===================================== WARNING: bad unlock balance detected! 4.14.103+ #18 Not tainted ------------------------------------- migration/0/11 is trying to release lock (&rq->lock) at: [] migration_cpu_stop+0x2dd/0x430 kernel/sched/core.c:1036 but there are no more locks to release! other info that might help us debug this: 1 lock held by migration/0/11: #0: (&p->pi_lock){-.-.}, at: [] migration_cpu_stop+0xe1/0x430 kernel/sched/core.c:1027 stack backtrace: CPU: 0 PID: 11 Comm: migration/0 Not tainted 4.14.103+ #18 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline] print_unlock_imbalance_bug.cold+0x110/0x11f kernel/locking/lockdep.c:3525 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=30546 comm=syz-executor.4 binder: BINDER_SET_CONTEXT_MGR already set binder: 30542:30547 ioctl 40046207 0 returned -16 binder: 30542:30552 Release 1 refcount change on invalid ref 1 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 30542:30557 ioctl 40046207 0 returned -16 binder: 30542:30558 Release 1 refcount change on invalid ref 1 ret -22 binder: 30542:30547 BC_INCREFS_DONE node 1486 has no pending increfs request binder: 30542:30552 BC_ACQUIRE_DONE node 1486 has no pending acquire request binder: release 30542:30552 transaction 1482 out, still active binder: release 30542:30557 transaction 1485 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE kauditd_printk_skb: 275 callbacks suppressed audit: type=1400 audit(2000000535.582:27592): avc: denied { map } for pid=30565 comm="syz-executor.1" path="/dev/binder0" dev="devtmpfs" ino=5423 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 30565:30582 ioctl 40046207 0 returned -16 binder: 30565:30586 BC_INCREFS_DONE u0000000000000000 no match audit: type=1400 audit(2000000535.662:27593): avc: denied { map } for pid=30580 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 30565:30569 got transaction with invalid offset (-6224463596873199, min 0 max 24) or object. binder: 30565:30582 Release 1 refcount change on invalid ref 1 ret -22 binder: 30565:30586 BC_ACQUIRE_DONE u0000000000000000 no match binder: 30565:30569 transaction failed 29201/-22, size 24-8 line 3197 audit: type=1400 audit(2000000535.662:27594): avc: denied { map } for pid=30580 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000535.692:27595): avc: denied { map } for pid=30580 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 30588:30598 ioctl 40046207 0 returned -16 binder: 30588:30598 Release 1 refcount change on invalid ref 1 ret -22 audit: type=1400 audit(2000000535.692:27596): avc: denied { map } for pid=30580 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000535.692:27597): avc: denied { map } for pid=30580 comm="blkid" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 30588:30598 BC_ACQUIRE_DONE u0000000000000000 no match binder_alloc: binder_alloc_mmap_handler: 30565 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 30565:30604 ioctl 40046207 0 returned -16 audit: type=1400 audit(2000000535.752:27599): avc: denied { map } for pid=30580 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 30565:30591 got transaction with invalid offset (-6224463596873199, min 0 max 24) or object. binder: 30565:30569 BC_INCREFS_DONE u0000000000000000 no match audit: type=1400 audit(2000000535.752:27600): avc: denied { map } for pid=30580 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 30565:30604 Release 1 refcount change on invalid ref 1 ret -22 binder: 30565:30591 transaction failed 29201/-22, size 24-8 line 3197 audit: type=1400 audit(2000000535.752:27601): avc: denied { map } for pid=30580 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 30565:30591 BC_ACQUIRE_DONE u0000000000000000 no match audit: type=1400 audit(2000000535.752:27602): avc: denied { map } for pid=30580 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 30619:30628 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 30616:30629 ioctl 40046207 0 returned -16 binder: 30619:30628 BC_INCREFS_DONE u0000000000000000 no match binder: 30616:30629 Release 1 refcount change on invalid