INFO: task syz-executor1:15588 blocked for more than 120 seconds. Not tainted 4.9.107-gdb2c520 #46 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor1 D28920 15588 11808 0x00000002 ffff8801cb759800 ffff8801d7fe1f80 ffff8801c2acea00 ffff8801cc491800 ffff8801db321c18 ffff8801ca6bf568 ffffffff839e8c1d ffffffff812355f7 0000000000000000 ffff8801cb75a0c0 0000000600000007 ffff8801db3224e8 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3557 [] __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:526 [inline] [] rwsem_down_write_failed+0x598/0x990 kernel/locking/rwsem-xadd.c:555 [] call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 [] __down_write arch/x86/include/asm/rwsem.h:125 [inline] [] down_write+0x5c/0xa0 kernel/locking/rwsem.c:54 [] n_tty_flush_buffer+0x21/0x310 drivers/tty/n_tty.c:359 [] tty_ldisc_hangup+0x89/0x5b0 drivers/tty/tty_ldisc.c:658 [] __tty_hangup.part.22+0x5f7/0xb00 drivers/tty/tty_io.c:744 [] __tty_hangup drivers/tty/tty_io.c:694 [inline] [] tty_vhangup+0x21/0x30 drivers/tty/tty_io.c:817 [] pty_close+0x374/0x4d0 drivers/tty/pty.c:74 [] tty_release+0x370/0xd00 drivers/tty/tty_io.c:1813 [] __fput+0x263/0x700 fs/file_table.c:208 [] ____fput+0x15/0x20 fs/file_table.c:244 [] task_work_run+0x10c/0x180 kernel/task_work.c:116 [] exit_task_work include/linux/task_work.h:21 [inline] [] do_exit+0x9e1/0x27c0 kernel/exit.c:837 [] do_group_exit+0x111/0x340 kernel/exit.c:941 [] get_signal+0x4cf/0x1450 kernel/signal.c:2321 [] do_signal+0x87/0x19f0 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0xe1/0x120 arch/x86/entry/common.c:157 [] prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:260 [inline] [] do_syscall_64+0x364/0x490 arch/x86/entry/common.c:287 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 3 locks held by kworker/u4:0/6: #0: ("%s""netns"){.+.+.+}, at: [] work_static include/linux/workqueue.h:186 [inline] #0: ("%s""netns"){.+.+.+}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("%s""netns"){.+.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("%s""netns"){.+.+.+}, at: [] process_one_work+0x6ee/0x1500 kernel/workqueue.c:2085 #1: (net_cleanup_work){+.+.+.}, at: [] process_one_work+0x728/0x1500 kernel/workqueue.c:2089 #2: (net_mutex){+.+.+.}, at: [] cleanup_net+0x13f/0x630 net/core/net_namespace.c:439 2 locks held by khungtaskd/520: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/3652: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133 4 locks held by syz-executor1/15588: #0: (&tty->legacy_mutex){+.+.+.}, at: [] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18 #1: (&tty->legacy_mutex/1){+.+.+.}, at: [] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18 #2: (&tty->ldisc_sem){++++++}, at: [] tty_ldisc_ref+0x20/0x80 drivers/tty/tty_ldisc.c:296 #3: (&o_tty->termios_rwsem/1){++++..}, at: [] n_tty_flush_buffer+0x21/0x310 drivers/tty/n_tty.c:359 1 lock held by syz-executor0/21156: #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 520 Comm: khungtaskd Not tainted 4.9.107-gdb2c520 #46 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8ac7d08 ffffffff81eb3da9 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810b96a0 ffff8801d8ac7d40 ffffffff81ebf0a7 0000000000000000 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6b4/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 3915 Comm: kworker/u4:4 Not tainted 4.9.107-gdb2c520 #46 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound flush_to_ldiscc task: ffff8801d4966000 task.stack: ffff8801d3ca8000 RIP: 0010:[] c [] __process_echoes+0x5b8/0x780 drivers/tty/n_tty.c:733 RSP: 0018:ffff8801d3caf998 EFLAGS: 00000293 RAX: ffff8801d4966000 RBX: ffffc9000b64f000 RCX: 0000000000000007 RDX: 0000000000000000 RSI: ffffffff8211baf8 RDI: ffffc9000b650f2f RBP: ffff8801d3cafa00 R08: ffff8801d49669b0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 00000004adf8ecd0 R13: 0000000000000200 R14: dffffc0000000000 R15: 00000004adf8ecd0 FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5a0113cdb8 CR3: 00000001c5c25000 CR4: 00000000001606f0 DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Stack: 0000000000000001c ffff8801d3cafa18c ffffc9000b651278c ffffed0038660075c ffff8801c33003acc ffffc9000b64f020c 0000000100001effc ffff8801c3300000c ffffc9000b64f000c ffff8801c3300000c 0000000000000200c ffffc9000b651300c Call Trace: [] commit_echoes+0x147/0x1b0 drivers/tty/n_tty.c:766 [] n_tty_receive_char_fast drivers/tty/n_tty.c:1418 [inline] [] n_tty_receive_buf_fast drivers/tty/n_tty.c:1578 [inline] [] __receive_buf drivers/tty/n_tty.c:1613 [inline] [] n_tty_receive_buf_common+0x1878/0x2300 drivers/tty/n_tty.c:1711 [] n_tty_receive_buf2+0x33/0x40 drivers/tty/n_tty.c:1746 [] tty_ldisc_receive_buf+0xaf/0x190 drivers/tty/tty_buffer.c:455 [] receive_buf drivers/tty/tty_buffer.c:474 [inline] [] flush_to_ldisc+0x253/0x370 drivers/tty/tty_buffer.c:533 [] process_one_work+0x7e1/0x1500 kernel/workqueue.c:2092 [] worker_thread+0xd6/0x10a0 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Code: cc1 cea c03 c80 c3c c02 c00 c0f c85 c47 c01 c00 c00 c8b c4d ccc c4c c8b c6b c20 c29 c4d cc8 c49 cbe c00 c00 c00 c00 c00 cfc cff cdf ceb c03 c4d c89 cfc ce8 c48 c2e c24 cff c<4c> c89 ce8 c4c c29 ce0 c48 c3d cdf c0e c00 c00 c0f c86 ced cfb cff cff ce8 c31 c2e c