binder: 5004:5005 ioctl c0306201 20a20000 returned -14 binder: 5006:5006 ioctl c0306201 20a20000 returned -14 netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. syz-executor1 (4996) used greatest stack depth: 23472 bytes left INFO: task syz-executor0:4944 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D27848 4944 1842 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721 do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123 flush_work+0x3b8/0x6e0 kernel/workqueue.c:2885 lru_add_drain_all_cpuslocked+0x2ef/0x450 mm/swap.c:722 lru_add_drain_all+0xf/0x20 mm/swap.c:730 do_mlock+0x8c/0x5c0 mm/mlock.c:673 SYSC_mlock mm/mlock.c:713 [inline] SyS_mlock+0x1d/0x30 mm/mlock.c:711 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457679 RSP: 002b:00007fe3dfed2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 RAX: ffffffffffffffda RBX: 00007fe3dfed36d4 RCX: 0000000000457679 RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020004000 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d3a68 R14: 00000000004c28ff R15: 0000000000000000 INFO: task syz-executor0:4947 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D30400 4947 1842 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 lru_add_drain_all+0xf/0x20 mm/swap.c:730 do_mlock+0x8c/0x5c0 mm/mlock.c:673 SYSC_mlock2 mm/mlock.c:726 [inline] SyS_mlock2+0x46/0x60 mm/mlock.c:716 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457679 RSP: 002b:00007fe3dfeb1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000145 RAX: ffffffffffffffda RBX: 00007fe3dfeb26d4 RCX: 0000000000457679 RDX: 0000000000000001 RSI: 0000000000002000 RDI: 0000000020004000 RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d3a80 R14: 00000000004c2905 R15: 0000000000000001 INFO: task syz-executor0:4950 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D29536 4950 1842 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 lru_add_drain_all+0xf/0x20 mm/swap.c:730 do_mlock+0x8c/0x5c0 mm/mlock.c:673 SYSC_mlock mm/mlock.c:713 [inline] SyS_mlock+0x1d/0x30 mm/mlock.c:711 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457679 RSP: 002b:00007fe3dfe90c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 RAX: ffffffffffffffda RBX: 00007fe3dfe916d4 RCX: 0000000000457679 RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020003000 RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d3a68 R14: 00000000004c28ff R15: 0000000000000002 INFO: task syz-executor0:4951 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D27352 4951 1842 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 lru_add_drain_all+0xf/0x20 mm/swap.c:730 do_mlock+0x8c/0x5c0 mm/mlock.c:673 SYSC_mlock mm/mlock.c:713 [inline] SyS_mlock+0x1d/0x30 mm/mlock.c:711 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457679 RSP: 002b:00007fe3dfe6fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 RAX: ffffffffffffffda RBX: 00007fe3dfe706d4 RCX: 0000000000457679 RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020004000 RBP: 000000000072c0e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d3a68 R14: 00000000004c28ff R15: 0000000000000003 INFO: task syz-executor0:4956 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D30104 4956 1842 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 lru_add_drain_all+0xf/0x20 mm/swap.c:730 do_mlock+0x8c/0x5c0 mm/mlock.c:673 SYSC_mlock2 mm/mlock.c:726 [inline] SyS_mlock2+0x46/0x60 mm/mlock.c:716 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457679 RSP: 002b:00007fe3dfe4ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000145 RAX: ffffffffffffffda RBX: 00007fe3dfe4f6d4 RCX: 0000000000457679 RDX: 0000000000000001 RSI: 0000000000002000 RDI: 0000000020004000 RBP: 000000000072c180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d3a80 R14: 00000000004c2905 R15: 0000000000000004 INFO: task syz-executor4:4967 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D26552 4967 1847 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 lru_add_drain_all+0xf/0x20 mm/swap.c:730 invalidate_bdev+0x88/0xc0 fs/block_dev.c:109 loop_clr_fd+0x3d2/0xac0 drivers/block/loop.c:1052 lo_ioctl+0x6e6/0x17d0 drivers/block/loop.c:1383 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x57d/0x18c0 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1873 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4574e7 RSP: 002b:00007f871dd92a18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f871dd936d4 RCX: 00000000004574e7 RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000c R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000004 R14: 0000000000000005 R15: 0000000000000000 INFO: task syz-executor4:4983 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D26672 4983 1847 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lo_ioctl+0x85/0x17d0 drivers/block/loop.c:1373 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x57d/0x18c0 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1873 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4574e7 RSP: 002b:00007f871dd50a18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f871dd516d4 RCX: 00000000004574e7 RDX: 000000000000000b RSI: 0000000000004c00 RDI: 000000000000000c RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a R10: 0000000000000075 R11: 0000000000000246 R12: 0000000100000000 R13: 000000000000000b R14: 000000000000000c R15: 0000000000000002 INFO: task blkid:4970 blocked for more than 140 seconds. Not tainted 4.14.71+ #8 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. blkid D28984 4970 306 0x00000004 Call Trace: schedule+0x7f/0x1b0 kernel/sched/core.c:3490 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893 lo_ioctl+0x85/0x17d0 drivers/block/loop.c:1373 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x57d/0x18c0 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1873 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7fb450303347 RSP: 002b:00007ffcbecdbef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000aa6030 RCX: 00007fb450303347 RDX: 0000000000000000 RSI: 0000000000005331 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007fb4505b35a0 R09: 0000000000000007 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000008100000 R14: 0000000000000003 R15: 0000000000000005 Showing all locks held in the system: 1 lock held by khungtaskd/23: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541 2 locks held by getty/1756: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142 2 locks held by syz-executor0/4944: #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 #1: (lock#4){+.+.}, at: [] lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 2 locks held by syz-executor0/4947: #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 #1: (lock#4){+.+.}, at: [] lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 2 locks held by syz-executor0/4950: #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 #1: (lock#4){+.+.}, at: [] lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 2 locks held by syz-executor0/4951: #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 #1: (lock#4){+.+.}, at: [] lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 2 locks held by syz-executor0/4956: #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] #0: (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 #1: (lock#4){+.+.}, at: [] lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 3 locks held by syz-executor4/4967: #0: (&lo->lo_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x85/0x17d0 drivers/block/loop.c:1373 #1: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] #1: (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 #2: (lock#4){+.+.}, at: [] lru_add_drain_all_cpuslocked+0x7f/0x450 mm/swap.c:704 1 lock held by syz-executor4/4983: #0: (&lo->lo_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x85/0x17d0 drivers/block/loop.c:1373 1 lock held by blkid/4970: #0: (&lo->lo_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x85/0x17d0 drivers/block/loop.c:1373 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.71+ #8 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x11b lib/dump_stack.c:53 nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline] watchdog+0x574/0xa70 kernel/hung_task.c:252 kthread+0x348/0x420 kernel/kthread.c:232 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4624 Comm: syz-executor2 Not tainted 4.14.71+ #8 task: ffff8801a0585e00 task.stack: ffff8801a2580000 RIP: 0033:0x40157b RSP: 002b:00007fedb569f690 EFLAGS: 00000216 RAX: 000000006af31bc0 RBX: 0000000000000007 RCX: 0000000000457679 RDX: 0000000000000000 RSI: 00007fedb569f6c0 RDI: 0000000000000007 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d7950 R14: 00000000004c48c6 R15: 0000000000000000 FS: 00007fedb56a0700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f99ce27e820 CR3: 00000001c420c002 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400