ref 1 ret -22 binder: 30619:30628 Release 1 refcount change on invalid ref 1 ret -22 binder: 30619:30628 ioctl c0306201 200003c0 returned -14 binder_alloc: binder_alloc_mmap_handler: 30619 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 30619:30637 ioctl 40046207 0 returned -16 binder: 30619:30643 BC_INCREFS_DONE u0000000000000000 no match binder: 30619:30649 Release 1 refcount change on invalid ref 1 ret -22 binder: release 30619:30622 transaction 1490 out, still active binder: release 30619:30637 transaction 1496 out, still active binder: release 30616:30629 transaction 1491 out, still active binder: BINDER_SET_CONTEXT_MGR already set binder: 30658:30663 ioctl 40046207 0 returned -16 binder: 30658:30660 transaction failed 29189/-22, size 1047972020224-0 line 3012 binder: 30658:30663 BC_INCREFS_DONE u0000000000000000 no match binder: 30658:30663 Release 1 refcount change on invalid ref 1 ret -22 binder: 30658:30660 BC_ACQUIRE_DONE u0000000000000000 no match binder_alloc: binder_alloc_mmap_handler: 30658 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 30658:30667 unknown command 418548 binder: 30658:30672 ioctl 40046207 0 returned -16 binder: 30658:30667 ioctl c0306201 20000140 returned -22 binder: 30658:30672 transaction failed 29189/-22, size 1047972020224-0 line 3012 binder: 30658:30673 BC_INCREFS_DONE u0000000000000000 no match binder: 30658:30667 Release 1 refcount change on invalid ref 1 ret -22 binder: 30658:30667 BC_ACQUIRE_DONE u0000000000000000 no match kauditd_printk_skb: 183 callbacks suppressed audit: type=1400 audit(2000000541.982:27785): avc: denied { map } for pid=30677 comm="syz-executor.1" path="/dev/binder0" dev="devtmpfs" ino=5423 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 binder: 30677:30687 ioctl 6685 0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 30677:30687 ioctl 40046207 0 returned -16 binder: 30676:30689 Release 1 refcount change on invalid ref 1 ret -22 binder: 30677:30687 BC_INCREFS_DONE u0000000000000000 no match audit: type=1400 audit(2000000542.012:27786): avc: denied { call } for pid=30676 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 30677:30687 Release 1 refcount change on invalid ref 1 ret -22 audit: type=1400 audit(2000000542.012:27787): avc: denied { transfer } for pid=30676 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(2000000542.152:27788): avc: denied { map } for pid=30693 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000542.162:27789): avc: denied { map } for pid=30693 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 30677:30698 ioctl 6685 0 returned -22 binder_alloc: binder_alloc_mmap_handler: 30677 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 30677:30706 BC_INCREFS_DONE u0000000000000000 no match audit: type=1400 audit(2000000542.192:27790): avc: denied { call } for pid=30677 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 30677:30698 ioctl 40046207 0 returned -16 binder: release 30677:30684 transaction 1504 out, still active binder: release 30677:30705 transaction 1507 out, still active binder: 30677:30687 Release 1 refcount change on invalid ref 1 ret -22 binder: unexpected work type, 4, not freed audit: type=1400 audit(2000000542.202:27791): avc: denied { map } for pid=30693 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: undelivered TRANSACTION_COMPLETE audit: type=1400 audit(2000000542.212:27792): avc: denied { map } for pid=30693 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: release 30676:30689 transaction 1501 out, still active audit: type=1400 audit(2000000542.242:27793): avc: denied { transfer } for pid=30677 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(2000000542.252:27794): avc: denied { map } for pid=30693 comm="blkid" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 30722:30725 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 30723:30729 ioctl 40046207 0 returned -16 binder: 30723:30729 Release 1 refcount change on invalid ref 1 ret -22 binder: 30722:30725 unknown command 1364920032 binder: 30722:30725 ioctl c0306201 200001c0 returned -22