binder: 9426:9427 transaction failed 29189/-22, size 40-8 line 2834 binder: 9426:9427 ioctl c0306201 20008000 returned -14 INFO: task kworker/u4:0:7 blocked for more than 140 seconds. Not tainted 4.19.0-rc8-next-20181019+ #98 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:0 D15200 7 2 0x80000000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3480 schedule+0xfe/0x460 kernel/sched/core.c:3524 schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136 __synchronize_srcu+0x20a/0x2d0 kernel/rcu/srcutree.c:941 synchronize_srcu+0x44c/0x5b0 kernel/rcu/srcutree.c:1019 fsnotify_connector_destroy_workfn+0x44/0xa0 fs/notify/mark.c:176 process_one_work+0xc8b/0x1c40 kernel/workqueue.c:2153 worker_thread+0x17f/0x1390 kernel/workqueue.c:2296 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 INFO: task kworker/u4:1:21 blocked for more than 140 seconds. Not tainted 4.19.0-rc8-next-20181019+ #98 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:1 D13808 21 2 0x80000000 Workqueue: netns cleanup_net Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3480 schedule+0xfe/0x460 kernel/sched/core.c:3524 _synchronize_rcu_expedited.constprop.58+0x6f6/0x9d0 kernel/rcu/tree_exp.h:638 synchronize_rcu_expedited+0x27/0xa0 kernel/rcu/tree_exp.h:758 synchronize_net+0x3b/0x60 net/core/dev.c:9062 dev_deactivate_many+0x543/0xdd0 net/sched/sch_generic.c:1222 __dev_close_many+0x197/0x380 net/core/dev.c:1461 dev_close_many+0x2df/0x860 net/core/dev.c:1499 rollback_registered_many+0x543/0x1250 net/core/dev.c:7979 unregister_netdevice_many+0xfa/0x4c0 net/core/dev.c:9107 ip6gre_exit_batch_net+0x5cd/0x7f0 net/ipv6/ip6_gre.c:1594 ops_exit_list.isra.5+0x105/0x160 net/core/net_namespace.c:156 cleanup_net+0x555/0xb10 net/core/net_namespace.c:551 process_one_work+0xc8b/0x1c40 kernel/workqueue.c:2153 worker_thread+0x17f/0x1390 kernel/workqueue.c:2296 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 INFO: task syz-executor1:9407 blocked for more than 140 seconds. Not tainted 4.19.0-rc8-next-20181019+ #98 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor1 D18120 9407 5602 0x00000006 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3480 schedule+0xfe/0x460 kernel/sched/core.c:3524 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3582 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 exp_funnel_lock kernel/rcu/tree_exp.h:328 [inline] _synchronize_rcu_expedited.constprop.58+0x7af/0x9d0 kernel/rcu/tree_exp.h:620 synchronize_rcu_expedited+0x27/0xa0 kernel/rcu/tree_exp.h:758 synchronize_net+0x3b/0x60 net/core/dev.c:9062 packet_release+0x926/0xda0 net/packet/af_packet.c:3009 __sock_release+0xd7/0x250 net/socket.c:580 sock_close+0x19/0x20 net/socket.c:1142 __fput+0x3bc/0xa70 fs/file_table.c:279 ____fput+0x15/0x20 fs/file_table.c:312 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113 get_signal+0x1550/0x1970 kernel/signal.c:2347 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816 exit_to_usermode_loop+0x2e5/0x380 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: Bad RIP value. RSP: 002b:00007f287f77cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: 000000000003ff48 RBX: 0000000000000005 RCX: 0000000000457569 RDX: 03a3f34626ae7792 RSI: 0000000020002e00 RDI: 0000000000000003 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000022 R11: 0000000000000246 R12: 00007f287f77d6d4 R13: 00000000004c3244 R14: 00000000004d4de8 R15: 00000000ffffffff INFO: task syz-executor4:9422 blocked for more than 140 seconds. Not tainted 4.19.0-rc8-next-20181019+ #98 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D20120 9422 5704 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3480 schedule+0xfe/0x460 kernel/sched/core.c:3524 schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136 __synchronize_srcu+0x20a/0x2d0 kernel/rcu/srcutree.c:941 synchronize_srcu_expedited kernel/rcu/srcutree.c:966 [inline] synchronize_srcu+0x1d6/0x5b0 kernel/rcu/srcutree.c:1017 mmu_notifier_unregister+0x3b3/0x600 mm/mmu_notifier.c:381 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:745 [inline] kvm_put_kvm+0x6c0/0xff0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:770 kvm_vm_release+0x42/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:781 __fput+0x3bc/0xa70 fs/file_table.c:279 ____fput+0x15/0x20 fs/file_table.c:312 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x411021 Code: 4c 89 f6 48 89 c7 48 89 ca 48 89 4c 24 10 4c 89 54 24 08 e8 b1 a3 ff ff 48 8b 4c 24 10 41 c6 04 0f 00 4c 8b 7c 24 28 4c 8b 54 <24> 08 45 0f b6 37 e9 db fc ff ff 0f 1f 40 00 41 80 f8 29 74 7f ba RSP: 002b:00007ffe46ce8450 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 000000000000000f RCX: 0000000000411021 RDX: 0000000000000000 RSI: 0000000000732488 RDI: 000000000000000e RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffe46ce8380 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000001 