binder: 29322:29325 ioctl 40046207 0 returned -16 binder_alloc: 30679: binder_alloc_buf, no vma binder: 29322:29325 transaction failed 29189/-3, size 24-8 line 3136 binder: undelivered TRANSACTION_ERROR: 29189 binder: 29322:29325 IncRefs 0 refcount change on invalid ref 1 ret -22 INFO: task init:32083 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D28888 32083 1 0x00000000 ffff8801c8a397c0 ffff8801d0b72100 ffff8801d1aee300 ffff8801d0344740 ffff8801db721018 ffff8801a9d6f580 ffffffff828075c2 ffff8801c8a3a070 000000000000015c 0000000000000000 0000000000000000 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] __down_common kernel/locking/semaphore.c:221 [inline] [] __down+0x191/0x2b0 kernel/locking/semaphore.c:238 [] down+0x5e/0x80 kernel/locking/semaphore.c:61 [] console_lock+0x2c/0x80 kernel/printk/printk.c:2217 [] console_device+0x1c/0xc0 kernel/printk/printk.c:2554 [] tty_lookup_driver drivers/tty/tty_io.c:2008 [inline] [] tty_open_by_driver drivers/tty/tty_io.c:2053 [inline] [] tty_open+0x6f5/0xdf0 drivers/tty/tty_io.c:2130 [] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392 [] do_dentry_open+0x3ef/0xc90 fs/open.c:766 [] vfs_open+0x11c/0x210 fs/open.c:879 [] do_last fs/namei.c:3410 [inline] [] path_openat+0x542/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1913: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2040: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by kworker/u4:1/25747: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((reaper_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by init/32083: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32124: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32138: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32238: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32247: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/32248: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 29326 Comm: syz-executor.2 Not tainted 4.9.141+ #1 task: ffff8801a7f05f00 task.stack: ffff8801c49f8000 RIP: 0010:[] c [] __tlb_remove_page_size+0x102/0x500 mm/memory.c:312 RSP: 0018:ffff8801c49ff6d8 EFLAGS: 00000a03 RAX: ffff8801cf88600c RBX: ffff8801c49ff920 RCX: ffff8801c49ff940 RDX: 0000000000000000 RSI: ffffffff814956f7 RDI: ffff8801cf88600c RBP: ffff8801c49ff708 R08: ffff8801a7f067d0 R09: 9e50ee563b4102ff R10: ffff8801a7f05f00 R11: 0000000000000001 R12: ffff8801cf886000 R13: 0000000000000041 R14: ffffea0006d06d40 R15: ffff8801cf886008 FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2f221000 CR3: 000000000301e000 CR4: 00000000001606b0 Stack: ffffffff814be468c 00007f488412e000c 00007f488412f000c 0000000000000006c ffffea0006d06d40c ffff8801d2b49970c ffff8801c49ff868c ffffffff81499b10c 1ffff1003893fefcc dffffc0000000003c fffffbfff067cf3ac 0000000000000019c Call Trace: [] __tlb_remove_page include/asm-generic/tlb.h:163 [inline] [] zap_pte_range mm/memory.c:1165 [inline] [] zap_pmd_range mm/memory.c:1249 [inline] [] zap_pud_range mm/memory.c:1270 [inline] [] unmap_page_range+0xe60/0x1680 mm/memory.c:1291 [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c08 c3c c03 c0f c8e c6e c03 c00 c00 c49 c8d c7c c24 c0c c45 c8b c6c c24 c08 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c48 cc1 cea c03 c0f cb6 c14 c02 c48 c89 cf8 c<83> ce0 c07 c83 cc0 c03 c38 cd0 c7c c08 c84 cd2 c0f c85 c13 c03 c00 c00 c41 c8b c44 c