================================================================== BUG: KASAN: use-after-free in do_get_mempolicy+0xb41/0xba0 mm/mempolicy.c:938 at addr ffff8801c767552e Read of size 2 by task syz-executor7/9296 CPU: 1 PID: 9296 Comm: syz-executor7 Not tainted 4.9.39-g72a0c9f #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff880193387cf8 ffffffff81eacd59 ffff8801dac0ec80 ffff8801c7675528 ffff8801c7675540 ffffed0038eceaa5 ffff8801c767552e ffff880193387d20 ffffffff81546bfc ffffed0038eceaa5 ffff8801dac0ec80 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x20d/0x4e0 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:328 [inline] [] __asan_report_load2_noabort+0x29/0x30 mm/kasan/report.c:328 [] do_get_mempolicy+0xb41/0xba0 mm/mempolicy.c:938 [] SYSC_get_mempolicy mm/mempolicy.c:1479 [inline] [] SyS_get_mempolicy+0xc3/0x190 mm/mempolicy.c:1468 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801c7675528, in cache numa_policy size: 24 Allocated: PID = 9279 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xc9/0x2a0 mm/slub.c:2728 __mpol_dup+0x79/0x3c0 mm/mempolicy.c:2104 mpol_dup include/linux/mempolicy.h:89 [inline] vma_replace_policy mm/mempolicy.c:703 [inline] mbind_range mm/mempolicy.c:776 [inline] do_mbind+0x71e/0xb30 mm/mempolicy.c:1240 SYSC_mbind mm/mempolicy.c:1349 [inline] SyS_mbind+0x13b/0x150 mm/mempolicy.c:1331 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 9259 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 __mpol_put+0x26/0x30 mm/mempolicy.c:299 mpol_put include/linux/mempolicy.h:67 [inline] remove_vma+0x12b/0x1a0 mm/mmap.c:174 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfe0 mm/mmap.c:1635 do_mmap+0x595/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x158/0x1a0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0x1fc/0x580 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c7675400: fc fc fb fb fb fc fc fb fb fb fc fc fb fb fb fc ffff8801c7675480: fc fb fb fb fc fc fb fb fb fc fc fb fb fb fc fc >ffff8801c7675500: fb fb fb fc fc fb fb fb fc fc fb fb fb fc fc fb ^ ffff8801c7675580: fb fb fc fc fb fb fb fc fc fb fb fb fc fc 00 00 ffff8801c7675600: 00 fc fc fb fb fb fc fc fb fb fb fc fc fb fb fb ================================================================== ================================================================== BUG: KASAN: use-after-free in do_get_mempolicy+0xb23/0xba0 mm/mempolicy.c:938 at addr ffff8801c7675538 Read of size 8 by task syz-executor7/9296 CPU: 1 PID: 9296 Comm: syz-executor7 Tainted: G B 4.9.39-g72a0c9f #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff880193387cf8 ffffffff81eacd59 ffff8801dac0ec80 ffff8801c7675528 ffff8801c7675540 ffffed0038eceaa7 ffff8801c7675538 ffff880193387d20 ffffffff81546bfc ffffed0038eceaa7 ffff8801dac0ec80 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x20d/0x4e0 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] do_get_mempolicy+0xb23/0xba0 mm/mempolicy.c:938 [] SYSC_get_mempolicy mm/mempolicy.c:1479 [inline] [] SyS_get_mempolicy+0xc3/0x190 mm/mempolicy.c:1468 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801c7675528, in cache numa_policy size: 24 Allocated: PID = 9279 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xc9/0x2a0 mm/slub.c:2728 __mpol_dup+0x79/0x3c0 mm/mempolicy.c:2104 mpol_dup include/linux/mempolicy.h:89 [inline] vma_replace_policy mm/mempolicy.c:703 [inline] mbind_range mm/mempolicy.c:776 [inline] do_mbind+0x71e/0xb30 mm/mempolicy.c:1240 SYSC_mbind mm/mempolicy.c:1349 [inline] SyS_mbind+0x13b/0x150 mm/mempolicy.c:1331 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 9259 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 __mpol_put+0x26/0x30 