R14: 0000000000000065 R15: 0000000000000004 Showing all locks held in the system: 2 locks held by kworker/u4:0/7: #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: __write_once_size include/linux/compiler.h:206 [inline] #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 000000007990b81a ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 #1: 000000006235beb7 (connector_reaper_work){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 5 locks held by kworker/u4:1/21: #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: __write_once_size include/linux/compiler.h:206 [inline] #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000703569fd ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 #1: 000000002350773f (net_cleanup_work){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 #2: 00000000340b288f (pernet_ops_rwsem){++++}, at: cleanup_net+0x13f/0xb10 net/core/net_namespace.c:518 #3: 00000000ba431513 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 #4: 000000003fea609e (rcu_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:296 [inline] #4: 000000003fea609e (rcu_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited.constprop.58+0x7c7/0x9d0 kernel/rcu/tree_exp.h:620 1 lock held by khungtaskd/982: #0: 000000000cb9a44c (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379 2 locks held by khugepaged/988: 1 lock held by rsyslogd/5460: #0: 00000000f5cecece (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766 2 locks held by getty/5549: #0: 00000000da2e3edb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000bf1c29e3 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5550: #0: 00000000b52946cd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000783e3b9a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5551: #0: 000000007c0eb72d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000000a7e94a1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5552: #0: 00000000bd78e452 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000000f3f1b4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5553: #0: 0000000009ab93b3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000003d2d5e79 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5554: #0: 00000000b5e7c291 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000079ef04f4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5555: #0: 00000000f60c34c6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000067b37b83 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 3 locks held by kworker/0:3/5791: 2 locks held by syz-executor1/9407: #0: 00000000b77830b1 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:764 [inline] #0: 00000000b77830b1 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x8b/0x250 net/socket.c:579 #1: 000000003fea609e (rcu_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:328 [inline] #1: 000000003fea609e (rcu_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited.constprop.58+0x7af/0x9d0 kernel/rcu/tree_exp.h:620 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 982 Comm: khungtaskd Not tainted 4.19.0-rc8-next-20181019+ #98 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0xb39/0x1050 kernel/hung_task.c:265 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 5791 Comm: kworker/0:3 Not tainted 4.19.0-rc8-next-20181019+ #98 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events rtc_timer_do_work RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:756 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:778 [inline] RIP: 0010:__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] RIP: 0010:_raw_spin_lock_irqsave+0x26/0xd0 kernel/locking/spinlock.c:152 Code: fa eb d1 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 54 53 48 89 fb 48 c7 c7 a8 fc 31 89 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 85 00 00 00 48 83 3d b4 91 72 01 00 74 77 9c 58 0f 1f 44 00 RSP: 0018:ffff8801892c7208 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffff8801cbf67b10 RCX: 1ffff10031258e50 RDX: 1ffffffff1263f95 RSI: 0000000000000001 RDI: ffffffff8931fca8 RBP: ffff8801892c7218 R08: 0000000000000000 R09: 0000000000000006 R10: 0000000000000000 R11: ffff8801cd88a680 R12: ffff8801892c7268 R13: 0000000000000001 R14: ffff8801892c7308 R15: 1ffff10031258e59 FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcb339fe140 CR3: 000000000926a000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __wake_up_common_lock+0x19e/0x330 kernel/sched/wait.c:120 __wake_up+0xe/0x10 kernel/sched/wait.c:145 rtc_handle_legacy_irq+0x8f/0xd0 drivers/rtc/interface.c:609 rtc_uie_update_irq+0x1f/0x30 drivers/rtc/interface.c:636 rtc_timer_do_work+0x287/0x11a0 drivers/rtc/interface.c:915 process_one_work+0xc8b/0x1c40 kernel/workqueue.c:2153 worker_thread+0x17f/0x1390 kernel/workqueue.c:2296 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352