Free memory is 23780kB above reserved lowmemorykiller: Killing 'syz-executor.5' (28658) (tgid 28658), adj 1000, to free 51604kB on behalf of 'kswapd0' (33) because cache 19952kB is below limit 65536kB for oom_score_adj 12 Free memory is 50544kB above reserved INFO: task init:32658 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29336 32658 1 0x00000000 ffff880081714740 ffff8800ab9df900 ffff8801a7244d00 ffff88015bb5c740 ffff8801db621018 ffff880174757738 ffffffff828075c2 0000000000000000 ffff880081714ff0 ffffed00102e29fd 00ff880081714740 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621 [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 [] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392 [] do_dentry_open+0x3ef/0xc90 fs/open.c:766 [] vfs_open+0x11c/0x210 fs/open.c:879 [] do_last fs/namei.c:3410 [inline] [] path_openat+0x542/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1896: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2023: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor.1/2069: #0: (tasklist_lock){.+.+..}, at: [] do_wait+0x392/0x950 kernel/exit.c:1558 2 locks held by kworker/1:11/19954: #0: ("events"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&ns->proc_work)){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by init/32658: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32659: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32661: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32662: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32663: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32666: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by syz-executor.1/15779: #0: (input_mutex){+.+.+.}, at: [] __input_unregister_device+0x152/0x490 drivers/input/input.c:2020 1 lock held by syz-executor.3/15792: #0: (input_mutex){+.+.+.}, at: [] __input_unregister_device+0x152/0x490 drivers/input/input.c:2020 2 locks held by syz-executor.0/15824: #0: (&type->s_umount_key#4/1){+.+.+.}, at: [] alloc_super fs/super.c:241 [inline] #0: (&type->s_umount_key#4/1){+.+.+.}, at: [] sget_userns+0x552/0xc40 fs/super.c:503 #1: (shrinker_rwsem){++++..}, at: [] register_shrinker+0x8e/0x180 mm/vmscan.c:286 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 15750 Comm: syz-executor.5 Not tainted 4.9.141+ #1 task: ffff8801a780c740 task.stack: ffff8800651c8000 RIP: 0010:[] c [] __list_del_entry_valid+0x89/0x1a0 lib/list_debug.c:51 RSP: 0018:ffff8800651cf588 EFLAGS: 00000046 RAX: ffffea00048ba0a0 RBX: ffffea00046dbf20 RCX: ffffea00048ba0a0 RDX: 1ffffd40008db7e4 RSI: ffffffff8143c19d RDI: ffffea00048ba0a8 RBP: ffff8800651cf5a0 R08: ffffea0001f800a0 R09: 2db45dc6a21baa3c R10: ffff8801a780c740 R11: 0000000000000001 R12: ffffea00048ba0a0 R13: ffffea00048ba0a8 R14: ffff8801d6b35c28 R15: dffffc0000000000 FS: 00007fd242935700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f506a771518 CR3: 00000001ad587000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff833d3600c ffff8801d6b35c20c ffffea00048ba080c ffff8800651cf680c ffffffff8143c1a9c ffff8800651cf5c0c ffffffff81243c87c ffff880000000001c 1ffff1000ca39ebfc ffffea0000000002c ffff8800651cf618c 0000000000000296c Call Trace: [] __list_del_entry include/linux/list.h:116 [inline] [] list_del include/linux/list.h:124 [inline] [] del_page_from_lru_list include/linux/mm_inline.h:56 [inline] [] release_pages+0x579/0xaa0 mm/swap.c:782 [] free_pages_and_swap_cache+0x117/0x160 mm/swap_state.c:273 [] tlb_flush_mmu_free+0xb4/0x150 mm/memory.c:259 [] zap_pte_range mm/memory.c:1207 [inline] [] zap_pmd_range mm/memory.c:1249 [inline] [] zap_pud_range mm/memory.c:1270 [inline] [] unmap_page_range+0x106a/0x1680 mm/memory.c:1291 [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c00 c02 c00 c00 c00 c00 cad cde c48 c39 cc3 c74 c73 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cda c48 cc1 cea c03 c80 c3c c02 c00 c0f c85 cf3 c00 c00 c00 c48 c8b c03 c<48> c39 cc8 c75 c6f c49 c8d c78 c08 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 c