INFO: task syz-executor.3:8185 can't die for more than 143 seconds.
syz-executor.3  R  running task    27160  8185   7087 0x00004006
Call Trace:
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 trace_hardirqs_on_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:41
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 retint_kernel+0x2b/0x2b
 trace_hardirqs_on_caller+0x64/0x240 kernel/trace/trace_preemptirq.c:97
 trace_hardirqs_on_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:41
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 test_ti_thread_flag include/linux/thread_info.h:84 [inline]
 need_resched include/linux/sched.h:1857 [inline]
 preempt_schedule_irq+0xee/0x150 kernel/sched/core.c:4401
 retint_kernel+0x2b/0x2b
 vga16fb_fillrect+0x9da/0x1960 drivers/video/fbdev/vga16fb.c:922
 __sanitizer_cov_trace_cmp4+0x4/0x20 kernel/kcov.c:258
 writeb arch/x86/include/asm/io.h:65 [inline]
 vga16fb_fillrect+0x9c6/0x1960 drivers/video/fbdev/vga16fb.c:923
 bit_clear_margins+0x2d5/0x4a0 drivers/video/fbdev/core/bitblit.c:232
 bit_bmove+0x210/0x210 drivers/video/fbdev/core/bitblit.c:59
 fb_set_cmap+0x118/0x510 drivers/video/fbdev/core/fbcmap.c:261
 fbcon_clear_margins+0x1de/0x240 drivers/video/fbdev/core/fbcon.c:1381
 fbcon_switch+0xcde/0x16f0 drivers/video/fbdev/core/fbcon.c:2363
 fbcon_set_def_font+0x370/0x370 drivers/video/fbdev/core/fbcon.c:2710
 trace_hardirqs_on_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:41
 hide_cursor+0x85/0x280 drivers/tty/vt/vt.c:902
 is_console_locked+0x5/0x10 kernel/printk/printk.c:2360
 fbcon_set_origin+0x26/0x50 drivers/video/fbdev/core/fbcon.c:2938
 redraw_screen+0x2ae/0x770 drivers/tty/vt/vt.c:1015
 vesafb_probe.cold+0x1228/0x1228
 respond_string+0x290/0x290 include/linux/tty_flip.h:27
 fbcon_set_palette+0x3b1/0x4a0 drivers/video/fbdev/core/fbcon.c:2764
 fbcon_modechanged+0x581/0x720 drivers/video/fbdev/core/fbcon.c:3000
 fbcon_set_all_vcs+0x3b3/0x460 drivers/video/fbdev/core/fbcon.c:3038
 fbcon_update_vcs+0x26/0x50 drivers/video/fbdev/core/fbcon.c:3045
 fb_set_var+0xb03/0xd90 drivers/video/fbdev/core/fbmem.c:1056
 fb_blank+0x190/0x190 drivers/video/fbdev/core/fbmem.c:1081
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x62/0xe0 kernel/locking/spinlock.c:191
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_fb_ioctl+0x390/0x6e0 drivers/video/fbdev/core/fbmem.c:1109
 fb_mmap+0x510/0x510 drivers/video/fbdev/core/fbmem.c:1393
 tomoyo_execute_permission+0x470/0x470 security/tomoyo/file.c:168
 retint_kernel+0x2b/0x2b
 rcu_read_unlock include/linux/rcupdate.h:684 [inline]
 __fget_files+0x30d/0x500 fs/file.c:734
 __sanitizer_cov_trace_switch+0x45/0x70 kernel/kcov.c:320
 ioctl_fibmap fs/ioctl.c:221 [inline]
 file_ioctl fs/ioctl.c:531 [inline]
 do_vfs_ioctl+0x27d/0x1090 fs/ioctl.c:732
 retint_kernel+0x2b/0x2b
 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1185
 do_fb_ioctl+0x6e0/0x6e0 drivers/video/fbdev/core/fbmem.c:1169
 vfs_ioctl fs/ioctl.c:48 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:753
 __do_sys_ioctl fs/ioctl.c:762 [inline]
 __se_sys_ioctl fs/ioctl.c:760 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:760
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
INFO: task syz-executor.3:8223 can't die for more than 143 seconds.
