binder: 12679:12679 transaction failed 29189/-22, size 0-0 line 3004 binder: 12680:12680 transaction failed 29189/-22, size 0-0 line 3004 INFO: task init:4346 blocked for more than 120 seconds. Not tainted 4.9.75-g5f5e5d4 #7 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D28464 4346 1 0x00000000 ffff8801c3a4b000 0000000000000000 ffff8801c3849a40 ffffffff84429880 ffff8801db221b98 ffff8801c57bf620 ffffffff8389f9fb ffff8801c57bf780 0000000000000046 00ffffff8107c5dd ffff8801db222468 ffff8801db222490 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3550 [] schedule_timeout+0x56c/0x10b0 kernel/time/timer.c:1768 [] __down_common kernel/locking/semaphore.c:221 [inline] [] __down+0x128/0x1c0 kernel/locking/semaphore.c:238 [] down+0x5e/0x80 kernel/locking/semaphore.c:61 [] console_lock+0x2c/0x80 kernel/printk/printk.c:2212 [] console_device+0x1c/0xc0 kernel/printk/printk.c:2545 [] tty_lookup_driver drivers/tty/tty_io.c:1986 [inline] [] tty_open_by_driver drivers/tty/tty_io.c:2031 [inline] [] tty_open+0x425/0xdf0 drivers/tty/tty_io.c:2108 [] chrdev_open+0x22b/0x4c0 fs/char_dev.c:392 [] do_dentry_open+0x607/0xc60 fs/open.c:766 [] vfs_open+0x105/0x220 fs/open.c:879 [] do_last fs/namei.c:3408 [inline] [] path_openat+0x5ac/0x2910 fs/namei.c:3531 binder: 12681:12681 transaction failed 29189/-22, size 0-0 line 3004 [] do_filp_open+0x197/0x290 fs/namei.c:3566 [] do_sys_open+0x352/0x4c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] entry_SYSCALL_64_fastpath+0x23/0xe2 Showing all locks held in the system: 2 locks held by khungtaskd/514: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x125/0xa70 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/3170: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:781 2 locks held by getty/3298: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133 1 lock held by init/4346: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108 1 lock held by init/4349: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108 1 lock held by init/4350: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108 1 lock held by init/4351: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108 1 lock held by init/4352: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108 1 lock held by init/4353: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 514 Comm: khungtaskd Not tainted 4.9.75-g5f5e5d4 #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8ba7d00 ffffffff81d93049 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810ba750 ffff8801d8ba7d38 ffffffff81d9e16d 0000000000000001 0000000000000000 ffff8801c3a4b418 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x117/0x190 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6f0/0xa70 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x46/0x60 arch/x86/entry/entry_64.S:460 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 12681 Comm: syzkaller676427 Not tainted 4.9.75-g5f5e5d4 #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801a7b30000 task.stack: ffff8801a7b38000 RIP: 0010:[] c [] trace_hardirqs_on_caller+0x0/0x590 kernel/locking/lockdep.c:2652 RSP: 0018:ffff8801a7b3f6b0 EFLAGS: 00000002 RAX: 0000000000000000 RBX: 0000000000000286 RCX: 0000000000000004 RDX: 1ffffffff0b37e5a RSI: 0000000000000000 RDI: ffffffff838b02ca RBP: ffff8801a7b3f6b8 R08: 1ffff10037bd3b68 R09: 0000000000000001 R10: 0000000000000000 R11: ffff8801a7b30000 R12: ffffffff859bf2c8 R13: 0000000000000004 R14: ffffffff859bf2c8 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007000 CR3: 000000000441e000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff8123a64dc ffff8801a7b3f6d8c ffffffff838b02cac 0000000000000000c ffff8801a7400000c ffff8801a7b3f7e0c ffffffff81dfd902c ffffffff84191c60c ffffffff8123ac70c ffff8801a7b3f760c 0000000000000000c eb2156ccabcf6fbfc Call Trace: [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] _raw_spin_unlock_irqrestore+0x5a/0x70 kernel/locking/spinlock.c:191 [] __debug_check_no_obj_freed lib/debugobjects.c:730 [inline] [] debug_check_no_obj_freed+0x2c2/0xa10 lib/debugobjects.c:746 [] free_pages_prepare mm/page_alloc.c:1061 [inline] [] __free_pages_ok+0x1e5/0x16c0 mm/page_alloc.c:1263 [] free_compound_page+0x5e/0x70 mm/page_alloc.c:594 [] free_transhuge_page+0x99/0xc0 mm/huge_memory.c:2228 [] __put_compound_page+0x87/0xb0 mm/swap.c:94 [] release_pages+0x2e4/0x930 mm/swap.c:763 [] free_pages_and_swap_cache+0x113/0x160 mm/swap_state.c:273 [] tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:259 [] zap_pte_range mm/memory.c:1216 [inline] [] zap_pmd_range mm/memory.c:1258 [inline] [] zap_pud_range mm/memory.c:1279 [inline] [] unmap_page_range+0xfe9/0x1830 mm/memory.c:1300 [] unmap_single_vma+0x10b/0x270 mm/memory.c:1345 [] unmap_vmas+0xf1/0x1b0 mm/memory.c:1375 [] exit_mmap+0x20b/0x400 mm/mmap.c:2986 [] __mmput kernel/fork.c:878 [inline] [] mmput+0xf3/0x2d0 kernel/fork.c:900 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x70a/0x2a40 kernel/exit.c:820 [] do_group_exit+0x108/0x320 kernel/exit.c:937 [] SYSC_exit_group kernel/exit.c:948 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:946 [] entry_SYSCALL_64_fastpath+0x23/0xe2 Code: cc3 c89 c75 cd0 ce8 c12 c30 c30 c00 c8b c75 cd0 ce9 c56 cff cff cff c89 c4d ccc c48 c89 c75 cd0 ce8 cbe c2f c30 c00 c8b c4d ccc c48 c8b c75 cd0 ceb c99 c0f c1f c44 c00 c00 c<48> cb8 c00 c00 c00 c00 c00 cfc cff cdf c55 c48 c89 ce5 c41 c54 c49 c89 cfc c48 cc7 c