INFO: task syz-executor3:8543 blocked for more than 120 seconds. Not tainted 4.9.70-g9542d2a #109 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D29184 8543 3503 0x00000004 ffff8801bbb63000 ffff8801b7b26a00 ffff8801b7b26a00 ffff8801bbb68000 ffff8801db221418 ffff8801bafaf740 ffffffff83898c3b ffff8801bafaf718 ffffffff8123886f 00ffffff838a45aa ffff8801db221ce8 ffff8801db221d10 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3550 [] rwsem_down_read_failed+0x1e0/0x320 kernel/locking/rwsem-xadd.c:260 [] call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 [] __down_read arch/x86/include/asm/rwsem.h:65 [inline] [] down_read+0x52/0xb0 kernel/locking/rwsem.c:24 [] set_termios+0xf5/0x670 drivers/tty/tty_ioctl.c:592 [] tty_mode_ioctl+0x931/0x9c0 drivers/tty/tty_ioctl.c:970 [] n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:1161 [] n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2437 [] tty_ioctl+0x733/0x2170 drivers/tty/tty_io.c:2992 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Showing all locks held in the system: 2 locks held by khungtaskd/514: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x125/0xa70 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336 2 locks held by getty/3304: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133 2 locks held by syz-executor3/8543: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&o_tty->termios_rwsem/1){++++..}, at: [] set_termios+0xf5/0x670 drivers/tty/tty_ioctl.c:592 3 locks held by syz-executor3/8565: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133 #2: (&o_tty->termios_rwsem/1){++++..}, at: [] n_tty_read+0x217/0x16c0 drivers/tty/n_tty.c:2137 2 locks held by syz-executor3/8570: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&o_tty->termios_rwsem/1){++++..}, at: [] set_termios+0xf5/0x670 drivers/tty/tty_ioctl.c:592 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 514 Comm: khungtaskd Not tainted 4.9.70-g9542d2a #109 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d88efd00 ffffffff81d90a29 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810ba1a0 ffff8801d88efd38 ffffffff81d9bb4d 0000000000000001 0000000000000000 ffff8801b8b00418 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x117/0x190 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6f0/0xa70 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8519 Comm: syz-executor3 Not tainted 4.9.70-g9542d2a #109 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801bbb68000 task.stack: ffff8801bbb70000 RIP: 0010:[] c [] __sanitizer_cov_trace_pc+0x42/0x60 kernel/kcov.c:82 RSP: 0018:ffff8801bbb77b28 EFLAGS: 00000216 RAX: 0000000000010000 RBX: ffffc90005aac060 RCX: ffffc90001278000 RDX: 0000000000010000 RSI: 000000002dc79e25 RDI: ffffc90005aad260 RBP: ffff8801bbb77b28 R08: 1ffff1003776d11a R09: 0000000000000000 R10: 0000000000000003 R11: ffff8801bbb68000 R12: ffffc90005aab000 R13: 000000059a4f06ab R14: 0000000020179ffc R15: ffff8801bb964638 FS: 00007f2aad677700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe9991a0000 CR3: 00000001bb951000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801bbb77b78c ffffffff81fff4d6c ffffffffffffffffc 00000000000006abc 0000000000000000c ffff8801bb964400c 1ffff1003776ef75c 000000000000541bc ffffffffffffffe7c ffff8801b8f79e00c ffff8801bbb77d70c ffffffff81ff81f3c Call Trace: [] inq_canon drivers/tty/n_tty.c:2414 [inline] [] n_tty_ioctl+0x266/0x2d0 drivers/tty/n_tty.c:2431 [] tty_ioctl+0x733/0x2170 drivers/tty/tty_io.c:2992 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Code: cca c7e c81 ce2 c00 c01 c1f c00 c75 c0b c8b c90 c68 c12 c00 c00 c83 cfa c01 c74 c02 c5d cc3 c48 c8b c88 c70 c12 c00 c00 c8b c80 c6c c12 c00 c00 c48 c8b c11 c48 c83 cc2 c01 c<48> c39 cd0 c76 ce5 c48 c8b c45 c08 c48 c89 c04 cd1 c48 c89 c11 c5d cc3 c66 c90 c66 c