INFO: task syz-executor.4:2540 blocked for more than 140 seconds. Not tainted 4.9.141+ #23 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29608 2540 2529 0x20020000 ffff8801a84b17c0 0000000000000000 ffff8801cb883700 ffff8801a8bc5f00 ffff8801db621018 ffff8801a84e7b50 ffffffff828075c2 ffff880100000001 ffffffff00000000 fffffbfff08489a8 001268a900000001 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] down_read_failed drivers/tty/tty_ldsem.c:241 [inline] [] __ldsem_down_read_nested+0x33c/0x610 drivers/tty/tty_ldsem.c:332 [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 [] tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:275 [] tty_compat_ioctl+0x12d/0x270 drivers/tty/tty_io.c:3039 [] C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline] [] compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.?..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/2018: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.4/2529: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! 1 lock held by syz-executor.4/2540: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 2 locks held by syz-executor.4/2581: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.4/2583: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 2 locks held by syz-executor.4/7503: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.2/8923: #0: (sk_lock-AF_PACKET){+.+.+.}, at: [] lock_sock include/net/sock.h:1404 [inline] #0: (sk_lock-AF_PACKET){+.+.+.}, at: [] packet_setsockopt+0x50f/0x2630 net/packet/af_packet.c:3668 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2072 Comm: syz-executor.0 Not tainted 4.9.141+ #23 task: ffff8801d31a2f80 task.stack: ffff8801ade08000 RIP: 0010:[] c [] lock_release+0x52/0xc20 kernel/locking/lockdep.c:3768 RSP: 0018:ffff8801ade0f700 EFLAGS: 00000046 RAX: 0000000000000007 RBX: ffffffff84238118 RCX: 0000000000000003 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801d31a382c RBP: ffff8801ade0f7a8 R08: ffff8801d31a38c8 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff84238100 R13: ffff8801d31a2f80 R14: 00000000000000de R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:0000000009c00900 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 000000002cd37000 CR3: 00000001ae201000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801ade0f710c ffffffff81243c87c ffff8801ade0f7c8c 0000000000000046c 0000000000000000c 0000000000000046c ffff8801d31a2f80c 0000000000000000c 0000000000000000c 0000000000000002c ffff8801ade0f7c8c ffff8801ade0f798c Call Trace: [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] [] _raw_spin_unlock_irqrestore+0x1f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] avc_reclaim_node security/selinux/avc.c:541 [inline] [] avc_alloc_node+0x31c/0x3c0 security/selinux/avc.c:559 [] avc_insert security/selinux/avc.c:670 [inline] [] avc_compute_av+0x178/0x610 security/selinux/avc.c:976 [] avc_has_perm_noaudit security/selinux/avc.c:1112 [inline] [] avc_has_perm+0x352/0x3a0 security/selinux/avc.c:1146 [] task_has_perm+0x1fc/0x330 security/selinux/hooks.c:1615 [] selinux_task_wait+0x23/0x30 security/selinux/hooks.c:3954 [] security_task_wait+0x73/0xb0 security/security.c:1032 [] wait_consider_task+0x2a1/0x3620 kernel/exit.c:1377 [] do_wait_thread kernel/exit.c:1490 [inline] [] do_wait+0x423/0x950 kernel/exit.c:1561 [] SYSC_wait4 kernel/exit.c:1693 [inline] [] SyS_wait4+0x12b/0x1f0 kernel/exit.c:1658 [] C_SYSC_wait4 kernel/compat.c:543 [inline] [] compat_SyS_wait4+0x254/0x290 kernel/compat.c:536 [] sys32_waitpid+0x25/0x30 arch/x86/ia32/sys_ia32.c:172 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Code: c08 c00 c00 c48 c83 cc4 c80 c48 c89 c55 cb8 c48 c89 cfa c48 cc1 cea c03 c0f cb6 c14 c02 c48 c89 cf8 c83 ce0 c07 c83 cc0 c03 c38 cd0 c7c c08 c84 cd2 c0f c85 c69 c09 c00 c00 c<45> c8b c95 cac c08 c00 c00 c45 c85 cd2 c0f c85 cfa c04 c00 c00 c9c c58 c0f c1f c44 c