INFO: task syz-executor0:5550 blocked for more than 140 seconds. Not tainted 4.9.132+ #51 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D28568 5550 2266 0x80000000 ffff8801ca552f80 ffff8801d4bba680 ffff8801d4bba680 ffff8801ca554740 ffff8801db621018 ffff8801c9bf7b10 ffffffff827f36e2 ffff8801c9bf7ae8 ffffffff81206c17 0000000000000000 00ff8801ca553828 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] rwsem_down_read_failed+0x26c/0x400 kernel/locking/rwsem-xadd.c:260 [] call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 [] __down_read arch/x86/include/asm/rwsem.h:65 [inline] [] down_read+0x52/0xb0 kernel/locking/rwsem.c:24 [] exit_mm kernel/exit.c:480 [inline] [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] SYSC_exit_group kernel/exit.c:948 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:946 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/2034: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor0/5550: #0: (&mm->mmap_sem){++++++}, at: [] exit_mm kernel/exit.c:480 [inline] #0: (&mm->mmap_sem){++++++}, at: [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 1 lock held by syz-executor0/5551: #0: (&mm->mmap_sem){++++++}, at: [] exit_mm kernel/exit.c:480 [inline] #0: (&mm->mmap_sem){++++++}, at: [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 1 lock held by syz-executor0/5563: #0: (&mm->mmap_sem){++++++}, at: [] exit_mm kernel/exit.c:480 [inline] #0: (&mm->mmap_sem){++++++}, at: [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.132+ #51 ffff8801d9907d08 ffffffff81b371b9 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810984f0 ffff8801d9907d40 ffffffff81b422c9 0000000000000000 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 5562 Comm: syz-executor0 Not tainted 4.9.132+ #51 task: ffff8801c9572f80 task.stack: ffff8801c9bd0000 RIP: 0010:[] c [] mark_lock+0xb0/0x1290 kernel/locking/lockdep.c:3039 RSP: 0018:ffff8801c9bd7a60 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffff8801c9573858 RCX: 1ffff100392ae70f RDX: 1ffffffff0798f9e RSI: ffff8801c9573858 RDI: ffffffff83cc7cf0 RBP: ffff8801c9bd7aa8 R08: ffff8801c9573878 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff83cc7cc0 R13: 0000000000000040 R14: 0000000000000006 R15: ffff8801c9572f80 FS: 00007f20951aa700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000c9c308 CR3: 00000001c9b59000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000246c ffff8801c9572f80c ffffffff830cc2e0c d4e84e40c231a289c 0000000000000001c ffff8801c9573830c ffffed00392ae705c ffff8801c9572f80c dffffc0000000000c ffff8801c9bd7af8c ffffffff81206c17c 0000000000000246c Call Trace: [] mark_held_locks+0xc7/0x130 kernel/locking/lockdep.c:2660 [] __trace_hardirqs_on_caller kernel/locking/lockdep.c:2689 [inline] [] trace_hardirqs_on_caller+0x38b/0x590 kernel/locking/lockdep.c:2736 [] trace_hardirqs_on+0xd/0x10 kernel/locking/lockdep.c:2743 [] __mutex_lock_common kernel/locking/mutex.c:603 [inline] [] mutex_lock_nested+0x6b7/0x900 kernel/locking/mutex.c:621 [] perf_mmap+0x4f7/0x1430 kernel/events/core.c:5265 [] mmap_region+0x80c/0xf90 mm/mmap.c:1726 [] do_mmap+0x53d/0xbb0 mm/mmap.c:1505 [] do_mmap_pgoff include/linux/mm.h:2032 [inline] [] vm_mmap_pgoff+0x168/0x1b0 mm/util.c:329 [] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [] SyS_mmap_pgoff+0xfe/0x1b0 mm/mmap.c:1513 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: cb0 c01 c00 c00 c49 c81 cc4 cc0 c79 cc6 c83 c49 c8d c7c c24 c30 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c48 cc1 cea c03 c80 c3c c02 c00 c0f c85 cbb c0d c00 c00 c<4d> c85 c6c c24 c30 c74 c5f c41 cbd c01 c00 c00 c00 c48 c83 cc4 c20 c44 c89 ce8 c5b c