syz-executor.3  D28400  8223   7087 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3415 [inline]
 __schedule+0x8e4/0x1f80 kernel/sched/core.c:4140
 firmware_map_remove+0x19e/0x19e
 schedule+0xd0/0x2a0 kernel/sched/core.c:4215
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4274
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 lock_fb_info include/linux/fb.h:637 [inline]
 fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
 mutex_trylock+0x2c0/0x2c0 kernel/locking/mutex.c:126
 instrument_atomic_write include/linux/instrumented.h:71 [inline]
 atomic64_cmpxchg include/asm-generic/atomic-instrumented.h:1464 [inline]
 atomic_long_cmpxchg_release include/asm-generic/atomic-long.h:425 [inline]
 __mutex_unlock_slowpath+0xe2/0x660 kernel/locking/mutex.c:1249
 spin_unlock include/linux/spinlock.h:393 [inline]
 chrdev_open+0xc4/0x5c0 fs/char_dev.c:402
 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4604
 kobject_init+0x1a0/0x1a0 lib/kobject.c:369
 lock_fb_info include/linux/fb.h:637 [inline]
 fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
 lock_fb_info include/linux/fb.h:637 [inline]
 fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
 get_fb_info.part.0+0x80/0x80 drivers/video/fbdev/core/fbmem.c:68
 chrdev_open+0x219/0x5c0 fs/char_dev.c:414
 cdev_put.part.0+0x50/0x50 fs/char_dev.c:364
 security_file_open+0x84/0x3d0 security/security.c:1553
 do_dentry_open+0x503/0x1280 fs/open.c:822
 cdev_put.part.0+0x50/0x50 fs/char_dev.c:364
 security_inode_permission+0xc4/0xf0 security/security.c:1258
 chown_common+0x550/0x550 fs/open.c:661
 inode_permission+0xab/0x500 fs/namei.c:450
 do_open fs/namei.c:3234 [inline]
 path_openat+0x1ece/0x2870 fs/namei.c:3351
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199
 path_lookupat.isra.0+0x530/0x530 fs/namei.c:2332
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
 _raw_spin_unlock_irq+0x55/0x80 kernel/locking/spinlock.c:199
 finish_lock_switch kernel/sched/core.c:3154 [inline]
 finish_task_switch+0x147/0x750 kernel/sched/core.c:3254
 context_switch kernel/sched/core.c:3418 [inline]
 __schedule+0x8ec/0x1f80 kernel/sched/core.c:4140
 do_filp_open+0x192/0x260 fs/namei.c:3378
 may_open_dev+0xf0/0xf0 fs/namei.c:2821
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 test_ti_thread_flag include/linux/thread_info.h:84 [inline]
 need_resched include/linux/sched.h:1857 [inline]
 preempt_schedule_common+0x5e/0xc0 kernel/sched/core.c:4304
 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:50
 __raw_spin_unlock include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock+0x36/0x40 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:393 [inline]
 __alloc_fd+0x46d/0x600 fs/file.c:534
 do_sys_openat2+0x585/0x7a0 fs/open.c:1173
 file_open_root+0x400/0x400 fs/open.c:1154
 _copy_to_user+0x126/0x160 lib/usercopy.c:32
 put_timespec64+0xcb/0x120 kernel/time/time.c:812
 ns_to_kernel_old_timeval+0x100/0x100 kernel/time/time.c:521
 do_sys_open+0xc3/0x140 fs/open.c:1189
 filp_open+0x70/0x70 fs/open.c:1142
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0x21/0x7d0 arch/x86/entry/common.c:288
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
INFO: task syz-executor.3:8223 blocked for more than 143 seconds.
