binder: 7585:7587 unknown command -1285517236 binder: 7585:7587 ioctl c0306201 20fed000 returned -22 INFO: task syz-executor2:7579 blocked for more than 120 seconds. Not tainted 4.9.93-g2ba4887 #2 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor2 D27672 7579 3854 0x00000004 ffff8801d5193000 0000000000000000 ffff8801b7c18540 ffffffff84429800 ffff8801db221b98 ffff8801d43d7320 ffffffff838bebed 1ffff1003a87ae58 ffffffff85317ef8 0000000041b58ab3 00ffffff841a45e0 ffff8801db222468 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3556 [] schedule_timeout+0x861/0xf70 kernel/time/timer.c:1768 [] io_schedule_timeout+0x1ba/0x390 kernel/sched/core.c:5178 [] io_schedule include/linux/sched.h:460 [inline] [] dio_await_one fs/direct-io.c:461 [inline] [] dio_await_completion fs/direct-io.c:515 [inline] [] do_blockdev_direct_IO+0x2d5b/0x5a80 fs/direct-io.c:1331 [] __blockdev_direct_IO+0xa5/0xd0 fs/direct-io.c:1360 [] blkdev_direct_IO+0xa0/0xd0 fs/block_dev.c:183 [] generic_file_read_iter+0x660/0x1a90 mm/filemap.c:1952 [] blkdev_read_iter+0x105/0x170 fs/block_dev.c:1738 [] generic_file_splice_read+0x2c9/0x4f0 fs/splice.c:309 [] do_splice_to+0x10c/0x170 fs/splice.c:899 [] splice_direct_to_actor+0x23f/0x7e0 fs/splice.c:971 [] do_splice_direct+0x1a3/0x270 fs/splice.c:1080 [] do_sendfile+0x4f0/0xc60 fs/read_write.c:1393 [] SYSC_sendfile64 fs/read_write.c:1448 [inline] [] SyS_sendfile64+0xd1/0x160 fs/read_write.c:1440 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/515: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/3748: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16b0 drivers/tty/n_tty.c:2133 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 515 Comm: khungtaskd Not tainted 4.9.93-g2ba4887 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8657d08 ffffffff81d9aa29 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810b7d60 ffff8801d8657d40 ffffffff81da5d57 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6b4/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.93-g2ba4887 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffffffff84429800 task.stack: ffffffff84400000 RIP: 0010:[] c [] native_apic_mem_write+0xc/0x10 arch/x86/include/asm/apic.h:98 RSP: 0018:ffff8801db207fd0 EFLAGS: 00000046 RAX: ffffffff810c12b0 RBX: ffffffff84211840 RCX: 0000000000000000 RDX: 1ffffffff0842326 RSI: 0000000000000000 RDI: 00000000000000b0 RBP: ffff8801db207fd0 R08: 0000000000000001 R09: 0000000000000006 R10: ffffed0043fffa01 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff84a3a048 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff8f064f140 CR3: 00000001ce1e4000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801db207fe8c ffffffff838d4250c ffffffff84a2aea8c ffffffff84407dc0c ffffffff838d1dd0c ffffffff84407d18c c 0000000000000000c ffffffff84a3a048c 0000000000000000c 0000000000000000c ffffffff84407dc0c ffffffff84a2aea8c Call Trace: d [] apic_eoi arch/x86/include/asm/apic.h:403 [inline] d [] ack_APIC_irq arch/x86/include/asm/apic.h:447 [inline] d [] smp_reschedule_interrupt+0x60/0x90 arch/x86/kernel/smp.c:268 [] reschedule_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:671 d [] ? native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:53 [] arch_safe_halt arch/x86/include/asm/paravirt.h:104 [inline] [] default_idle+0x55/0x360 arch/x86/kernel/process.c:295 [] arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:286 [] default_idle_call+0x45/0x60 kernel/sched/idle.c:97 [] cpuidle_idle_call kernel/sched/idle.c:155 [inline] [] cpu_idle_loop kernel/sched/idle.c:248 [inline] [] cpu_startup_entry+0x2b5/0x380 kernel/sched/idle.c:303 [] rest_init+0x183/0x189 init/main.c:409 [] start_kernel+0x67e/0x6b2 init/main.c:664 [] x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:196 [] x86_64_start_kernel+0x13f/0x162 arch/x86/kernel/head64.c:177 Code: c00 c0f c1f c40 c00 c66 c2e c0f c1f c84 c00 c00 c00 c00 c00 c55 cbe c01 c00 c00 c00 c48 c89 ce5 ce8 c32 c1a c1b c00 c5d cc3 c55 c89 cff c48 c89 ce5 c89 cb7 c00 cc0 c5f cff c<5d> cc3 c66 c90 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c55 c48 c89 ce5 c53 c89 cfb c