binder_alloc: 15530: binder_alloc_buf, no vma binder: 15530:15533 transaction failed 29189/-3, size 0-0 line 3141 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 INFO: task syz-executor4:15494 blocked for more than 120 seconds. Not tainted 4.9.105-gd7e64f8 #43 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D29512 15494 3877 0x00000004 ffff8801d361e000 ffff8801d89e6a00 ffff8801d3a5e4c0 ffff88019f2e8000 ffff8801db321c18 ffff8801cffff9f0 ffffffff839e8c1d 0000000000000002 0000000041b58ab3 ffffffff843b9ceb 00ffffff81221500 ffff8801db3224e8 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3557 [] blk_mq_freeze_queue_wait+0x114/0x230 block/blk-mq.c:75 [] blk_freeze_queue block/blk-mq.c:92 [inline] [] blk_mq_freeze_queue+0x1d/0x20 block/blk-mq.c:101 [] loop_switch drivers/block/loop.c:599 [inline] [] loop_change_fd drivers/block/loop.c:685 [inline] [] lo_ioctl+0x722/0x1aa0 drivers/block/loop.c:1350 [] __blkdev_driver_ioctl block/ioctl.c:294 [inline] [] blkdev_ioctl+0x7b6/0x1a70 block/ioctl.c:590 [] block_ioctl+0xde/0x120 fs/block_dev.c:1688 [] vfs_ioctl fs/ioctl.c:43 [inline] [] file_ioctl fs/ioctl.c:493 [inline] [] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/519: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/3678: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/3776: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133 1 lock held by syz-executor4/15494: #0: (&lo->lo_ctl_mutex/1){+.+.+.}, at: [] lo_ioctl+0x8b/0x1aa0 drivers/block/loop.c:1344 1 lock held by syz-executor4/15538: #0: (&lo->lo_ctl_mutex/1){+.+.+.}, at: [] lo_ioctl+0x8b/0x1aa0 drivers/block/loop.c:1344 1 lock held by blkid/15552: #0: (&lo->lo_ctl_mutex/1){+.+.+.}, at: [] lo_ioctl+0x8b/0x1aa0 drivers/block/loop.c:1344 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 519 Comm: khungtaskd Not tainted 4.9.105-gd7e64f8 #43 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d86d7d08 ffffffff81eb41a9 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810b96a0 ffff8801d86d7d40 ffffffff81ebf4a7 0000000000000000 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6b4/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 3676 Comm: rs:main Q:Reg Not tainted 4.9.105-gd7e64f8 #43 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801c1d90000 task.stack: ffff8801c1d40000 RIP: 0010:[] c [] match_held_lock+0x231/0x570 kernel/locking/lockdep.c:3436 RSP: 0018:ffff8801c1d47578 EFLAGS: 00000086 RAX: 0000000000000000 RBX: ffff8801c1d90000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff846deea0 RDI: ffff8801c1d90962 RBP: ffff8801c1d475b0 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 1ffff100383b212c R12: ffffed00383b2118 R13: ffff8801c1d908c8 R14: ffffffff846deea0 R15: 0000000000000003 FS: 00007f2393d97700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001579000 CR3: 00000001cdb0f000 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff81230712c ffff8801c1d908c0c 0000000000000246c ffff8801c1d90000c ffffffff846deea0c ffff8801b7362a90c ffffffff81754624c ffff8801c1d475d8c ffffffff81230f44c 0000000000000003c 0000000000000008c 0000000000000000c Call Trace: [] lock_is_held+0xb4/0x140 kernel/locking/lockdep.c:3794 [] rcu_read_lock_sched_held+0x103/0x120 kernel/rcu/update.c:112 [] trace_ext4_journal_start include/trace/events/ext4.h:1743 [inline] [] __ext4_journal_start_sb+0x202/0x460 fs/ext4/ext4_jbd2.c:68 [] __ext4_journal_start fs/ext4/ext4_jbd2.h:318 [inline] [] ext4_truncate+0x434/0x12c0 fs/ext4/inode.c:4233 [] ext4_truncate_failed_write fs/ext4/truncate.h:15 [inline] [] ext4_da_write_begin+0x4eb/0x1020 fs/ext4/inode.c:3015 [] generic_perform_write+0x301/0x510 mm/filemap.c:2740 [] __generic_file_write_iter+0x352/0x540 mm/filemap.c:2865 [] ext4_file_write_iter+0x463/0xd90 fs/ext4/file.c:165 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3e0/0x580 fs/read_write.c:509 [] vfs_write+0x187/0x530 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c48 cc1 cea c03 c80 c3c c02 c00 c0f c85 cf6 c02 c00 c00 c48 c8b c1c cdd c20 c10 c58 c85 c48 c85 cdb c75 c25 c31 cc0 c48 c83 cc4 c08 c5b c41 c5c c41 c5d c41 c5e c41 c5f c5d c c48 c83 cc4 c08 cb8 c01 c00 c00 c00 c5b c41 c5c c41 c5d c41 c5e c41 c5f c5d cc3 c