      Not tainted 5.7.0-rc6-next-20200522-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28400  8223   7087 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3415 [inline]
 __schedule+0x8e4/0x1f80 kernel/sched/core.c:4140
 firmware_map_remove+0x19e/0x19e
 schedule+0xd0/0x2a0 kernel/sched/core.c:4215
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4274
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 lock_fb_info include/linux/fb.h:637 [inline]
 fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
 mutex_trylock+0x2c0/0x2c0 kernel/locking/mutex.c:126
 instrument_atomic_write include/linux/instrumented.h:71 [inline]
 atomic64_cmpxchg include/asm-generic/atomic-instrumented.h:1464 [inline]
 atomic_long_cmpxchg_release include/asm-generic/atomic-long.h:425 [inline]
 __mutex_unlock_slowpath+0xe2/0x660 kernel/locking/mutex.c:1249
 spin_unlock include/linux/spinlock.h:393 [inline]
 chrdev_open+0xc4/0x5c0 fs/char_dev.c:402
 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4604
 kobject_init+0x1a0/0x1a0 lib/kobject.c:369
 lock_fb_info include/linux/fb.h:637 [inline]
 fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
 lock_fb_info include/linux/fb.h:637 [inline]
 fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
 get_fb_info.part.0+0x80/0x80 drivers/video/fbdev/core/fbmem.c:68
 chrdev_open+0x219/0x5c0 fs/char_dev.c:414
 cdev_put.part.0+0x50/0x50 fs/char_dev.c:364
 security_file_open+0x84/0x3d0 security/security.c:1553
 do_dentry_open+0x503/0x1280 fs/open.c:822
 cdev_put.part.0+0x50/0x50 fs/char_dev.c:364
 security_inode_permission+0xc4/0xf0 security/security.c:1258
 chown_common+0x550/0x550 fs/open.c:661
 inode_permission+0xab/0x500 fs/namei.c:450
 do_open fs/namei.c:3234 [inline]
 path_openat+0x1ece/0x2870 fs/namei.c:3351
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199
 path_lookupat.isra.0+0x530/0x530 fs/namei.c:2332
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
 _raw_spin_unlock_irq+0x55/0x80 kernel/locking/spinlock.c:199
 finish_lock_switch kernel/sched/core.c:3154 [inline]
 finish_task_switch+0x147/0x750 kernel/sched/core.c:3254
 context_switch kernel/sched/core.c:3418 [inline]
 __schedule+0x8ec/0x1f80 kernel/sched/core.c:4140
 do_filp_open+0x192/0x260 fs/namei.c:3378
 may_open_dev+0xf0/0xf0 fs/namei.c:2821
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 test_ti_thread_flag include/linux/thread_info.h:84 [inline]
 need_resched include/linux/sched.h:1857 [inline]
 preempt_schedule_common+0x5e/0xc0 kernel/sched/core.c:4304
 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:50
 __raw_spin_unlock include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock+0x36/0x40 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:393 [inline]
 __alloc_fd+0x46d/0x600 fs/file.c:534
 do_sys_openat2+0x585/0x7a0 fs/open.c:1173
 file_open_root+0x400/0x400 fs/open.c:1154
 _copy_to_user+0x126/0x160 lib/usercopy.c:32
 put_timespec64+0xcb/0x120 kernel/time/time.c:812
 ns_to_kernel_old_timeval+0x100/0x100 kernel/time/time.c:521
 do_sys_open+0xc3/0x140 fs/open.c:1189
 filp_open+0x70/0x70 fs/open.c:1142
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0x21/0x7d0 arch/x86/entry/common.c:288
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
INFO: task syz-executor.5:8206 can't die for more than 143 seconds.
