loop3: p251 start 1854537728 is beyond EOD, truncated
loop3: p252 start 1854537728 is beyond EOD, truncated
loop3: p253 start 1854537728 is beyond EOD, truncated
loop3: p254 start 1854537728 is beyond EOD, truncated
loop3: p255 start 1854537728 is beyond EOD, truncated
INFO: task init:21945 blocked for more than 140 seconds.
      Not tainted 4.9.205-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init            D29304 21945      1 0x00000000
 0000000000000087 ffff8801cdfec740 ffff88019d674780 ffff8801db61ffc0
 ffff8801d6ce8000 ffff8801db61ffd8 ffff8801cab57758 ffffffff8280a6ae
 ffff88010000000d 1ffff1003956aed4 00ff8801db62a980 ffff8801db6208b0
Call Trace:
 [<00000000c1bc30c7>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
 [<00000000f651e826>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579
 [<00000000b9ef8779>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<00000000b9ef8779>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621
 [<000000003b3026f8>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 [<000000003b3026f8>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140
 [<0000000041c11553>] chrdev_open+0x230/0x630 fs/char_dev.c:398
 [<0000000084075498>] do_dentry_open+0x422/0xd20 fs/open.c:791
 [<000000009ac61d3a>] vfs_open+0x105/0x230 fs/open.c:904
 [<0000000025071019>] do_last fs/namei.c:3457 [inline]
 [<0000000025071019>] path_openat+0xbf5/0x2f60 fs/namei.c:3581
 [<000000006a4e1eb6>] do_filp_open+0x1a1/0x280 fs/namei.c:3615
 [<000000008b9578bf>] do_sys_open+0x2f0/0x610 fs/open.c:1097
 [<0000000004dd7c5a>] SYSC_open fs/open.c:1115 [inline]
 [<0000000004dd7c5a>] SyS_open+0x2d/0x40 fs/open.c:1110
 [<0000000080617088>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000f869813f>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<00000000f4fc269d>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline]
 #0:  (rcu_read_lock){......}, at: [<00000000f4fc269d>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263
 #1:  (tasklist_lock){.+.+..}, at: [<0000000044faf8e4>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4339
1 lock held by rsyslogd/1894:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<00000000da8f1fd2>] __fdget_pos+0xa8/0xd0 fs/file.c:782
2 locks held by getty/2022:
 #0:  (&tty->ldisc_sem){++++++}, at: [<0000000040710589>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<000000003c4fbeb5>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
1 lock held by init/21945:
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140
1 lock held by init/22735:
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140
1 lock held by init/22736:
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140
1 lock held by init/22740:
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140
1 lock held by init/22741:
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<000000003b3026f8>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140
3 locks held by syz-executor.2/31585:
 #0:  (&lo->lo_ctl_mutex/1){+.+.+.}, at: [<000000007905a1a8>] lo_ioctl+0x8e/0x1b10 drivers/block/loop.c:1404
 #1:  (lock#2){+.+...}, at: [<00000000199853ab>] lru_add_drain_all+0x34/0x3e0 mm/swap.c:696
 #2:  (cpu_hotplug.dep_map){++++++}, at: [<000000009c32274c>] get_online_cpus+0x32/0x90 kernel/cpu.c:254
1 lock held by syz-executor.4/31592:
 #0:  (&lo->lo_ctl_mutex/1){+.+.+.}, at: [<000000007905a1a8>] lo_ioctl+0x8e/0x1b10 drivers/block/loop.c:1404
1 lock held by blkid/31613:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000007df37402>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
1 lock held by blkid/31624:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000007df37402>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
1 lock held by blkid/31625:
 #0:  (&lo->lo_ctl_mutex/1){+.+.+.}, at: [<000000007905a1a8>] lo_ioctl+0x8e/0x1b10 drivers/block/loop.c:1404

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.205-syzkaller #0
 ffff8801d98f7cc8 ffffffff81b55e6b 0000000000000000 0000000000000000
 0000000000000000 ffffffff8109a001 dffffc0000000000 ffff8801d98f7d00
 ffffffff81b6110c 0000000000000000 0000000000000000 0000000000000000
Call Trace:
 [<000000001229c8ea>] __dump_stack lib/dump_stack.c:15 [inline]
 [<000000001229c8ea>] dump_stack+0xcb/0x130 lib/dump_stack.c:56
 [<00000000e6ec2657>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99
 [<000000000665ee5b>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60
 [<000000000f1cf089>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<00000000043ff2ee>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<00000000043ff2ee>] check_hung_task kernel/hung_task.c:126 [inline]
 [<00000000043ff2ee>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline]
 [<00000000043ff2ee>] watchdog+0x670/0xaf0 kernel/hung_task.c:263
 [<0000000069ef06c0>] kthread+0x278/0x310 kernel/kthread.c:211
