INFO: task syz-executor.5:15351 blocked for more than 140 seconds. Not tainted 4.9.141+ #23 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29816 15351 15350 0x20020000 ffff8801a94aaf80 0000000000000000 ffff8801d1612100 ffffffff83029180 ffff8801db621018 ffff880193dbfb50 ffffffff828075c2 0000000000000000 ffffffff83cc5b00 ffff880193dbfda0 0000000000000ed7 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] down_read_failed drivers/tty/tty_ldsem.c:241 [inline] [] __ldsem_down_read_nested+0x33c/0x610 drivers/tty/tty_ldsem.c:332 [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 [] tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:275 [] tty_compat_ioctl+0x12d/0x270 drivers/tty/tty_io.c:3039 [] C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline] [] compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/2018: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.3/2091: #0: (&rq->lock){-.-.-.}, at: [] __schedule+0x13c/0x1b10 kernel/sched/core.c:3448 #1: (rcu_read_lock){......}, at: [] rq_clock kernel/sched/sched.h:818 [inline] #1: (rcu_read_lock){......}, at: [] idle_balance kernel/sched/fair.c:9756 [inline] #1: (rcu_read_lock){......}, at: [] pick_next_task_fair+0x54e/0x1d00 kernel/sched/fair.c:7603 2 locks held by syz-executor.5/3353: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.1/4923: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 1 lock held by syz-executor.0/5321: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 1 lock held by syz-executor.0/5324: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 1 lock held by syz-executor.4/5518: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 1 lock held by syz-executor.1/5567: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 1 lock held by syz-executor.2/8372: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 2 locks held by syz-executor.0/8579: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.0/8764: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 1 lock held by syz-executor.0/8824: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 2 locks held by syz-executor.4/10016: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.1/10037: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 2 locks held by syz-executor.4/10048: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.2/11164: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.0/11411: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.1/12617: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.0/13541: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.0/14356: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.5/15350: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.5/15351: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 2 locks held by syz-executor.2/15604: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.3/15780: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.4/16308: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 2 locks held by syz-executor.2/16839: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.3/17276: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 fs/exec.c:1369 2 locks held by syz-executor.2/18632: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.2/18988: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.4/19670: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.4/20898: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.3/21550: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.5/21848: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.5/22062: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.5/22296: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.5/22310: #0: (&tty->legacy_mutex){+.+.+.}, at: [] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18 #1: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_write+0x32/0x37 drivers/tty/tty_ldsem.c:393 1 lock held by syz-executor.5/22322: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 2 locks held by syz-executor.3/22302: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.3/22319: #0: (&tty->legacy_mutex){+.+.+.}, at: [] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18 #1: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_write+0x32/0x37 drivers/tty/tty_ldsem.c:393 1 lock held by syz-executor.3/22328: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 2 locks held by syz-executor.1/22346: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.1/22355: #0: (&tty->legacy_mutex){+.+.+.}, at: [] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18 #1: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_write+0x32/0x37 drivers/tty/tty_ldsem.c:393 1 lock held by syz-executor.1/22356: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2088 Comm: syz-executor.1 Not tainted 4.9.141+ #23 task: ffff8801cf714740 task.stack: ffff8801ab838000 RIP: 0010:[] c [] compat_SyS_wait4+0x1/0x290 kernel/compat.c:536 RSP: 0018:ffff8801ab83feb8 EFLAGS: 00000246 RAX: ffff8801cf714740 RBX: 00000000ffffffff RCX: 0000000000000000 RDX: 0000000040000001 RSI: 000000000847fe0c RDI: 00000000ffffffff RBP: ffff8801ab83fee0 R08: 0000000000000000 R09: 0000000000000007 R10: 1ffff10035707ff0 R11: 0000000000000000 R12: 000000000847fe0c R13: 0000000040000001 R14: ffff8801ab83ff78 R15: ffff8801ab83ffd8 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:000000000947d900 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00007f3eed9c2000 CR3: 00000001ab814000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801ab83fee0c ffffffff810c6305c ffff8801ab83ff58c ffffffff810c62e0c 00000000f77bec89c ffff8801ab83ff48c ffffffff81006311c ffff8801ab83ff48c ffffffff81002286c 0000000000000000c 0000000000000000c 0000000000000000c Call Trace: [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Code: c00 ce9 cf0 cfd cff cff ce8 c7f c42 c23 c00 ce9 c1d cfe cff cff ce8 c75 c42 c23 c00 ce9 ca5 cfd cff cff ce8 c6b c42 c23 c00 ce9 c40 cfe cff cff c66 c0f c1f c44 c00 c00 c55 c<48> c89 ce5 c41 c57 c49 cbf c00 c00 c00 c00 c00 cfc cff cdf c41 c56 c49 c89 cf6 c41 c