syz-executor.5  D27304  8206   7278 0x80000004
Call Trace:
 context_switch kernel/sched/core.c:3415 [inline]
 __schedule+0x8e4/0x1f80 kernel/sched/core.c:4140
 firmware_map_remove+0x19e/0x19e
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 hlock_class kernel/locking/lockdep.c:179 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3127 [inline]
 validate_chain kernel/locking/lockdep.c:3183 [inline]
 __lock_acquire+0x2224/0x48a0 kernel/locking/lockdep.c:4380
 schedule+0xd0/0x2a0 kernel/sched/core.c:4215
 schedule_timeout+0x55b/0x850 kernel/time/timer.c:1873
 usleep_range+0x160/0x160 kernel/time/timer.c:2092
 __down_common kernel/locking/semaphore.c:219 [inline]
 __down+0x16e/0x2c0 kernel/locking/semaphore.c:237
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 __down_common kernel/locking/semaphore.c:220 [inline]
 __down+0x176/0x2c0 kernel/locking/semaphore.c:237
 __up.isra.0+0x190/0x190 include/linux/list.h:112
 down+0x57/0x80 kernel/locking/semaphore.c:61
 console_lock+0x25/0x80 kernel/printk/printk.c:2328
 do_con_write.part.0+0x95/0x1dc0 drivers/tty/vt/vt.c:2596
 __mutex_lock_common kernel/locking/mutex.c:964 [inline]
 __mutex_lock+0x458/0x13c0 kernel/locking/mutex.c:1103
 process_output_block drivers/tty/n_tty.c:550 [inline]
 n_tty_write+0x50c/0xf90 drivers/tty/n_tty.c:2333
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 hlock_class kernel/locking/lockdep.c:179 [inline]
 mark_lock+0x11f/0xdd0 kernel/locking/lockdep.c:3937
 mutex_trylock+0x2c0/0x2c0 kernel/locking/mutex.c:126
 n_tty_write+0x1de/0xf90 drivers/tty/n_tty.c:2321
 do_con_trol+0x5d80/0x5d80 drivers/tty/vt/vt.c:1926
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x62/0xe0 kernel/locking/spinlock.c:191
 do_con_write drivers/tty/vt/vt.c:2593 [inline]
 con_write+0x41/0xe0 drivers/tty/vt/vt.c:3159
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0x3f0/0xf90 drivers/tty/n_tty.c:2333
 n_tty_read+0x1b30/0x1b30 drivers/tty/n_tty.c:2185
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 prepare_to_wait_exclusive+0x2c0/0x2c0 include/linux/list.h:100
 __phys_addr+0x9a/0x110 arch/x86/mm/physaddr.c:31
 __phys_addr_symbol+0x2c/0x70 arch/x86/mm/physaddr.c:42
 __might_fault+0x50/0x1d0 mm/memory.c:4785
 do_tty_write drivers/tty/tty_io.c:962 [inline]
 tty_write+0x495/0x800 drivers/tty/tty_io.c:1046
 n_tty_read+0x1b30/0x1b30 drivers/tty/n_tty.c:2185
 hung_up_tty_compat_ioctl+0x40/0x40 drivers/tty/tty_io.c:3308
 __vfs_write+0x76/0x100 fs/read_write.c:495
 __kernel_write+0x11c/0x3a0 fs/read_write.c:516
 write_pipe_buf+0x153/0x1e0 fs/splice.c:809
 lockdep_hardirqs_on_prepare+0x590/0x590 kernel/locking/lockdep.c:3680
 do_splice_direct+0x280/0x280 fs/splice.c:1082
 splice_from_pipe_next.part.0+0x29c/0x350 fs/splice.c:569
 splice_from_pipe_feed fs/splice.c:512 [inline]
 __splice_from_pipe+0x3e6/0x7b0 fs/splice.c:636
 do_splice_direct+0x280/0x280 fs/splice.c:1082
 do_splice_direct+0x280/0x280 fs/splice.c:1082
 splice_from_pipe+0xd9/0x140 fs/splice.c:671
 splice_shrink_spd+0xc0/0xc0 fs/splice.c:284
 security_file_permission+0x8c/0x460 security/security.c:1431
 default_file_splice_write+0x37/0x90 fs/splice.c:821
 generic_splice_sendpage+0x40/0x40 fs/splice.c:844
 do_splice_from fs/splice.c:863 [inline]
 direct_splice_actor+0x115/0x160 fs/splice.c:1037
 splice_direct_to_actor+0x38c/0x980 fs/splice.c:992
 generic_pipe_buf_nosteal+0x10/0x10 fs/splice.c:344
 do_splice_to+0x160/0x160 fs/splice.c:887
 do_splice_direct+0x1b4/0x280 fs/splice.c:1080
 splice_direct_to_actor+0x980/0x980 fs/splice.c:943
 do_sendfile+0x555/0xc50 fs/read_write.c:1521
 do_compat_pwritev64+0x1b0/0x1b0 fs/read_write.c:1404
 put_timespec64+0xcb/0x120 kernel/time/time.c:812
 ns_to_kernel_old_timeval+0x100/0x100 kernel/time/time.c:521
 __do_sys_futex kernel/futex.c:3872 [inline]
 __se_sys_futex kernel/futex.c:3840 [inline]
 __x64_sys_futex+0x380/0x4f0 kernel/futex.c:3840
 __do_sys_sendfile64 fs/read_write.c:1582 [inline]
 __se_sys_sendfile64 fs/read_write.c:1568 [inline]
 __x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1568
 __ia32_sys_sendfile+0x220/0x220 fs/read_write.c:1549
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0x21/0x7d0 arch/x86/entry/common.c:288
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
INFO: task syz-executor.5:8206 blocked for more than 143 seconds.