mm/mempolicy.c:299 mpol_put include/linux/mempolicy.h:67 [inline] remove_vma+0x12b/0x1a0 mm/mmap.c:174 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfe0 mm/mmap.c:1635 do_mmap+0x595/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x158/0x1a0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0x1fc/0x580 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c7675400: fc fc fb fb fb fc fc fb fb fb fc fc fb fb fb fc ffff8801c7675480: fc fb fb fb fc fc fb fb fb fc fc fb fb fb fc fc >ffff8801c7675500: fb fb fb fc fc fb fb fb fc fc fb fb fb fc fc fb ^ ffff8801c7675580: fb fb fc fc fb fb fb fc fc fb fb fb fc fc fb fb ffff8801c7675600: fb fc fc fb fb fb fc fc fb fb fb fc fc fb fb fb ================================================================== ================================================================== BUG: KASAN: use-after-free in mpol_needs_cond_ref include/linux/mempolicy.h:76 [inline] at addr ffff8801c767552e BUG: KASAN: use-after-free in mpol_cond_put include/linux/mempolicy.h:81 [inline] at addr ffff8801c767552e BUG: KASAN: use-after-free in do_get_mempolicy+0xaee/0xba0 mm/mempolicy.c:947 at addr ffff8801c767552e Read of size 2 by task syz-executor7/9296 CPU: 1 PID: 9296 Comm: syz-executor7 Tainted: G B 4.9.39-g72a0c9f #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff880193387cf8 ffffffff81eacd59 ffff8801dac0ec80 ffff8801c7675528 ffff8801c7675540 ffffed0038eceaa5 ffff8801c767552e ffff880193387d20 ffffffff81546bfc ffffed0038eceaa5 ffff8801dac0ec80 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x20d/0x4e0 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:328 [inline] [] __asan_report_load2_noabort+0x29/0x30 mm/kasan/report.c:328 [] mpol_needs_cond_ref include/linux/mempolicy.h:76 [inline] [] mpol_cond_put include/linux/mempolicy.h:81 [inline] [] do_get_mempolicy+0xaee/0xba0 mm/mempolicy.c:947 [] SYSC_get_mempolicy mm/mempolicy.c:1479 [inline] [] SyS_get_mempolicy+0xc3/0x190 mm/mempolicy.c:1468 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801c7675528, in cache numa_policy size: 24 Allocated: PID = 9279 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xc9/0x2a0 mm/slub.c:2728 __mpol_dup+0x79/0x3c0 mm/mempolicy.c:2104 mpol_dup include/linux/mempolicy.h:89 [inline] vma_replace_policy mm/mempolicy.c:703 [inline] mbind_range mm/mempolicy.c:776 [inline] do_mbind+0x71e/0xb30 mm/mempolicy.c:1240 SYSC_mbind mm/mempolicy.c:1349 [inline] SyS_mbind+0x13b/0x150 mm/mempolicy.c:1331 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 9259 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 __mpol_put+0x26/0x30 mm/mempolicy.c:299 mpol_put include/linux/mempolicy.h:67 [inline] remove_vma+0x12b/0x1a0 mm/mmap.c:174 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfe0 mm/mmap.c:1635 do_mmap+0x595/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x158/0x1a0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0x1fc/0x580 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c7675400: fc fc fb fb fb fc fc fb fb fb fc fc fb fb fb fc ffff8801c7675480: fc fb fb fb fc fc fb fb fb fc fc fb fb fb fc fc >ffff8801c7675500: fb fb fb fc fc fb fb fb fc fc fb fb fb fc fc fb ^ ffff8801c7675580: fb fb fc fc fb fb fb fc fc fb fb fb fc fc fb fb ffff8801c7675600: fb fc fc fb fb fb fc fc fb fb fb fc fc fb fb fb ================================================================== nla_parse: 3 callbacks suppressed netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. device lo left promiscuous mode device lo entered promiscuous mode netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. rpcbind: RPC call returned error 22 rpcbind: RPC call returned error 22 netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. binder_alloc: binder_alloc_mmap_handler: 9605 20000000-20400000 already mapped failed -16 rpcbind: RPC call returned error 22 rpcbind: RPC call returned error 22 netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. binder_alloc: binder_alloc_mmap_handler: 9708 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 9709 20000000-20400000 already mapped failed -16 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder_alloc: binder_alloc_mmap_handler: 9771 20000000-20400000 already mapped failed -16 binder: 9857:9858 ioctl c0bc5351 20948000 returned -22 binder: 9857:9858 ioctl c0bc5351 20948000 returned -22 binder_alloc: binder_alloc_mmap_handler: 9869 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 9877 20000000-20400000 already mapped failed -16 binder: 9900:9903 ioctl 4b4c 2072cff8 returned -22 binder: 9899:9904 ioctl 80404508 20ad1000 returned -22 binder: 9900:9907 ioctl 4b4c 2072cff8 returned -22 binder: 9899:9906 ioctl 80404508 20ad1000 returned -22 binder: 9913:9917 ioctl 40082404 20c50ff8 returned -22 binder_alloc: binder_alloc_mmap_handler: 9931 20000000-20400000 already mapped failed -16 binder: 9985:9989 ioctl 8903 209d3000 returned -22 binder_alloc: binder_alloc_mmap_handler: 9962 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 9985 20000000-20400000 already mapped failed -16 binder: 9985:9999 ioctl 8903 209d3000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10013 20000000-20400000 already mapped failed -16 binder: 10024:10025 ioctl 4b67 20b47000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10024 20000000-20400000 already mapped failed -16 binder: 10024:10025 ioctl 4b67 20b47000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10032 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10069 20000000-20400000 already mapped failed -16 binder: 10091:10100 ioctl 560a 201ba000 returned -22 xprt_adjust_timeout: rq_timeout = 0! binder: 10091:10110 ioctl 560a 201ba000 returned -22 xprt_adjust_timeout: rq_timeout = 0! binder: 10129:10130 ioctl 540f 20dc4ffc returned -22 binder: 10129:10130 ioctl 541c 20d5f000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10123 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10129 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10142 20000000-20400000 already mapped failed -16 binder: 10129:10130 ioctl 540f 20dc4ffc returned -22 binder: 10129:10141 ioctl 541c 20d5f000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10152 20000000-20400000 already mapped failed -16 binder: 10245:10247 ioctl 8917 2056d000 returned -22 binder: 10244:10248 ioctl c0106426 20edc000 returned -22 binder: 10244:10248 ioctl 4008642b 2008cff8 returned -22 binder: 10244:10248 ioctl c0106426 20edc000 returned -22 binder: 10244:10250 ioctl 4008642b 2008cff8 returned -22 binder: 10245:10255 ioctl 8917 2056d000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10245 20000000-20400000 already mapped failed -16 binder: 10268:10271 ioctl 5462 20a67ff8 returned -22 binder: 10268:10272 ioctl 5462 20a67ff8 returned -22 binder_alloc: binder_alloc_mmap_handler: 10273 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10279 20000000-20400000 already mapped failed -16 binder: 10337:10338 ioctl 80404518 203cffcf returned -22 binder: 10337:10340 ioctl 80404518 203cffcf returned -22 binder_alloc: binder_alloc_mmap_handler: 10345 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10376 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10385 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10404 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10430 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10440 