INFO: task syz-executor.1:9753 blocked for more than 140 seconds. Not tainted 4.9.141+ #23 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29608 9753 2099 0x20020000 ffff8801d2c95f00 ffff8801d3239080 ffff8801d3986300 ffff8801a2122f80 ffff8801db721018 ffff88019c3e7940 ffffffff828075c2 0000000000000286 ffffffff83ce87e0 2948fd9158c5c1fc 0000000000004afb ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] down_read_failed drivers/tty/tty_ldsem.c:241 [inline] [] __ldsem_down_read_nested+0x33c/0x610 drivers/tty/tty_ldsem.c:332 [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 [] tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:275 [] tty_read+0xfa/0x270 drivers/tty/tty_io.c:1084 [] __vfs_read+0x115/0x560 fs/read_write.c:449 [] vfs_read+0x124/0x390 fs/read_write.c:472 [] SYSC_read fs/read_write.c:588 [inline] [] SyS_read+0xd9/0x1c0 fs/read_write.c:581 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/2024: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor.1/9745: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.1/9753: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 2 locks held by syz-executor.1/13740: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.2/24643: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.2/24688: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.0/24682: #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] inode_lock include/linux/fs.h:766 [inline] #0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [] __sock_release+0x8b/0x260 net/socket.c:604 1 lock held by syz-executor.4/24706: #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:66 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock fs/pipe.c:74 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_wait+0x1a3/0x1d0 fs/pipe.c:122 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 24714 Comm: syz-executor.4 Not tainted 4.9.141+ #23 task: ffff880179362f80 task.stack: ffff880170028000 RIP: 0010:[] c [] arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline] RIP: 0010:[] c [] lock_is_held+0xff/0x140 kernel/locking/lockdep.c:3796 RSP: 0018:ffff88017002f468 EFLAGS: 00000246 RAX: 0000000000000007 RBX: 0000000000000246 RCX: 1ffff1002f26c705 RDX: 0000000000000000 RSI: ffffffff81ba7d7b RDI: 0000000000000246 RBP: ffff88017002f480 R08: ffff880179363850 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffff880179362f80 R13: 0000000000000000 R14: ffff88016c5463c0 R15: ffff88017002f570 FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:00000000f5597b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000f54e9ecc CR3: 000000018093f000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000003c ffff880175b49100c ffff8801cfc005d8c ffff88017002f498c ffffffff81243e83c ffff88016c5463c0c ffff88017002f4c8c ffffffff822bb05ec ffff8801cfc00000c ffff880175b49100c ffff8801cfc005d8c ffff88016c5463c0c Call Trace: [] rcu_read_lock_sched_held+0x103/0x120 kernel/rcu/update.c:112 [] trace_consume_skb include/trace/events/skb.h:36 [inline] [] consume_skb+0x27e/0x340 net/core/skbuff.c:756 [] netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline] [] netlink_unicast+0x4e0/0x6d0 net/netlink/af_netlink.c:1311 [] netlink_sendmsg+0x694/0xc30 net/netlink/af_netlink.c:1859 [] sock_sendmsg_nosec net/socket.c:648 [inline] [] sock_sendmsg+0xbb/0x110 net/socket.c:658 [] kernel_sendmsg+0x43/0x50 net/socket.c:666 [] sock_no_sendpage+0x112/0x150 net/core/sock.c:2334 [] kernel_sendpage+0x93/0xf0 net/socket.c:3334 [] sock_sendpage+0x8c/0xc0 net/socket.c:802 [] pipe_to_sendpage+0x266/0x330 fs/splice.c:470 [] splice_from_pipe_feed fs/splice.c:521 [inline] [] __splice_from_pipe+0x316/0x710 fs/splice.c:645 [] splice_from_pipe+0xf9/0x170 fs/splice.c:680 [] generic_splice_sendpage+0x3c/0x50 fs/splice.c:851 [] do_splice_from fs/splice.c:870 [inline] [] direct_splice_actor+0x128/0x190 fs/splice.c:1037 [] splice_direct_to_actor+0x2c1/0x7e0 fs/splice.c:992 [] do_splice_direct+0x1a3/0x270 fs/splice.c:1080 [] do_sendfile+0x4f0/0xc30 fs/read_write.c:1393 [] C_SYSC_sendfile fs/read_write.c:1475 [inline] [] compat_SyS_sendfile+0x143/0x160 fs/read_write.c:1458 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Code: cfa c48 cc1 cea c03 c0f cb6 c14 c02 c48 c89 cf8 c83 ce0 c07 c83 cc0 c03 c38 cd0 c7c c04 c84 cd2 c75 c3a c41 cc7 c84 c24 cac c08 c00 c00 c00 c00 c00 c00 c48 c89 cdf c57 c9d c<0f> c1f c44 c00 c00 c5b c44 c89 ce8 c41 c5c c41 c5d c5d cc3 c41 cbd c01 c00 c00 c00 c