      Not tainted 5.7.0-rc6-next-20200522-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D27304  8206   7278 0x80000004
Call Trace:
 context_switch kernel/sched/core.c:3415 [inline]
 __schedule+0x8e4/0x1f80 kernel/sched/core.c:4140
 firmware_map_remove+0x19e/0x19e
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 hlock_class kernel/locking/lockdep.c:179 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3127 [inline]
 validate_chain kernel/locking/lockdep.c:3183 [inline]
 __lock_acquire+0x2224/0x48a0 kernel/locking/lockdep.c:4380
 schedule+0xd0/0x2a0 kernel/sched/core.c:4215
 schedule_timeout+0x55b/0x850 kernel/time/timer.c:1873
 usleep_range+0x160/0x160 kernel/time/timer.c:2092
 __down_common kernel/locking/semaphore.c:219 [inline]
 __down+0x16e/0x2c0 kernel/locking/semaphore.c:237
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 __down_common kernel/locking/semaphore.c:220 [inline]
 __down+0x176/0x2c0 kernel/locking/semaphore.c:237
 __up.isra.0+0x190/0x190 include/linux/list.h:112
 down+0x57/0x80 kernel/locking/semaphore.c:61
 console_lock+0x25/0x80 kernel/printk/printk.c:2328
 do_con_write.part.0+0x95/0x1dc0 drivers/tty/vt/vt.c:2596
 __mutex_lock_common kernel/locking/mutex.c:964 [inline]
 __mutex_lock+0x458/0x13c0 kernel/locking/mutex.c:1103
 process_output_block drivers/tty/n_tty.c:550 [inline]
 n_tty_write+0x50c/0xf90 drivers/tty/n_tty.c:2333
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 hlock_class kernel/locking/lockdep.c:179 [inline]
 mark_lock+0x11f/0xdd0 kernel/locking/lockdep.c:3937
 mutex_trylock+0x2c0/0x2c0 kernel/locking/mutex.c:126
 n_tty_write+0x1de/0xf90 drivers/tty/n_tty.c:2321
 do_con_trol+0x5d80/0x5d80 drivers/tty/vt/vt.c:1926
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x62/0xe0 kernel/locking/spinlock.c:191
 do_con_write drivers/tty/vt/vt.c:2593 [inline]
 con_write+0x41/0xe0 drivers/tty/vt/vt.c:3159
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0x3f0/0xf90 drivers/tty/n_tty.c:2333
 n_tty_read+0x1b30/0x1b30 drivers/tty/n_tty.c:2185
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3609
 prepare_to_wait_exclusive+0x2c0/0x2c0 include/linux/list.h:100
 __phys_addr+0x9a/0x110 arch/x86/mm/physaddr.c:31
 __phys_addr_symbol+0x2c/0x70 arch/x86/mm/physaddr.c:42
 __might_fault+0x50/0x1d0 mm/memory.c:4785
 do_tty_write drivers/tty/tty_io.c:962 [inline]
 tty_write+0x495/0x800 drivers/tty/tty_io.c:1046
 n_tty_read+0x1b30/0x1b30 drivers/tty/n_tty.c:2185
 hung_up_tty_compat_ioctl+0x40/0x40 drivers/tty/tty_io.c:3308
 __vfs_write+0x76/0x100 fs/read_write.c:495
 __kernel_write+0x11c/0x3a0 fs/read_write.c:516
 write_pipe_buf+0x153/0x1e0 fs/splice.c:809
 lockdep_hardirqs_on_prepare+0x590/0x590 kernel/locking/lockdep.c:3680
 do_splice_direct+0x280/0x280 fs/splice.c:1082
 splice_from_pipe_next.part.0+0x29c/0x350 fs/splice.c:569
 splice_from_pipe_feed fs/splice.c:512 [inline]
 __splice_from_pipe+0x3e6/0x7b0 fs/splice.c:636
 do_splice_direct+0x280/0x280 fs/splice.c:1082
 do_splice_direct+0x280/0x280 fs/splice.c:1082
 splice_from_pipe+0xd9/0x140 fs/splice.c:671
 splice_shrink_spd+0xc0/0xc0 fs/splice.c:284
 security_file_permission+0x8c/0x460 security/security.c:1431
 default_file_splice_write+0x37/0x90 fs/splice.c:821
