0000000073e6720e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386 1 lock held by syz-executor7/4543: #0: 0000000073e6720e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline] #0: 0000000073e6720e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386 1 lock held by syz-executor1/4545: #0: 0000000073e6720e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline] #0: 0000000073e6720e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386 1 lock held by syz-executor5/4546: #0: 0000000073e6720e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline] #0: 0000000073e6720e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386 2 locks held by syz-executor6/14991: #0: 000000008c126c0f (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325 #1: 000000009c4b1801 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline] #1: 000000009c4b1801 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126 2 locks held by syz-executor4/15001: #0: 000000002297cdb3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325 #1: 000000009c4b1801 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline] #1: 000000009c4b1801 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126 2 locks held by syz-executor2/15030: #0: 00000000cee80679 (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325 #1: 000000009c4b1801 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline] #1: 000000009c4b1801 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126 1 lock held by syz-executor0/15034: #0: 0000000073e6720e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline] #0: 0000000073e6720e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc4+ #139 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.4+0x19/0xce lib/nmi_backtrace.c:103 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline] watchdog+0x9c4/0xf80 kernel/hung_task.c:252 kthread+0x345/0x410 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4517 Comm: syz-fuzzer Not tainted 4.18.0-rc4+ #139 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:778 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:800 [inline] RIP: 0010:lock_is_held_type+0x70/0x210 kernel/locking/lockdep.c:3958 Code: 6e 01 00 00 8b 83 34 08 00 00 85 c0 0f 85 46 01 00 00 48 c7 c7 60 b0 f1 88 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6c 01 00 00 48 83 3d 2e 8d 93 07 00 0f 84 2a 01 RSP: 0018:ffff8801ac6afa48 EFLAGS: 00000a06 RAX: dffffc0000000000 RBX: ffff8801ac6242c0 RCX: ffffffff81aa9040 RDX: 1ffffffff11e360c RSI: 00000000ffffffff RDI: ffffffff88f1b060 RBP: ffff8801ac6afa68 R08: ffff8801ac6242c0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffffffff88f92620 R14: 000000000000000a R15: 000000c420035f18 FS: 000000c420026068(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000021f1038 CR3: 00000001d9406000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_is_held include/linux/lockdep.h:344 [inline] rcu_preempt_sleep_check include/linux/rcupdate.h:302 [inline] ___might_sleep+0x258/0x330 kernel/sched/core.c:6152 __might_sleep+0x95/0x190 kernel/sched/core.c:6140 __might_fault+0xc6/0x1e0 mm/memory.c:4561 _copy_from_user+0x30/0x150 lib/usercopy.c:10 copy_from_user include/linux/uaccess.h:147 [inline] get_timespec64+0x7d/0x190 kernel/time/time.c:861 do_pselect+0xdb/0x4e0 fs/select.c:712 __do_sys_pselect6 fs/select.c:772 [inline] __se_sys_pselect6 fs/select.c:757 [inline] __x64_sys_pselect6+0x1f7/0x280 fs/select.c:757 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d911 Code: 0f 00 f7 f1 48 89 04 24 b8 e8 03 00 00 f7 e2 48 89 44 24 08 31 ff 31 f6 31 d2 45 31 d2 49 89 e0 45 31 c9 b8 0e 01 00 00 0f 05 <48> 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc b8 ba 00 00 00 0f 05 RSP: 002b:000000c420035f18 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 000000000045d911 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 000000c420035f28 R08: 000000c420035f18 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000430130 R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000