[ 3590] 0 3590 17585 8182 26 4 0 1000 syz-executor5 [ 3592] 0 3592 5648 450 15 3 0 -1000 udevd Out of memory: Kill process 3586 (syz-executor0) score 1007 or sacrifice child Killed process 3586 (syz-executor0) total-vm:70472kB, anon-rss:17776kB, file-rss:35924kB, shmem-rss:0kB oom_reaper: reaped process 3586 (syz-executor0), now anon-rss:17828kB, file-rss:6432kB, shmem-rss:0kB INFO: task init:32420 blocked for more than 140 seconds. Not tainted 4.14.81+ #6 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29032 32420 1 0x00000000 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721 __down_common kernel/locking/semaphore.c:221 [inline] __down+0x180/0x2a0 kernel/locking/semaphore.c:238 down+0x58/0x70 kernel/locking/semaphore.c:62 console_lock+0x24/0x70 kernel/printk/printk.c:2061 console_device+0x17/0xb0 kernel/printk/printk.c:2348 tty_lookup_driver+0x17a/0x210 drivers/tty/tty_io.c:1833 tty_open_by_driver drivers/tty/tty_io.c:1928 [inline] tty_open+0x3b9/0x980 drivers/tty/tty_io.c:2011 chrdev_open+0x20d/0x570 fs/char_dev.c:417 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3408 [inline] path_openat+0x4eb/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_sys_open+0x2ef/0x580 fs/open.c:1071 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ab7322120 RSP: 002b:00007ffdda773c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000020ff280 RCX: 00007f0ab7322120 RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8 RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902 R13: 0000000000000102 R14: 00007ffdda773d80 R15: 00000000020ff288 INFO: task init:32520 blocked for more than 140 seconds. Not tainted 4.14.81+ #6 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29032 32520 1 0x00000000 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 chrdev_open+0x20d/0x570 fs/char_dev.c:417 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3408 [inline] path_openat+0x4eb/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_sys_open+0x2ef/0x580 fs/open.c:1071 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ab7322120 RSP: 002b:00007ffdda773c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000020fef40 RCX: 00007f0ab7322120 RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8 RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902 R13: 0000000000000102 R14: 00007ffdda773d80 R15: 00000000020fef48 INFO: task init:32521 blocked for more than 140 seconds. Not tainted 4.14.81+ #6 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29032 32521 1 0x00000000 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 chrdev_open+0x20d/0x570 fs/char_dev.c:417 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3408 [inline] path_openat+0x4eb/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_sys_open+0x2ef/0x580 fs/open.c:1071 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ab7322120 RSP: 002b:00007ffdda773c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000020ff010 RCX: 00007f0ab7322120 RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8 RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902 R13: 0000000000000102 R14: 00007ffdda773d80 R15: 00000000020ff018 INFO: task init:32523 blocked for more than 140 seconds. Not tainted 4.14.81+ #6 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29016 32523 1 0x00000000 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 chrdev_open+0x20d/0x570 fs/char_dev.c:417 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3408 [inline] path_openat+0x4eb/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_sys_open+0x2ef/0x580 fs/open.c:1071 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ab7322120 RSP: 002b:00007ffdda773c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000020ff0e0 RCX: 00007f0ab7322120 RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8 RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902 R13: 0000000000000102 R14: 00007ffdda773d80 R15: 00000000020ff0e8 INFO: task init:32524 blocked for more than 140 seconds. Not tainted 4.14.81+ #6 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D28424 32524 1 0x00000000 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 chrdev_open+0x20d/0x570 fs/char_dev.c:417 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3408 [inline] path_openat+0x4eb/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_sys_open+0x2ef/0x580 fs/open.c:1071 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ab7322120 RSP: 002b:00007ffdda773c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000020ff1b0 RCX: 00007f0ab7322120 RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8 RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902 R13: 0000000000000102 R14: 00007ffdda773d80 R15: 00000000020ff1b8 INFO: task init:32525 blocked for more than 140 seconds. Not tainted 4.14.81+ #6 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29032 32525 1 0x00000000 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 chrdev_open+0x20d/0x570 fs/char_dev.c:417 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3408 [inline] path_openat+0x4eb/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_sys_open+0x2ef/0x580 fs/open.c:1071 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f0ab7322120 RSP: 002b:00007ffdda773c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000020ff350 RCX: 00007f0ab7322120 RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8 RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902 R13: 0000000000000102 R14: 00007ffdda773d80 R15: 00000000020ff358 Showing all locks held in the system: 1 lock held by khungtaskd/23: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541 1 lock held by rsyslogd/1626: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xa2/0xc0 fs/file.c:768 2 locks held by getty/1753: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142 1 lock held by init/32420: #0: (tty_mutex){+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] #0: (tty_mutex){+.+.