 generic_splice_sendpage+0x40/0x40 fs/splice.c:844
 do_splice_from fs/splice.c:863 [inline]
 direct_splice_actor+0x115/0x160 fs/splice.c:1037
 splice_direct_to_actor+0x38c/0x980 fs/splice.c:992
 generic_pipe_buf_nosteal+0x10/0x10 fs/splice.c:344
 do_splice_to+0x160/0x160 fs/splice.c:887
 do_splice_direct+0x1b4/0x280 fs/splice.c:1080
 splice_direct_to_actor+0x980/0x980 fs/splice.c:943
 do_sendfile+0x555/0xc50 fs/read_write.c:1521
 do_compat_pwritev64+0x1b0/0x1b0 fs/read_write.c:1404
 put_timespec64+0xcb/0x120 kernel/time/time.c:812
 ns_to_kernel_old_timeval+0x100/0x100 kernel/time/time.c:521
 __do_sys_futex kernel/futex.c:3872 [inline]
 __se_sys_futex kernel/futex.c:3840 [inline]
 __x64_sys_futex+0x380/0x4f0 kernel/futex.c:3840
 __do_sys_sendfile64 fs/read_write.c:1582 [inline]
 __se_sys_sendfile64 fs/read_write.c:1568 [inline]
 __x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1568
 __ia32_sys_sendfile+0x220/0x220 fs/read_write.c:1549
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0x21/0x7d0 arch/x86/entry/common.c:288
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3

Showing all locks held in the system:
1 lock held by khungtaskd/1146:
 #0: ffffffff89bc0380 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5779
1 lock held by in:imklog/6487:
 #0: ffff8880a808cb30 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826
2 locks held by syz-executor.3/8185:
1 lock held by syz-executor.3/8223:
 #0: ffff88821882b078 (&fb_info->lock){+.+.}-{3:3}, at: lock_fb_info include/linux/fb.h:637 [inline]
 #0: ffff88821882b078 (&fb_info->lock){+.+.}-{3:3}, at: fb_open+0xd3/0x430 drivers/video/fbdev/core/fbmem.c:1418
4 locks held by syz-executor.5/8206:
 #0: ffff88809368c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:267
 #1: ffff88809368c130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock+0x1e/0x80 drivers/tty/tty_io.c:888
 #2: ffff88809368c2e8 (&tty->termios_rwsem){++++}-{3:3}, at: n_tty_write+0x1b2/0xf90 drivers/tty/n_tty.c:2316
 #3: ffffc90000fc4378 (&ldata->output_lock){+.+.}-{3:3}, at: process_output_block drivers/tty/n_tty.c:550 [inline]
 #3: ffffc90000fc4378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0x50c/0xf90 drivers/tty/n_tty.c:2333

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1146 Comm: khungtaskd Not tainted 5.7.0-rc6-next-20200522-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
 lapic_can_unplug_cpu.cold+0x3b/0x3b
 nmi_trigger_cpumask_backtrace+0x1e6/0x221 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:147 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:253 [inline]
 watchdog+0xfa3/0x14f0 kernel/hung_task.c:339
 reset_hung_task_detector+0x30/0x30 kernel/hung_task.c:293
 kthread+0x3b5/0x4a0 kernel/kthread.c:291
 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1113
 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1113
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8185 Comm: syz-executor.3 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__sanitizer_cov_trace_pc+0x36/0x60 kernel/kcov.c:200
Code: 58 77 8e 7e f7 c2 00 01 ff 00 48 8b 34 24 74 0f 80 e6 01 74 35 8b 90 0c 14 00 00 85 d2 74 2b 8b 90 e8 13 00 00 83 fa 02 75 20 <48> 8b 88 f0 13 00 00 8b 80 ec 13 00 00 48 8b 11 48 83 c2 01 48 39
