binder: BINDER_SET_CONTEXT_MGR already set binder: 15535:15570 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) ===================================== WARNING: bad unlock balance detected! 4.14.102+ #17 Not tainted ------------------------------------- migration/1/16 is trying to release lock (&rq->lock) at: [] migration_cpu_stop+0x2dd/0x430 kernel/sched/core.c:1036 binder: 15535:15576 transaction failed 29201/-28, size 24-8 line 3135 but there are no more locks to release! other info that might help us debug this: 1 lock held by migration/1/16: #0: (&p->pi_lock){-.-.}, at: [] migration_cpu_stop+0xe1/0x430 kernel/sched/core.c:1027 stack backtrace: CPU: 1 PID: 16 Comm: migration/1 Not tainted 4.14.102+ #17 Call Trace: binder: 15535:15570 BC_INCREFS_DONE u0000000000000000 no match __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 binder: 15535:15570 Release 1 refcount change on invalid ref 1 ret -22 print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline] print_unlock_imbalance_bug.cold+0x110/0x11f kernel/locking/lockdep.c:3525 binder: 15535:15570 unknown command 1273294998 binder: 15535:15570 ioctl c0306201 200001c0 returned -22 binder: 15535:15570 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 15601:15629 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15601:15636 transaction failed 29201/-28, size 24-8 line 3135 binder: 15601:15629 BC_INCREFS_DONE u0000000000000000 no match binder: 15601:15629 Release 1 refcount change on invalid ref 1 ret -22 binder: 15601:15629 unknown command 1273294998 binder: 15601:15629 ioctl c0306201 200001c0 returned -22 binder: 15601:15629 BC_ACQUIRE_DONE u0000000000000000 no match audit: type=1400 audit(1125.108:93): avc: denied { map } for pid=15662 comm="syz-executor.5" path="/dev/loop9" dev="devtmpfs" ino=120993 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:device_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 15656:15696 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15656:15696 transaction failed 29201/-28, size 24-8 line 3135 binder: 15689:15709 ioctl 40046207 0 returned -16 binder: 15656:15696 BC_INCREFS_DONE u0000000000000000 no match binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder: 15656:15696 Release 1 refcount change on invalid ref 1 ret -22 binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15656:15696 unknown command 1273294998 binder: 15689:15709 transaction failed 29201/-28, size 24-8 line 3135 binder: 15656:15696 ioctl c0306201 200001c0 returned -22 binder: 15689:15709 BC_INCREFS_DONE u0000000000000000 no match binder: 15689:15709 Release 1 refcount change on invalid ref 1 ret -22 binder: 15689:15709 unknown command 1273294998 binder: 15689:15709 ioctl c0306201 200001c0 returned -22 binder: 15689:15709 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 15722:15749 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15722:15749 BC_INCREFS_DONE u0000000000000000 no match binder: 15722:15749 Release 1 refcount change on invalid ref 1 ret -22 binder: 15722:15758 transaction failed 29201/-28, size 24-8 line 3135 binder: 15722:15749 unknown command 1273294998 binder: 15722:15749 ioctl c0306201 200001c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 15789:15814 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15789:15814 BC_INCREFS_DONE u0000000000000000 no match binder: 15789:15814 Release 1 refcount change on invalid ref 1 ret -22 binder: 15789:15823 transaction failed 29201/-28, size 24-8 line 3135 binder: 15789:15814 unknown command 1273294998 binder: 15789:15814 ioctl c0306201 200001c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 15859:15887 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15859:15887 transaction failed 29201/-28, size 24-8 line 3135 binder: 15859:15887 BC_INCREFS_DONE u0000000000000000 no match binder: 15859:15887 Release 1 refcount change on invalid ref 1 ret -22 binder: 15859:15887 unknown command 1273294998 binder: 15859:15887 ioctl c0306201 200001c0 returned -22 binder: 15859:15887 ioctl c0306201 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 15906:15935 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15906:15935 transaction failed 29201/-28, size 24-8 line 3135 binder: 15906:15935 BC_INCREFS_DONE u0000000000000000 no match binder: 15906:15935 Release 1 refcount change on invalid ref 1 ret -22 binder: 15906:15935 unknown command 1273294998 binder: 15906:15935 ioctl c0306201 200001c0 returned -22 binder: 15906:15935 ioctl c0306201 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 15965:16002 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 15965:16002 transaction failed 29201/-28, size 24-8 line 3135 binder: 15965:16012 BC_INCREFS_DONE u0000000000000000 no match binder: 15965:16002 Release 1 refcount change on invalid ref 1 ret -22 binder: 15965:16002 unknown command 1273294998 binder: 15965:16002 ioctl c0306201 200001c0 returned -22 binder: 15965:16002 ioctl c0306201 0 returned -14 raw_sendmsg: syz-executor.1 forgot to set AF_INET. Fix it! binder: BINDER_SET_CONTEXT_MGR already set binder: 16029:16054 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 16029:16064 transaction failed 29201/-28, size 24-8 line 3135 binder: 16029:16054 BC_INCREFS_DONE u0000000000000000 no match binder: 16029:16054 Release 1 refcount change on invalid ref 1 ret -22 binder: 16029:16054 unknown command 1273294998 binder: 16029:16054 ioctl c0306201 200001c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 16079:16110 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 16079:16110 transaction failed 29201/-28, size 24-8 line 3135 binder: 16079:16128 BC_INCREFS_DONE u0000000000000000 no match binder: 16079:16110 Release 1 refcount change on invalid ref 1 ret -22 binder: 16079:16110 unknown command 1273294998 binder: 16079:16110 ioctl c0306201 200001c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 16156:16180 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 16156:16191 transaction failed 29201/-28, size 24-8 line 3135 binder: 16156:16180 BC_INCREFS_DONE u0000000000000000 no match binder: 16156:16180 Release 1 refcount change on invalid ref 1 ret -22 binder: 16156:16180 unknown command 1273294998 binder: 16156:16180 ioctl c0306201 200001c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 16207:16228 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 16207:16228 transaction failed 29201/-28, size 24-8 line 3135 binder: 16207:16250 BC_INCREFS_DONE u0000000000000000 no match binder: 16207:16228 Release 1 refcount change on invalid ref 1 ret -22 binder: 16207:16228 unknown command 1273294998 binder: 16207:16228 ioctl c0306201 200001c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 16266:16284 ioctl 40046207 0 returned -16 binder_alloc: 26751: binder_alloc_buf size 32 failed, no address space binder_alloc: allocated: 12288 (num: 388 largest: 32), free: 0 (num: 0 largest: 0) binder: 16266:16284 transaction failed 29201/-28, size 24-8 line 3135 binder: 16266:16300 BC_INCREFS_DONE u0000000000000000 no match binder: 16266:16284 Release 1 refcount change on invalid ref 1 ret -22 binder: 16266:16284 unknown command 1273294998 binder: 16266:16284 ioctl c0306201 200001c0 returned -22