 [<00000000df046dbf>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 31591 Comm: syz-executor.3 Not tainted 4.9.205-syzkaller #0
task: 00000000e7003c96 task.stack: 00000000c186fb36
RIP: 0010:[<ffffffff81011570>] 
c [<0000000039b7e886>] perf_misc_flags+0x0/0x190 arch/x86/events/core.c:2478
RSP: 0018:ffff8801db7079c8  EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8801db707a78 RCX: ffff8801db707a7e
RDX: 0000000000000000 RSI: ffffffff813e73a3 RDI: ffff8801d3a2f498
RBP: ffff8801db707a28 R08: 0000000000000000 R09: ffff8801cf5e20e0
R10: ffff8801cf5e20c0 R11: 0000000000000001 R12: ffff8801db707bc0
R13: ffff8801c5ba0880 R14: ffff8801db707a7c R15: ffff8801db707a78
FS:  00007f782635f700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6250d014a0 CR3: 00000001caad2000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff813e74a8
c 1ffff1003b6e0f49
c ffff8801db707b08
c ffff8801c5ba0880
c
 ffff8801d3a2f498
c ffff8801db707a7e
c 0000000000000000
c 1ffff1003b6e0f49
c
 ffff8801db707a98
c ffff8801c5ba0880
c ffff8801db707bc0
c ffff8801db707a78
c
Call Trace:
 [<000000005912341f>] __perf_event_output kernel/events/core.c:6088 [inline]
 [<000000005912341f>] perf_event_output_forward+0xfe/0x240 kernel/events/core.c:6106
 [<0000000029c5a5b8>] __perf_event_overflow+0x121/0x330 kernel/events/core.c:7208
 [<0000000098af07c8>] perf_swevent_hrtimer+0x236/0x390 kernel/events/core.c:8401
 [<00000000f735aee5>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
 [<00000000f735aee5>] __hrtimer_run_queues+0x313/0xe00 kernel/time/hrtimer.c:1319
 [<0000000009b5b220>] hrtimer_interrupt+0x1b6/0x450 kernel/time/hrtimer.c:1353
 [<00000000d383c092>] local_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:975
 [<0000000029d8b4d4>] smp_apic_timer_interrupt+0x79/0xb0 arch/x86/kernel/apic/apic.c:999
 [<00000000215800d7>] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:653
 <EOI> 
d [<0000000003febd6f>] ? arch_local_irq_enable arch/x86/include/asm/paravirt.h:778 [inline]
 <EOI> 
d [<0000000003febd6f>] ? __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:170 [inline]
 <EOI> 
d [<0000000003febd6f>] ? _raw_spin_unlock_irq+0x2f/0x60 kernel/locking/spinlock.c:199
 [<00000000779a2f38>] finish_lock_switch kernel/sched/sched.h:1331 [inline]
 [<00000000779a2f38>] finish_task_switch+0x1e5/0x660 kernel/sched/core.c:2813
 [<00000000facc6f22>] context_switch kernel/sched/core.c:2946 [inline]
 [<00000000facc6f22>] __schedule+0x6d6/0x1f10 kernel/sched/core.c:3491
 [<00000000cd977b3c>] preempt_schedule_notrace kernel/sched/core.c:3675 [inline]
 [<00000000cd977b3c>] preempt_schedule_notrace+0x75/0x100 kernel/sched/core.c:3646
 [<00000000a9bca699>] ___preempt_schedule_notrace+0x16/0x28
 [<00000000e797d885>] rcu_read_unlock_sched_notrace include/linux/rcupdate.h:1019 [inline]
 [<00000000e797d885>] trace_mm_page_free include/trace/events/kmem.h:150 [inline]
 [<00000000e797d885>] free_pages_prepare mm/page_alloc.c:1033 [inline]
 [<00000000e797d885>] free_pcp_prepare mm/page_alloc.c:1088 [inline]
 [<00000000e797d885>] free_hot_cold_page+0x61c/0x9f0 mm/page_alloc.c:2474
 [<00000000cc5a12b7>] __free_pages+0x54/0x90 mm/page_alloc.c:3909
 [<000000000c67776b>] __vunmap+0x1ca/0x3a0 mm/vmalloc.c:1519
 [<00000000b5a20945>] vfree+0x50/0x110 mm/vmalloc.c:1556
 [<000000002edf0be1>] free_partitions+0x34/0x50 block/partitions/check.c:137
 [<000000007d906fa0>] rescan_partitions+0x4a2/0x5c0 block/partition-generic.c:546
 [<0000000071c828c6>] __blkdev_reread_part+0x145/0x1e0 block/ioctl.c:170
 [<00000000a634eddf>] blkdev_reread_part+0x27/0x40 block/ioctl.c:190
 [<000000005b933210>] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:637
 [<000000009c93c799>] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1196
 [<00000000d90afb1a>] loop_set_status64+0xd7/0x130 drivers/block/loop.c:1305
 [<00000000b1c8d18d>] lo_ioctl+0x4c7/0x1b10 drivers/block/loop.c:1430
 [<000000008f6469b8>] __blkdev_driver_ioctl block/ioctl.c:294 [inline]
 [<000000008f6469b8>] blkdev_ioctl+0xe14/0x19e0 block/ioctl.c:590
 [<000000006cdd57b5>] block_ioctl+0xde/0x120 fs/block_dev.c:1696
 [<000000008666c539>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<000000008666c539>] file_ioctl fs/ioctl.c:493 [inline]
 [<000000008666c539>] do_vfs_ioctl+0xb87/0x11d0 fs/ioctl.c:677
 [<00000000e882673b>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<00000000e882673b>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<0000000080617088>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000f869813f>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 
ceb 
c8e 
cbe 
c04 
c00 
c00 
c00 
ce8 
c8f 
cd2 
c4e 
c00 
ce9 
c1d 
cff 
cff 
cff 
cbe 
c02 
c00 
c00 
c00 
ce8 
c80 
cd2 
c4e 
c00 
ce9 
cb1 
cfe 
cff 
cff 
c90 
c66 
c2e 
c0f 
c1f 
c84 
c00 
c00 
c00 
c00 
c00 
c<55> 
c48 
c89 
ce5 
c41 
c55 
c49 
cc7 
cc5 
ca0 
c19 
c22 
c84 
c41 
c54 
c49 
c89 
cfc 
c53 
ce8 
c98 
c