RSP: 0018:ffffc90017007538 EFLAGS: 00000246
RAX: ffff888058336000 RBX: 0000000000000050 RCX: ffffffff83c8eb7a
RDX: 0000000000000002 RSI: ffffffff83c8eb66 RDI: 0000000000000004
RBP: 000000000000002e R08: ffff888058336000 R09: ffffed1043102954
R10: ffff888218814a9f R11: ffffed1043102953 R12: ffff8880000a002e
R13: ffff8880000a0000 R14: 0000000000000000 R15: 00000000f06904e8
FS:  00007f3cdee2a700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff13afc908 CR3: 00000000967ac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 writeb arch/x86/include/asm/io.h:65 [inline]
 vga16fb_fillrect+0x9c6/0x1960 drivers/video/fbdev/vga16fb.c:923
 bit_clear_margins+0x2d5/0x4a0 drivers/video/fbdev/core/bitblit.c:232
 bit_bmove+0x210/0x210 drivers/video/fbdev/core/bitblit.c:59
 fb_set_cmap+0x118/0x510 drivers/video/fbdev/core/fbcmap.c:261
 fbcon_clear_margins+0x1de/0x240 drivers/video/fbdev/core/fbcon.c:1381
 fbcon_switch+0xcde/0x16f0 drivers/video/fbdev/core/fbcon.c:2363
 fbcon_set_def_font+0x370/0x370 drivers/video/fbdev/core/fbcon.c:2710
 trace_hardirqs_on_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:41
 hide_cursor+0x85/0x280 drivers/tty/vt/vt.c:902
 is_console_locked+0x5/0x10 kernel/printk/printk.c:2360
 fbcon_set_origin+0x26/0x50 drivers/video/fbdev/core/fbcon.c:2938
 redraw_screen+0x2ae/0x770 drivers/tty/vt/vt.c:1015
 vesafb_probe.cold+0x1228/0x1228
 respond_string+0x290/0x290 include/linux/tty_flip.h:27
 fbcon_set_palette+0x3b1/0x4a0 drivers/video/fbdev/core/fbcon.c:2764
 fbcon_modechanged+0x581/0x720 drivers/video/fbdev/core/fbcon.c:3000
 fbcon_set_all_vcs+0x3b3/0x460 drivers/video/fbdev/core/fbcon.c:3038
 fbcon_update_vcs+0x26/0x50 drivers/video/fbdev/core/fbcon.c:3045
 fb_set_var+0xb03/0xd90 drivers/video/fbdev/core/fbmem.c:1056
 fb_blank+0x190/0x190 drivers/video/fbdev/core/fbmem.c:1081
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x62/0xe0 kernel/locking/spinlock.c:191
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3635 [inline]
 lockdep_hardirqs_on_prepare+0x3a2/0x590 kernel/locking/lockdep.c:3686
 do_fb_ioctl+0x390/0x6e0 drivers/video/fbdev/core/fbmem.c:1109
 fb_mmap+0x510/0x510 drivers/video/fbdev/core/fbmem.c:1393
 tomoyo_execute_permission+0x470/0x470 security/tomoyo/file.c:168
 retint_kernel+0x2b/0x2b
 rcu_read_unlock include/linux/rcupdate.h:684 [inline]
 __fget_files+0x30d/0x500 fs/file.c:734
 __sanitizer_cov_trace_switch+0x45/0x70 kernel/kcov.c:320
 ioctl_fibmap fs/ioctl.c:221 [inline]
 file_ioctl fs/ioctl.c:531 [inline]
 do_vfs_ioctl+0x27d/0x1090 fs/ioctl.c:732
 retint_kernel+0x2b/0x2b
 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1185
 do_fb_ioctl+0x6e0/0x6e0 drivers/video/fbdev/core/fbmem.c:1169
 vfs_ioctl fs/ioctl.c:48 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:753
 __do_sys_ioctl fs/ioctl.c:762 [inline]
 __se_sys_ioctl fs/ioctl.c:760 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:760
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca29
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3cdee29c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e4ac0 RCX: 000000000045ca29
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000002f2 R14: 00000000004c56c8 R15: 00007f3cdee2a6d4