BUG: workqueue lockup - pool[ 429.311924] INFO: task syz-executor3:2116 blocked for more than 140 seconds. Not tainted 4.9.129+ #43 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D 27672 2116 1 0x00000004 ffff8801a441e880 ffff8801c8468000 ffff8801ca8c97c0 ffff8801db721018 ffff8801a8637658 ffffffff827e7d32 0000000000000001 ffff8801d0963830 ffffed003a12c705 00ff8801d0962f80 ffff8801db7218f0Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621 [] lo_open+0x1b/0xa0 drivers/block/loop.c:1564 [] __blkdev_get+0x263/0xd60 fs/block_dev.c:1282 [] blkdev_get+0x2da/0x920 fs/block_dev.c:1416 [] blkdev_open+0x1a5/0x250 fs/block_dev.c:1571 [] do_dentry_open+0x3ef/0xc90 fs/open.c:766 [] vfs_open+0x11c/0x210 fs/open.c:879 [] do_last fs/namei.c:3410 [inline] [] path_openat+0x542/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 #0: (&bdev->bd_mutex){+.+.+.}, at: [] __blkdev_get+0x10c/0xd60 fs/block_dev.c:1268 (loop_index_mutex){+.+.+.}, at: [] lo_open+0x1b/0xa0 drivers/block/loop.c:1564 #0: (&bdev->bd_mutex){+.+.+.}, at: [] __blkdev_get+0x10c/0xd60 fs/block_dev.c:1268 (loop_index_mutex){+.+.+.}, at: [] lo_open+0x1b/0xa0 drivers/block/loop.c:1564 #0: (&bdev->bd_mutex){+.+.+.}, at: [] __blkdev_get+0x10c/0xd60 fs/block_dev.c:1268 (loop_index_mutex){+.+.+.}, at: [] lo_open+0x1b/0xa0 drivers/block/loop.c:1564 #0: (&bdev->bd_mutex){+.+.+.}, at: [] __blkdev_get+0x10c/0xd60 fs/block_dev.c:1268 (loop_index_mutex){+.+.+.}, at: [] lo_open+0x1b/0xa0 drivers/block/loop.c:1564 #0: (loop_index_mutex){+.+.+.}, at: [] loop_control_ioctl+0x7a/0x300 drivers/block/loop.c:1915 (rcu_preempt_state.exp_mutex){+.+...}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:256 [inline] (rcu_preempt_state.exp_mutex){+.+...}, at: [] _synchronize_rcu_expedited+0x339/0x840 kernel/rcu/tree_exp.h:569 #0: (loop_index_mutex){+.+.+.}, at: [] loop_control_ioctl+0x7a/0x300 drivers/block/loop.c:1915 #0: (loop_index_mutex){+.+.+.}, at: [] loop_control_ioctl+0x7a/0x300 drivers/block/loop.c:1915 #0: (loop_index_mutex){+.+.+.}, at: [] loop_control_ioctl+0x7a/0x300 drivers/block/loop.c:1915 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.129+ #43 ffff8801d9907d08 ffffffff81b2bbb9 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff81098180 ffff8801d9907d40 ffffffff81b36cc9 0000000000000001 0000000000000000 0000000000000003Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 351 Comm: kworker/0:2 Not tainted 4.9.129+ #43 Workqueue: events rtc_timer_do_workc task: ffff8801d6545f00 task.stack: ffff8801d51a8000 RIP: 0010:[] c [] inb arch/x86/include/asm/io.h:316 [inline] RIP: 0010:[] c [] io_serial_in+0x6b/0x90 drivers/tty/serial/8250/8250_port.c:413 RSP: 0000:ffff8801db607790 EFLAGS: 00000002 RAX: dffffc0000000020 RBX: 00000000000003fd RCX: 0000000000000000 RDX: 00000000000003fd RSI: ffffffff81d4b1b1 RDI: ffffffff84b5ba18 RBP: ffff8801db6077a0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff84b5b9e0 R13: 0000000000000020 R14: fffffbfff096b783 R15: fffffbfff096b745 FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001f5f308 CR3: 000000000301e000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff84b5b9e0c 0000000000002707c ffff8801db6077f0c ffffffff81d4d424c 1ffff1003b6c0ef9c ffffffff84b5ba28c ffffffff84b5bc1ac ffffffff84b5b9e0c 0000000000000038c ffffffff81d4d570c dffffc0000000000c 0000000000000038c Call Trace: d [] serial_in drivers/tty/serial/8250/8250.h:111 [inline] d [] wait_for_xmitr+0x94/0x1e0 drivers/tty/serial/8250/8250_port.c:1997 [] serial8250_console_putchar+0x1f/0x60 drivers/tty/serial/8250/8250_port.c:3103 [] uart_console_write+0x59/0xf0 drivers/tty/serial/serial_core.c:1866 [] serial8250_console_write+0x528/0x820 drivers/tty/serial/8250/8250_port.c:3169 [] univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:594 [] call_console_drivers.isra.0.constprop.15+0x1ad/0x360 kernel/printk/printk.c:1589 [] console_cont_flush kernel/printk/printk.c:2316 [inline] [] console_unlock+0x17e/0xb50 kernel/printk/printk.c:2382 [] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1903 [] vprintk+0x28/0x30 kernel/printk/printk.c:1913 [] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1914 [] vprintk_func kernel/printk/internal.h:36 [inline] [] printk+0xaf/0xd7 kernel/printk/printk.c:1975 [] wq_watchdog_timer_fn.cold.24+0x11/0x65 kernel/workqueue.c:5393 [] call_timer_fn+0x163/0x6e0 kernel/time/timer.c:1319 [] expire_timers+0x234/0x580 kernel/time/timer.c:1359 [] __run_timers kernel/time/timer.c:1674 [inline] [] run_timer_softirq+0x405/0x5e0 kernel/time/timer.c:1689 [] __do_softirq+0x210/0x940 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x114/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:962 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 d [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline] d [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] d [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] rtc_handle_legacy_irq+0x81/0x190 drivers/rtc/interface.c:515 [] rtc_uie_update_irq+0x1f/0x30 drivers/rtc/interface.c:550 [] rtc_timer_do_work+0x1ff/0x5e0 drivers/rtc/interface.c:881 [] process_one_work+0x831/0x1530 kernel/workqueue.c:2092 [] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Code: c24 cc9 c00 c00 c00 c49 c8d c7c c24 c38 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c48 cc1 cea c03 cd3 ce3 c80 c3c c02 c00 c75 c17 c41 c03 c5c c24 c38 c89 cda cec c<5b> c0f cb6 cc0 c41 c5c c5d cc3 ce8 cb8 c7a c7a cff ceb cc2 ce8 c11 c7b c7a cff ceb c