20000000-20400000 already mapped failed -16 binder: 10462:10467 ioctl 541b 20f27ffc returned -22 binder_alloc: binder_alloc_mmap_handler: 10462 20000000-20400000 already mapped failed -16 binder: 10495:10503 ioctl 80404518 20475000 returned -22 binder: 10495:10506 ioctl 80404518 20475000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10520 20000000-20400000 already mapped failed -16 binder: 10561:10569 ioctl 5411 2048c000 returned -22 binder: 10561:10589 ioctl 5411 2048c000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10666 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10689 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10690 20000000-20400000 already mapped failed -16 binder: 10745:10747 ioctl c0106426 20b46ff9 returned -22 binder_alloc: binder_alloc_mmap_handler: 10744 20bb1000-20bb5000 already mapped failed -16 binder: 10759:10768 ioctl 4c00 17 returned -22 binder: 10745:10767 ioctl c0406429 201ca000 returned -22 binder: 10759:10773 ioctl 4c00 1a returned -22 binder: 10745:10785 ioctl c0106426 20d09000 returned -22 binder: 10745:10785 ioctl c0086423 20fb5000 returned -22 binder: 10745:10794 ioctl c0106426 20b46ff9 returned -22 binder: 10745:10785 ioctl c0406429 201ca000 returned -22 binder: 10745:10794 ioctl c0086423 20fb5000 returned -22 binder: 10745:10785 ioctl c0106426 20d09000 returned -22 binder: 10782:10798 ioctl 800454cf 20913000 returned -22 binder: 10782:10783 ioctl 800454cf 20913000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10859 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 10936 20000000-20400000 already mapped failed -16 binder: 10941:10951 ioctl 541b 20dd2ffc returned -22 binder: 10941:10962 ioctl 541b 20dd2ffc returned -22 binder: 10963:10970 ioctl 8924 20f5f000 returned -22 binder: 10963:10970 ioctl 540d 0 returned -22 binder: 10963:10970 ioctl 8924 20f5f000 returned -22 binder_alloc: binder_alloc_mmap_handler: 10963 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11031 20000000-20400000 already mapped failed -16 binder: binder_mmap: 11092 20000000-20400000 bad vm_flags failed -1 binder: 11092:11099 ioctl 8990 20dadfd8 returned -22 binder: binder_mmap: 11092 20000000-20400000 bad vm_flags failed -1 binder: 11092:11110 ioctl 8990 20dadfd8 returned -22 binder: 11137:11141 ioctl 4c00 5 returned -22 binder: 11139:11142 ioctl 4b65 8000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11139 20000000-20400000 already mapped failed -16 binder: 11137:11161 ioctl 4c00 5 returned -22 binder: 11181:11187 ioctl 8935 20e5f000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11181 20000000-20400000 already mapped failed -16 binder: 11200:11207 ioctl 4b63 20000ff8 returned -22 binder: 11200:11213 ioctl 4b63 20000ff8 returned -22 binder_alloc: binder_alloc_mmap_handler: 11211 20000000-20400000 already mapped failed -16 binder: 11248:11251 ioctl 4c08 4 returned -22 binder: 11248:11251 ioctl 40086408 20639ff8 returned -22 binder_alloc: binder_alloc_mmap_handler: 11256 20000000-20400000 already mapped failed -16 binder: 11267:11269 ioctl 5411 20b91ffc returned -22 binder: 11267:11272 ioctl 5411 20b91ffc returned -22 binder: 11248:11277 ioctl 4c08 4 returned -22 binder: 11248:11278 ioctl 40086408 20639ff8 returned -22 binder_alloc: binder_alloc_mmap_handler: 11289 20000000-20400000 already mapped failed -16 binder: 11287:11293 ioctl c08c5336 20094000 returned -22 binder: 11287:11293 ioctl 5411 2096affc returned -22 binder: 11287:11299 ioctl c08c5336 20094000 returned -22 binder: 11287:11299 ioctl 5411 2096affc returned -22 binder: 11306:11309 ioctl 40a85323 20774f50 returned -22 binder: 11306:11313 ioctl 40a85323 20774f50 