binder_alloc: binder_alloc_mmap_handler: 4433 20001000-20004000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 4435 20001000-20004000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 4436 20001000-20004000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 4445 20001000-20004000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 4444 20001000-20004000 already mapped failed -16 INFO: task syz-executor029:2188 blocked for more than 140 seconds. Not tainted 4.4.174+ #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor029 D ffff8800b5b6fd30 29904 2188 2186 0x00000004 ffff8800b5b6fd30 0000000000000006 ffff8800b4df5f00 dffffc0000000000 ffff8800b5b6fd18 ffffffff811fef00 ffff8801db61f180 ffff8801db61f1a8 ffff8801db61e898 ffff8800ba84df00 ffff8800b4df5f00 ffffed0016b6d001 Call Trace: [] schedule+0x99/0x1d0 kernel/sched/core.c:3355 [] rwsem_down_read_failed+0x220/0x380 kernel/locking/rwsem-xadd.c:250 [] call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:90 [] __do_page_fault+0x58a/0x7f0 arch/x86/mm/fault.c:1189 [] do_page_fault+0x28/0x30 arch/x86/mm/fault.c:1306 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:1064 1 lock held by syz-executor029/2188: #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x58a/0x7f0 arch/x86/mm/fault.c:1189 Sending NMI to all CPUs: NMI backtrace for cpu 0 CPU: 0 PID: 20 Comm: khungtaskd Not tainted 4.4.174+ #4 task: ffff8801da6f4740 task.stack: ffff8800001d0000 RIP: 0010:[] [] _flat_send_IPI_mask arch/x86/kernel/apic/apic_flat_64.c:62 [inline] RIP: 0010:[] [] flat_send_IPI_mask+0xf7/0x1b0 arch/x86/kernel/apic/apic_flat_64.c:69 RSP: 0018:ffff8800001d7c88 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000 RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300 RBP: ffff8800001d7cb8 R08: 0000000000000018 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246 R13: 0000000003000000 R14: ffffffff82e5f2e0 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd9998ad60 CR3: 00000001d62a0000 CR4: 00000000001606b0 Stack: 0000000000000001 ffffffff82e5f2e0 ffffffff831a6ac0 fffffbfff0634c34 000000000001b6c0 0000000000000008 ffff8800001d7cd8 ffffffff81092bee 0000000000000008 ffffffff82924260 ffff8800001d7d30 ffffffff81ab8252 Call Trace: [] nmi_raise_cpu_backtrace+0x5e/0x80 arch/x86/kernel/apic/hw_nmi.c:33 [] nmi_trigger_all_cpu_backtrace.cold+0xa1/0xae lib/nmi_backtrace.c:85 [] arch_trigger_all_cpu_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 [] trigger_all_cpu_backtrace include/linux/nmi.h:44 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog.cold+0xd3/0xee kernel/hung_task.c:238 [] kthread+0x273/0x310 kernel/kthread.c:211 [] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537 Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff 44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41> f7 c4 00 02 00 00 75 1e 4c 89 e7 57 9d 0f 1f 44 00 00 e8 f1 NMI backtrace for cpu 1 CPU: 1 PID: 2199 Comm: syz-executor029 Not tainted 4.4.174+ #4 task: ffff8801d2b597c0 task.stack: ffff8801d2a88000 RIP: 0010:[] [] delay_tsc+0x38/0xc0 arch/x86/lib/delay.c:67 RSP: 0018:ffff8801d2a8f7e0 EFLAGS: 00000002 RAX: 0000000000000002 RBX: 00000178d22b7739 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffffffff81b0abec RDI: 0000000000000001 RBP: ffff8801d2a8f800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff83fdf1c6 R12: 00000178d22b74c6 R13: 0000000000000001 R14: 00000000000008fd R15: fffffbfff092dca5 FS: 00007f629f14a700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f629f149db8 CR3: 00000000b4deb000 CR4: 00000000001606b0 Stack: ffffffff8496e4e0 000000000000270d 0000000000000020 fffffbfff092dce3 ffff8801d2a8f810 ffffffff81ad8d30 ffff8801d2a8f820 ffffffff81ad8d6a ffff8801d2a8f870 ffffffff81cc45ff ffffed003a551f24 ffffffff8496e528 Call Trace: [] __delay+0x10/0x20 arch/x86/lib/delay.c:160 [] __const_udelay+0x2a/0x30 arch/x86/lib/delay.c:174 [] wait_for_xmitr+0x6f/0x1e0 drivers/tty/serial/8250/8250_port.c:1725 [] serial8250_console_putchar+0x20/0x60 drivers/tty/serial/8250/8250_port.c:2806 [] uart_console_write+0x56/0xe0 drivers/tty/serial/serial_core.c:1789 [] serial8250_console_write+0x2fb/0x870 drivers/tty/serial/8250/8250_port.c:2872 [] univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:594 [] call_console_drivers.constprop.0+0x1ef/0x3f0 kernel/printk/printk.c:1468 [] console_unlock kernel/printk/printk.c:2335 [inline] [] console_unlock+0x602/0xa10 kernel/printk/printk.c:2242 [] vprintk_emit+0x3b2/0x820 kernel/printk/printk.c:1837 [] vprintk+0x28/0x30 kernel/printk/printk.c:1848 [] printk+0xc2/0xf5 kernel/printk/printk.c:1927 [] binder_alloc_mmap_handler+0x655/0x820 drivers/android/binder_alloc.c:734 [] binder_mmap+0x1d8/0x2f0 drivers/android/binder.c:4966 [] mmap_region+0x87b/0x1090 mm/mmap.c:1696 [] do_mmap+0x4e4/0xa20 mm/mmap.c:1473 [] do_mmap_pgoff include/linux/mm.h:1917 [inline] [] vm_mmap_pgoff+0x16a/0x1c0 mm/util.c:296 [] SYSC_mmap_pgoff mm/mmap.c:1523 [inline] [] SyS_mmap_pgoff+0xfa/0x1b0 mm/mmap.c:1481 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [] entry_SYSCALL_64_fastpath+0x1e/0x9a Code: 00 41 55 41 54 53 e8 28 45 68 ff e8 a3 1f 03 00 41 89 c5 0f ae e8 0f 31 48 c1 e2 20 48 09 c2 49 89 d4 eb 16 f3 90 bf 01 00 00 00 03 45 68 ff e8 7e 1f 03 00 44 39 e8 75 36 0f ae e8 0f 31 48