}, at: [] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 1 lock held by init/32520: #0: (tty_mutex){+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] #0: (tty_mutex){+.+.}, at: [] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 1 lock held by init/32521: #0: (tty_mutex){+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] #0: (tty_mutex){+.+.}, at: [] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 1 lock held by init/32523: #0: (tty_mutex){+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] #0: (tty_mutex){+.+.}, at: [] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 1 lock held by init/32524: #0: (tty_mutex){+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] #0: (tty_mutex){+.+.}, at: [] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 1 lock held by init/32525: #0: (tty_mutex){+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:1927 [inline] #0: (tty_mutex){+.+.}, at: [] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2011 1 lock held by syz-executor2/3575: #0: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x868/0xb60 arch/x86/mm/fault.c:1361 1 lock held by syz-executor4/3581: #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x14f/0x1d0 mm/util.c:331 1 lock held by syz-executor4/3596: #0: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x868/0xb60 arch/x86/mm/fault.c:1361 1 lock held by syz-executor5/3590: #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x14f/0x1d0 mm/util.c:331 2 locks held by syz-executor5/3601: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:609 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1202 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1256 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.6+0x3989/0x6530 kernel/fork.c:1762 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:610 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1202 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1256 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.6+0x39a5/0x6530 kernel/fork.c:1762 1 lock held by syz-executor3/3597: #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x14f/0x1d0 mm/util.c:331 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.81+ #6 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x11b lib/dump_stack.c:53 nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline] watchdog+0x574/0xa70 kernel/hung_task.c:252 kthread+0x348/0x420 kernel/kthread.c:232 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 3602 Comm: udevd Not tainted 4.14.81+ #6 task: ffff88019681af00 task.stack: ffff880041298000 RIP: 0010:match_held_lock kernel/locking/lockdep.c:3558 [inline] RIP: 0010:__lock_is_held+0xc2/0x200 kernel/locking/lockdep.c:3811 RSP: 0018:ffff88004129e490 EFLAGS: 00000002 RAX: 0000000000000002 RBX: ffff88019681b730 RCX: 1ffff10032d036e5 RDX: ffffed0032d036e5 RSI: 0000000000000000 RDI: ffff88019681b752 RBP: 0000000000000000 R08: 1ffff10000bcb600 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffac0ceae0 R13: ffff88019681b730 R14: ffff88019681af00 R15: dffffc0000000000 FS: 00007f4f628db7a0(0000) GS:ffff8801dba00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4f61f784f0 CR3: 00000000a6db8004 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_is_held_type+0xb0/0x150 kernel/locking/lockdep.c:4029 lock_is_held include/linux/lockdep.h:437 [inline] rcu_read_lock_sched_held+0x102/0x120 kernel/rcu/update.c:116 trace_mm_page_free_batched include/trace/events/kmem.h:173 [inline] free_hot_cold_page_list+0x20a/0x340 mm/page_alloc.c:2667 shrink_page_list+0x1f60/0x31d0 mm/vmscan.c:1355 shrink_inactive_list+0x3b9/0xee0 mm/vmscan.c:1816 shrink_list mm/vmscan.c:2175 [inline] shrink_node_memcg+0x5e8/0x12e0 mm/vmscan.c:2438 shrink_node+0x301/0xbf0 mm/vmscan.c:2630 shrink_zones mm/vmscan.c:2812 [inline] do_try_to_free_pages+0x349/0xde0 mm/vmscan.c:2874 try_to_free_pages+0x204/0x6b0 mm/vmscan.c:3080 __perform_reclaim mm/page_alloc.c:3593 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3614 [inline] __alloc_pages_slowpath mm/page_alloc.c:4022 [inline] __alloc_pages_nodemask+0xafb/0x2300 mm/page_alloc.c:4222 __alloc_pages include/linux/gfp.h:461 [inline] __alloc_pages_node include/linux/gfp.h:474 [inline] alloc_pages_node include/linux/gfp.h:488 [inline] __page_cache_alloc include/linux/pagemap.h:226 [inline] pagecache_get_page+0x242/0x770 mm/filemap.c:1476 find_or_create_page include/linux/pagemap.h:326 [inline] grow_dev_page fs/buffer.c:1003 [inline] grow_buffers fs/buffer.c:1076 [inline] __getblk_slow fs/buffer.c:1103 [inline] __getblk_gfp+0x23e/0x720 fs/buffer.c:1382 sb_getblk include/linux/buffer_head.h:325 [inline] ext4_getblk+0x13b/0x400 fs/ext4/inode.c:973 ext4_bread_batch+0x78/0x330 fs/ext4/inode.c:1036 ext4_find_entry+0x44c/0xcd0 fs/ext4/namei.c:1424 ext4_lookup+0x133/0x590 fs/ext4/namei.c:1556 lookup_open+0x8e2/0x1750 fs/namei.c:3208 do_last fs/namei.c:3320 [inline] path_openat+0x11c7/0x23a0 fs/namei.c:3550 do_filp_open+0x197/0x270 fs/namei.c:3584 do_open_execat+0x10d/0x5b0 fs/exec.c:849 open_exec+0x3c/0x60 fs/exec.c:881 load_elf_binary+0x7a4/0x4530 fs/binfmt_elf.c:767 search_binary_handler+0x13f/0x6c0 fs/exec.c:1638 exec_binprm fs/exec.c:1680 [inline] do_execveat_common.isra.14+0x1109/0x1d60 fs/exec.c:1802 do_execve fs/exec.c:1847 [inline] SYSC_execve fs/exec.c:1928 [inline] SyS_execve+0x34/0x40 fs/exec.c:1923 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f4f61fbf207 RSP: 002b:00007fff35354158 EFLAGS: 00000202 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f4f61fbf207 RDX: 00000000021aec70 RSI: 00007fff35354250 RDI: 00007fff35355260 RBP: 0000000000625500 R08: 00000000000011d8 R09: 00000000000011d8 R10: 0000000000000000 R11: 0000000000000202 R12: 00000000021aec70 R13: 0000000000000007 R14: 000000000215f030 R15: 0000000000000005 Code: 10 31 ed 49 bf 00 00 00 00 00 fc ff df 48 c1 e9 03 4a 8d 14 39 48 8d 7b 22 48 89 f8 48 c1 e8 03 42 0f b6 34 38 48 89 f8 83 e0 07 <83> c0 01 40 38 f0 7c 09 40 84 f6 0f 85 da 00 00 00 66 f7 43 22