syzbot

   Free memory is 32116kB above reserved
lowmemorykiller: Killing 'syz-executor804' (13461) (tgid 13461), adj 1000,
   to free 9784kB on behalf of 'syz-executor804' (16898) because
   cache 876kB is below limit 65536kB for oom_score_adj 12
   Free memory is 58008kB above reserved
INFO: task init:7433 blocked for more than 140 seconds.
      Not tainted 4.9.141+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init            D28888  7433      1 0x00000000
 ffff8801c55d2f80 ffff8801c5be9b80 ffff88009b379600 ffff8801c5580000
 ffff8801db621018 ffff8801c5727580 ffffffff828075c2 ffff8801c55d3830
 000000000000015c 0000000000000000 0000000000000000 ffff8801db6218f0
Call Trace:
 [<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff828142d5>] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771
 [<ffffffff828108c1>] __down_common kernel/locking/semaphore.c:221 [inline]
 [<ffffffff828108c1>] __down+0x191/0x2b0 kernel/locking/semaphore.c:238
 [<ffffffff811fcbfe>] down+0x5e/0x80 kernel/locking/semaphore.c:61
 [<ffffffff812223ac>] console_lock+0x2c/0x80 kernel/printk/printk.c:2217
 [<ffffffff8122793c>] console_device+0x1c/0xc0 kernel/printk/printk.c:2554
 [<ffffffff81d2be15>] tty_lookup_driver drivers/tty/tty_io.c:2008 [inline]
 [<ffffffff81d2be15>] tty_open_by_driver drivers/tty/tty_io.c:2053 [inline]
 [<ffffffff81d2be15>] tty_open+0x6f5/0xdf0 drivers/tty/tty_io.c:2130
 [<ffffffff81517bdd>] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392
 [<ffffffff81501e3f>] do_dentry_open+0x3ef/0xc90 fs/open.c:766
 [<ffffffff8150576c>] vfs_open+0x11c/0x210 fs/open.c:879
 [<ffffffff8153c542>] do_last fs/namei.c:3410 [inline]
 [<ffffffff8153c542>] path_openat+0x542/0x2790 fs/namei.c:3534
 [<ffffffff81541617>] do_filp_open+0x197/0x270 fs/namei.c:3568
 [<ffffffff8150617d>] do_sys_open+0x30d/0x5c0 fs/open.c:1072
 [<ffffffff8150645d>] SYSC_open fs/open.c:1090 [inline]
 [<ffffffff8150645d>] SyS_open+0x2d/0x40 fs/open.c:1085
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/1894:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8156cc7c>] __fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/2022:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by init/7433:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/7434:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/7435:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/7436:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/7437:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/7438:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40
 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c65d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 2096 Comm: syz-executor804 Not tainted 4.9.141+ #1
task: ffff8801cee94740 task.stack: ffff8801cb660000
RIP: 0010:[<ffffffff81207e58>] 
c [<ffffffff81207e58>] __lock_acquire+0xaa8/0x4a10 kernel/locking/lockdep.c:3325
RSP: 0018:ffff8801cb667a10  EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffff8801cee95040 RCX: 1ffff10039dd2a0c
RDX: 1ffff10039dd29fc RSI: ffff8801cee95040 RDI: ffffffff83ca1860
RBP: ffff8801cb667bb8 R08: ffff8801cee95060 R09: 0000000000000001
R10: ffff8801cee94740 R11: 0000000000000000 R12: 0000000000000226
R13: 0000000000000002 R14: 0000000000000226 R15: ffff8801cee95062
FS:  00000000017d8880(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000017e18b8 CR3: 00000001cdf6c000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff815b85ac
c ffff8801caf53000
c 0000000000000001
c 0000000000000000
c
 ffff8801d53e5400
c ffff8801cb667ab0
c ffffffff8178edc5
c 0000000000000246
c
 ffffffff816d289f
c ffff8801cb667ab0
c 0000000300000002
c ffff8801cee94740
c
Call Trace:
 [<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff82816c26>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
 [<ffffffff82816c26>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
 [<ffffffff81550974>] spin_lock include/linux/spinlock.h:302 [inline]
 [<ffffffff81550974>] d_instantiate_new+0x84/0x180 fs/dcache.c:1872
 [<ffffffff816ff450>] ext4_mkdir+0x7e0/0xc80 fs/ext4/namei.c:2621
 [<ffffffff8152f269>] vfs_mkdir2+0x3c9/0x640 fs/namei.c:3820
 [<ffffffff81541f9f>] SYSC_mkdirat fs/namei.c:3849 [inline]
 [<ffffffff81541f9f>] SyS_mkdirat+0x13f/0x240 fs/namei.c:3833
 [<ffffffff815420c2>] SYSC_mkdir fs/namei.c:3860 [inline]
 [<ffffffff815420c2>] SyS_mkdir+0x22/0x30 fs/namei.c:3858
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 
cff 
c1f 
c00 
c00 
c0f 
c87 
c29 
c1a 
c00 
c00 
c49 
c8d 
c82 
ca0 
c08 
c00 
c00 
c48 
c89 
cc2 
c48 
c89 
c44 
c24 
c70 
c48 
cb8 
c00 
c00 
c00 
c00 
c00 
cfc 
cff 
cdf 
c48 
cc1 
cea 
c03 
c80 
c3c 
c02 
c00 
c<0f> 
c85 
c7a 
c2b 
c00 
c00 
c45 
c85 
ced 
c4d 
c8b 
cba 
ca0 
c08 
c00 
c00 
c0f 
c85 
c20 
cfc 
cff 
c