Free memory is 48860kB above reserved lowmemorykiller: Killing 'syz-executor835' (4649) (tgid 4649), adj 1000, to free 11564kB on behalf of 'syz-executor835' (18852) because cache 1428kB is below limit 65536kB for oom_score_adj 12 Free memory is 61752kB above reserved INFO: task init:7425 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D28888 7425 1 0x00000000 ffff8801a18197c0 ffff8801c9ea6e00 ffff8801c9ddc780 ffff8801c9858000 ffff8801db721018 ffff8801c9947580 ffffffff828075c2 ffff8801a181a070 000000000000015c 0000000000000000 0000000000000000 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] __down_common kernel/locking/semaphore.c:221 [inline] [] __down+0x191/0x2b0 kernel/locking/semaphore.c:238 [] down+0x5e/0x80 kernel/locking/semaphore.c:61 [] console_lock+0x2c/0x80 kernel/printk/printk.c:2217 [] console_device+0x1c/0xc0 kernel/printk/printk.c:2554 [] tty_lookup_driver drivers/tty/tty_io.c:2008 [inline] [] tty_open_by_driver drivers/tty/tty_io.c:2053 [inline] [] tty_open+0x6f5/0xdf0 drivers/tty/tty_io.c:2130 [] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392 [] do_dentry_open+0x3ef/0xc90 fs/open.c:766 [] vfs_open+0x11c/0x210 fs/open.c:879 [] do_last fs/namei.c:3410 [inline] [] path_openat+0x542/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1910: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2038: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by init/7425: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/7426: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/7427: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/7428: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/7429: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/7430: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by syz-executor835/18851: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x128/0x1b0 mm/util.c:327 1 lock held by syz-executor835/18852: #0: (&mm->mmap_sem){++++++}, at: [] __mm_populate+0x223/0x320 mm/gup.c:1134 1 lock held by syz-executor835/18854: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x128/0x1b0 mm/util.c:327 1 lock held by syz-executor835/18858: #0: (&mm->mmap_sem){++++++}, at: [] __mm_populate+0x223/0x320 mm/gup.c:1134 1 lock held by syz-executor835/18861: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x128/0x1b0 mm/util.c:327 1 lock held by syz-executor835/18949: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x128/0x1b0 mm/util.c:327 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 18950 Comm: syz-executor835 Not tainted 4.9.141+ #1 task: ffff88017e8d2f80 task.stack: ffff8801d7f58000 RIP: 0010:[] c [] static_key_false include/linux/jump_label.h:184 [inline] RIP: 0010:[] c [] trace_mm_page_alloc include/trace/events/kmem.h:194 [inline] RIP: 0010:[] c [] __alloc_pages_nodemask+0x2cd/0x1bd0 mm/page_alloc.c:3874 RSP: 0018:ffff8801d7f5f510 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 00000000024200ca RCX: 0000000000000000 RDX: 1ffffffff067bd25 RSI: 0000000000000000 RDI: ffffffff833de928 RBP: ffff8801d7f5f738 R08: ffffea0005fd7700 R09: ffffed002febb800 R10: 0000000000000000 R11: 0000000000000000 R12: ffffea0005fd7700 R13: 0000000000000000 R14: ffff8801d7f5f710 R15: 00000000024200ca FS: 00007f2188bd1700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004b4da0 CR3: 00000001d789a000 CR4: 00000000001606b0 Stack: ffffffff812073b0c ffff88017e8d3870c ffff88017e8d3820c ffff88017e8d3878c ffff88017e8d3828c ffff88017e8d3830c ffffffff83caeb20c ffffffff83c3cdf0c 0000000000007c8dc ffff88017e8d3870c ffff88017e8d3820c ffff88017e8d3878c Call Trace: [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] shmem_alloc_page mm/shmem.c:1420 [inline] [] shmem_alloc_and_acct_page mm/shmem.c:1450 [inline] [] shmem_getpage_gfp+0xc7c/0x18f0 mm/shmem.c:1724 [] shmem_fault+0x222/0x6d0 mm/shmem.c:1959 [] __do_fault+0x223/0x500 mm/memory.c:2833 [] do_read_fault mm/memory.c:3180 [inline] [] do_fault mm/memory.c:3315 [inline] [] handle_pte_fault mm/memory.c:3516 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0x1326/0x2350 mm/memory.c:3640 [] faultin_page mm/gup.c:386 [inline] [] __get_user_pages+0x446/0xf80 mm/gup.c:588 [] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [] __mm_populate+0x1d7/0x320 mm/gup.c:1154 [] mm_populate include/linux/mm.h:2041 [inline] [] vm_mmap_pgoff+0x195/0x1b0 mm/util.c:333 [] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [] SyS_mmap_pgoff+0x152/0x1b0 mm/mmap.c:1513 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c28 ce9 c3d c83 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c48 cc1 cea c03 c0f cb6 c04 c02 c84 cc0 c74 c08 c3c c03 c0f c8e c61 c15 c00 c00 c8b c05 cdb c65 cfb c01 c<85> cc0 c0f c8f c9f c09 c00 c00 c65 c8b c05 cd4 cdd cbe c7e c89 cc0 c48 c0f ca3 c05 c