netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. ====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc3+ #218 Not tainted ------------------------------------------------------ syz-executor0/26919 is trying to acquire lock: (&sb->s_type->i_mutex_key#10){++++}, at: [<00000000bf39b7ac>] inode_lock include/linux/fs.h:713 [inline] (&sb->s_type->i_mutex_key#10){++++}, at: [<00000000bf39b7ac>] generic_file_write_iter+0xdc/0x7a0 mm/filemap.c:3289 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [<00000000b9937ef9>] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [<00000000b9937ef9>] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #6 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #5 (sb_writers){.+.+}: rmqueue mm/page_alloc.c:2873 [inline] get_page_from_freelist+0x19a0/0x52f0 mm/page_alloc.c:3212 __alloc_pages_nodemask+0x588/0xd80 mm/page_alloc.c:4221 __alloc_pages include/linux/gfp.h:456 [inline] __alloc_pages_node include/linux/gfp.h:469 [inline] kmem_getpages mm/slab.c:1413 [inline] cache_grow_begin+0x72/0x3f0 mm/slab.c:2671 cache_alloc_refill mm/slab.c:3038 [inline] ____cache_alloc mm/slab.c:3120 [inline] __do_cache_alloc mm/slab.c:3342 [inline] slab_alloc mm/slab.c:3377 [inline] kmem_cache_alloc+0x403/0x760 mm/slab.c:3545 getname_kernel+0x54/0x340 fs/namei.c:218 -> #4 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 msr_device_create+0x26/0x40 arch/x86/kernel/msr.c:188 cpuhp_invoke_callback+0x2ea/0x1d20 kernel/cpu.c:182 cpuhp_thread_fun+0x48e/0x7e0 kernel/cpu.c:571 smpboot_thread_fn+0x450/0x7c0 kernel/smpboot.c:164 kthread+0x37a/0x440 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441 -> #3 (cpuhp_state-up){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 cpuhp_lock_acquire kernel/cpu.c:85 [inline] cpuhp_invoke_ap_callback kernel/cpu.c:605 [inline] cpuhp_issue_call+0x1e5/0x520 kernel/cpu.c:1495 __cpuhp_setup_state_cpuslocked+0x282/0x600 kernel/cpu.c:1642 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state include/linux/cpuhotplug.h:201 [inline] page_writeback_init+0x4d/0x71 mm/page-writeback.c:2081 pagecache_init+0x48/0x4f mm/filemap.c:977 start_kernel+0x6bc/0x74f init/main.c:695 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #2 (cpuhp_state_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __cpuhp_setup_state_cpuslocked+0x5b/0x600 kernel/cpu.c:1617 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xa5/0x74f init/main.c:530 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #1 (cpu_hotplug_lock.rw_sem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] lru_add_drain_all+0xe/0x20 mm/swap.c:729 shmem_wait_for_pins mm/shmem.c:2672 [inline] shmem_add_seals+0x3df/0x1060 mm/shmem.c:2780 shmem_fcntl+0xfe/0x130 mm/shmem.c:2815 do_fcntl+0x73e/0x1160 fs/fcntl.c:421 SYSC_fcntl fs/fcntl.c:463 [inline] SyS_fcntl+0xdc/0x120 fs/fcntl.c:448 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #0 (&sb->s_type->i_mutex_key#10){++++}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] generic_file_write_iter+0xdc/0x7a0 mm/filemap.c:3289 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:653 do_iter_write+0x15a/0x540 fs/read_write.c:932 vfs_iter_write+0x77/0xb0 fs/read_write.c:945 iter_file_splice_write+0x7db/0xf30 fs/splice.c:749 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#10 --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** 2 locks held by syz-executor0/26919: #0: (sb_writers#6){.+.+}, at: [<000000004233fe4a>] file_start_write include/linux/fs.h:2715 [inline] #0: (sb_writers#6){.+.+}, at: [<000000004233fe4a>] do_splice fs/splice.c:1146 [inline] #0: (sb_writers#6){.+.+}, at: [<000000004233fe4a>] SYSC_splice fs/splice.c:1402 [inline] #0: (sb_writers#6){.+.+}, at: [<000000004233fe4a>] SyS_splice+0x1117/0x1630 fs/splice.c:1382 #1: (&pipe->mutex/1){+.+.}, at: [<00000000b9937ef9>] pipe_lock_nested fs/pipe.c:67 [inline] #1: (&pipe->mutex/1){+.+.