returned -22 binder_alloc: binder_alloc_mmap_handler: 11320 20000000-20400000 already mapped failed -16 binder: 11328:11330 ioctl 890c 201dcf88 returned -22 binder: 11328:11332 ioctl 890c 201dcf88 returned -22 binder: 11327:11334 ioctl 80284504 20d2a000 returned -22 binder: 11327:11337 ioctl 80284504 20d2a000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11351 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11371 206e4000-206e7000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11365 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11391 20000000-20400000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11413 20000000-20400000 already mapped failed -16 binder: 11430:11433 ioctl 8981 20eb9000 returned -22 binder: 11434:11442 ioctl 4b35 f3f6 returned -22 binder: 11434:11442 ioctl 890c 201ecf88 returned -22 binder: 11434:11442 ioctl 4b35 f3f6 returned -22 binder: 11434:11444 ioctl 890c 201ecf88 returned -22 binder: 11430:11440 ioctl 8981 20eb9000 returned -22 binder: 11490:11492 ioctl 40044591 20b4b000 returned -22 binder: 11505:11507 ioctl 40284504 204cc000 returned -22 binder: 11505:11507 ioctl 40284504 204cc000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11496 20000000-20400000 already mapped failed -16 binder: 11490:11492 ioctl 40044591 20b4b000 returned -22 binder: 11535:11547 ioctl 8916 20abbfe0 returned -22 binder_alloc: binder_alloc_mmap_handler: 11535 20000000-20400000 already mapped failed -16 binder: 11573:11580 ioctl 4010641a 201aeff0 returned -22 binder: 11573:11580 ioctl 8904 209bd000 returned -22 binder: 11573:11584 ioctl 4010641a 201aeff0 returned -22 binder_alloc: binder_alloc_mmap_handler: 11557 20000000-20400000 already mapped failed -16 binder: 11573:11586 ioctl 8904 209bd000 returned -22 binder: 11594:11596 ioctl 541b 20159000 returned -22 binder: 11592:11601 ioctl 4c03 20623000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11592 20000000-20400000 already mapped failed -16 binder: 11594:11621 ioctl 541b 20159000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11594 207a5000-207a7000 already mapped failed -16 nla_parse: 5 callbacks suppressed binder_alloc: binder_alloc_mmap_handler: 11662 20000000-20400000 already mapped failed -16 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. binder: 11700:11710 ioctl 4b33 20daa000 returned -22 binder: 11700:11726 ioctl 4b33 20daa000 returned -22 binder: 11765:11769 ioctl 8905 20bfe000 returned -22 netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. binder_alloc: binder_alloc_mmap_handler: 11765 20000000-20400000 already mapped failed -16 binder: 11765:11769 ioctl 8905 20bfe000 returned -22 netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. binder_alloc: binder_alloc_mmap_handler: 11791 20000000-20400000 already mapped failed -16 netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. binder_alloc: binder_alloc_mmap_handler: 11812 20000000-20400000 already mapped failed -16 binder: 11833:11840 ioctl 4b2f 0 returned -22 binder: 11835:11844 ioctl c0086420 20320000 returned -22 binder: 11835:11844 ioctl c0086420 20320000 returned -22 binder_alloc: binder_alloc_mmap_handler: 11833 20000000-20400000 already mapped failed -16 binder: 11853:11854 ioctl c010640b 20d71000 returned -22 binder: 11855:11862 ioctl c0106403 20675ff0 returned -22 binder_alloc: binder_alloc_mmap_handler: 11861 20000000-20400000 already mapped failed -16 binder: 11855:11862 ioctl c0106403 20675ff0 returned -22 binder: 11853:11877 ioctl c00c642d 204d1ff4 returned -22 binder_alloc: binder_alloc_mmap_handler: 11853 20000000-20400000 already mapped failed -16 binder: 11853:11877 ioctl c010640b 20d71000 returned -22