uinput: write device info first
input: syz0 as /devices/virtual/input/input23629
input: syz0 as /devices/virtual/input/input23636
input: syz0 as /devices/virtual/input/input23637
input: syz0 as /devices/virtual/input/input23642
INFO: task init:12277 blocked for more than 140 seconds.
      Not tainted 4.9.141+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init            D28888 12277      1 0x00000000
 ffff8801ccee17c0 ffff8800669bac00 ffff880098b75280 ffff8801c8de97c0
 ffff8801db721018 ffff88003fc37580 ffffffff828075c2 ffff8801ccee2070
 000000000000015b 0000000000000000 0000000000000000 ffff8801db7218f0
Call Trace:
 [<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff828142d5>] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771
 [<ffffffff828108c1>] __down_common kernel/locking/semaphore.c:221 [inline]
 [<ffffffff828108c1>] __down+0x191/0x2b0 kernel/locking/semaphore.c:238
 [<ffffffff811fcbfe>] down+0x5e/0x80 kernel/locking/semaphore.c:61
 [<ffffffff812223ac>] console_lock+0x2c/0x80 kernel/printk/printk.c:2217
 [<ffffffff8122793c>] console_device+0x1c/0xc0 kernel/printk/printk.c:2554
 [<ffffffff81d2be15>] tty_lookup_driver drivers/tty/tty_io.c:2008 [inline]
 [<ffffffff81d2be15>] tty_open_by_driver drivers/tty/tty_io.c:2053 [inline]
 [<ffffffff81d2be15>] tty_open+0x6f5/0xdf0 drivers/tty/tty_io.c:2130
 [<ffffffff81517bdd>] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392
 [<ffffffff81501e3f>] do_dentry_open+0x3ef/0xc90 fs/open.c:766
 [<ffffffff8150576c>] vfs_open+0x11c/0x210 fs/open.c:879
 [<ffffffff8153c542>] do_last fs/namei.c:3410 [inline]
 [<ffffffff8153c542>] path_openat+0x542/0x2790 fs/namei.c:3534
 [<ffffffff81541617>] do_filp_open+0x197/0x270 fs/namei.c:3568
 [<ffffffff8150617d>] do_sys_open+0x30d/0x5c0 fs/open.c:1072
 [<ffffffff8150645d>] SYSC_open fs/open.c:1090 [inline]
 [<ffffffff8150645d>] SyS_open+0x2d/0x40 fs/open.c:1085
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/1900:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8156cc7c>] __fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/2027:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by init/12277:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/12278:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/12279:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/12281:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/13170:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130
1 lock held by init/13171:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40
 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c65d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 1812 Comm: udevd Not tainted 4.9.141+ #1
task: ffff88002a248000 task.stack: ffff880024ee0000
RIP: 0010:[<ffffffff81baa8c0>] 
c [<ffffffff81baa8c0>] debug_check_no_obj_freed+0x0/0x890 lib/debugobjects.c:747
RSP: 0018:ffff880024ee7938  EFLAGS: 00000246
RAX: 0000000000000007 RBX: ffff88004568f4d0 RCX: 1ffff1000544911f
RDX: 0000000000000000 RSI: 0000000000000050 RDI: ffff88004568f4d0
RBP: ffff880024ee7968 R08: ffff88002a2488f8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffea000115a3c0
R13: ffffffff814bff1e R14: ffff8801da490000 R15: 0000000000000246
FS:  0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000625208 CR3: 0000000033310000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff814ef3a4
c dffffc0000000000
c ffff88004568f4d0
c ffff88004568f4e8
c
 ffff88004568f310
c ffff8801d4bd98c0
c ffff880024ee79c8
c ffffffff814bff1e
c
 0000000000000000
c ffff8801ce706c30
c ffff88004568f4e0
c ffff8801ce706ca8
c
Call Trace:
 [<ffffffff814bff1e>] anon_vma_chain_free mm/rmap.c:130 [inline]
 [<ffffffff814bff1e>] unlink_anon_vmas+0x29e/0x840 mm/rmap.c:398
 [<ffffffff814966de>] free_pgtables+0x13e/0x240 mm/memory.c:557
 [<ffffffff814b0c3b>] exit_mmap+0x1db/0x3a0 mm/mmap.c:3023
 [<ffffffff810d265d>] __mmput kernel/fork.c:884 [inline]
 [<ffffffff810d265d>] mmput+0xcd/0x360 kernel/fork.c:906
 [<ffffffff8151e1fc>] exec_mmap fs/exec.c:1053 [inline]
 [<ffffffff8151e1fc>] flush_old_exec+0x86c/0x1b70 fs/exec.c:1277
 [<ffffffff816216d9>] load_elf_binary+0x889/0x4bc0 fs/binfmt_elf.c:842
 [<ffffffff8151fd9f>] search_binary_handler+0x14f/0x6f0 fs/exec.c:1621
 [<ffffffff81521f69>] exec_binprm fs/exec.c:1663 [inline]
 [<ffffffff81521f69>] do_execveat_common.isra.14+0x1139/0x1ed0 fs/exec.c:1785
 [<ffffffff81523662>] do_execve fs/exec.c:1829 [inline]
 [<ffffffff81523662>] SYSC_execve fs/exec.c:1910 [inline]
 [<ffffffff81523662>] SyS_execve+0x42/0x50 fs/exec.c:1905
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 
c24 
c48 
c8b 
c4c 
c24 
c08 
ce9 
ca9 
cfc 
cff 
cff 
c4c 
c89 
cff 
ce8 
c98 
c87 
c94 
cff 
c4c 
c8b 
c04 
c24 
c48 
c8b 
c4c 
c24 
c08 
ce9 
cd1 
cfe 
cff 
cff 
ce8 
ca5 
c87 
c94 
cff 
ce9 
cf4 
cfe 
cff 
cff 
c<48> 
cb9 
c00 
c00 
c00 
c00 
c00 
cfc 
cff 
cdf 
c55 
c48 
c89 
ce5 
c41 
c57 
c48 
c8d 
c85 
c78 
cff 
c