binder: 31259:31267 transaction failed 29189/-3, size 72-24 line 3136 binder: 31259:31267 Acquire 1 refcount change on invalid ref 3 ret -22 binder: 31259:31267 Release 1 refcount change on invalid ref 0 ret -22 binder: 31259:31267 got transaction to invalid handle binder: 31259:31267 transaction failed 29201/-22, size 0-24 line 3013 INFO: task kworker/u4:4:2120 blocked for more than 140 seconds. Not tainted 4.9.141+ #23 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:4 D25352 2120 2 0x80000000 Workqueue: events_unbound fsnotify_mark_destroy_workfn ffff8801d1ae97c0 0000000000000000 ffff8801d2e32100 ffff8801da6f2f80 ffff8801db721018 ffff8801adf2f7c0 ffffffff828075c2 0000000000000096 ffffffff83cdc420 ffffffff830d2c20 0000000000004fac ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] do_wait_for_common kernel/sched/completion.c:75 [inline] [] __wait_for_common kernel/sched/completion.c:93 [inline] [] wait_for_common+0x3ef/0x5d0 kernel/sched/completion.c:101 [] wait_for_completion+0x18/0x20 kernel/sched/completion.c:122 [] __synchronize_srcu+0x254/0x3b0 kernel/rcu/srcu.c:448 [] synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:492 [] fsnotify_mark_destroy_list+0x10f/0x390 fs/notify/mark.c:551 [] fsnotify_mark_destroy_workfn+0xe/0x10 fs/notify/mark.c:561 [] process_one_work+0x831/0x15f0 kernel/workqueue.c:2092 [] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1910: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2037: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by kworker/u4:4/2120: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((reaper_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by init/24202: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/24203: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/24204: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/24205: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/24206: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/24208: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 2 locks held by kworker/u4:1/24717: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 31266 Comm: syz-executor.0 Not tainted 4.9.141+ #23 task: ffff880161762f80 task.stack: ffff88015cac8000 RIP: 0010:[] c [] compound_head include/linux/page-flags.h:145 [inline] RIP: 0010:[] c [] PageAnon include/linux/page-flags.h:386 [inline] RIP: 0010:[] c [] zap_pte_range mm/memory.c:1146 [inline] RIP: 0010:[] c [] zap_pmd_range mm/memory.c:1249 [inline] RIP: 0010:[] c [] zap_pud_range mm/memory.c:1270 [inline] RIP: 0010:[] c [] unmap_page_range+0xb55/0x1680 mm/memory.c:1291 RSP: 0018:ffff88015cacf708 EFLAGS: 00000246 RAX: dead000000000100 RBX: 00000000f7025000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffff88015cacf990 RBP: ffff88015cacf858 R08: ffff880161763850 R09: 9e50ee563b4102ff R10: ffff880161762f80 R11: 0000000000000001 R12: 00000000f7026000 R13: 0000000000000002 R14: ffffea0006e41340 R15: ffff88018d9b9128 FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000000ee6668 CR3: 00000001b6181000 CR4: 00000000001606b0 Stack: 1ffff1002b959efac dffffc0000000003c fffffbfff067cf3ac 0000000000000019c 00000000f71f5fffc 00000000f71f5fffc 00000000f71f5fffc 00000000f71f6000c 0000000000000000c ffffed002b9aadb8c ffff8801675c4840c 00000000f71f6000c Call Trace: [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_32_irqs_on arch/x86/entry/common.c:334 [inline] [] do_fast_syscall_32+0x6dc/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 Code: c82 c22 ce8 cff c49 c8d c46 c20 c48 cbe c00 c00 c00 c00 c00 cfc cff cdf c48 c89 c85 c68 cff cff cff c48 cc1 ce8 c03 c80 c3c c30 c00 c0f c85 c64 c09 c00 c00 c49 c8b c46 c20 c<4d> c89 cf5 ca8 c01 c0f c85 c7a c07 c00 c00 ce8 c4b c22 ce8 cff c49 c8d c7d c08 c48 c