}, at: [<00000000b9937ef9>] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 0 PID: 26919 Comm: syz-executor0 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] generic_file_write_iter+0xdc/0x7a0 mm/filemap.c:3289 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:653 do_iter_write+0x15a/0x540 fs/read_write.c:932 vfs_iter_write+0x77/0xb0 fs/read_write.c:945 iter_file_splice_write+0x7db/0xf30 fs/splice.c:749 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f6aae829c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452a39 RDX: 0000000000000013 RSI: 0000000000000000 RDI: 0000000000000016 RBP: 0000000000000589 R08: 00040400000007ff R09: 0000000000000002 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6578 R13: 00000000ffffffff R14: 00007f6aae82a6d4 R15: 0000000000000009 binder: 26957:26961 unknown command 0 binder: 26957:26961 ioctl c0306201 2000a000 returned -22 binder: 26957:26961 BC_FREE_BUFFER u0000000000000000 no match binder: 26957:26961 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 26957:26961 ioctl 40046207 0 returned -16 binder: 26957:26966 unknown command 0 binder: 26957:26966 ioctl c0306201 2000a000 returned -22 binder_alloc: 26957: binder_alloc_buf, no vma binder: 26957:26966 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 184, process died. binder: 26990:26991 unknown command 0 binder: 26990:26991 ioctl c0306201 2000a000 returned -22 binder: 26990:26999 BC_FREE_BUFFER u0000000000000000 no match binder: 26990:26999 ERROR: BC_REGISTER_LOOPER called without request device lo entered promiscuous mode binder: BINDER_SET_CONTEXT_MGR already set binder: 26990:26999 ioctl 40046207 0 returned -16 binder: 26990:26999 unknown command 0 binder: 26990:26999 ioctl c0306201 2000a000 returned -22 binder_alloc: 26990: binder_alloc_buf, no vma binder: 26990:27012 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 189, process died. binder: 27056:27063 unknown command 0 binder: 27056:27063 ioctl c0306201 2000a000 returned -22 binder: 27056:27063 BC_FREE_BUFFER u0000000000000000 no match binder: 27056:27063 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27056:27065 unknown command 0 binder: 27056:27063 ioctl 40046207 0 returned -16 binder_alloc: 27056: binder_alloc_buf, no vma binder: 27056:27089 transaction failed 29189/-3, size 24-8 line 2890 binder: 27056:27065 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 194, process died. binder: 27111:27113 unknown command 0 binder: 27111:27113 ioctl c0306201 2000a000 returned -22 binder: 27111:27113 BC_FREE_BUFFER u0000000000000000 no match binder: 27111:27113 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27111:27113 ioctl 40046207 0 returned -16 binder: 27111:27124 unknown command 0 binder: 27111:27124 ioctl c0306201 2000a000 returned -22 binder_alloc: 27111: binder_alloc_buf, no vma binder: 27111:27124 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 199, process died. binder: 27165:27167 unknown command 0 binder: 27165:27167 ioctl c0306201 2000a000 returned -22 binder: 27165:27167 BC_FREE_BUFFER u0000000000000000 no match device lo entered promiscuous mode binder: 27165:27167 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27165:27172 unknown command 0 binder: 27165:27172 ioctl c0306201 2000a000 returned -22 binder: 27165:27167 ioctl 40046207 0 returned -16 binder_alloc: 27165: binder_alloc_buf, no vma binder: 27165:27181 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 204, process died. binder: 27208:27214 unknown command 0 binder: 27208:27214 ioctl c0306201 2000a000 returned -22 binder: 27208:27230 BC_FREE_BUFFER u0000000000000000 no match binder: 27208:27230 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27208:27230 ioctl 40046207 0 returned -16 binder: 27208:27230 unknown command 0 binder: 27208:27230 ioctl c0306201 2000a000 returned -22 binder_alloc: 27208: binder_alloc_buf, no vma binder: 27208:27237 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 209, process died. binder: 27281:27285 unknown command 0 binder: 27281:27285 ioctl c0306201 2000a000 returned -22 binder: 27281:27285 BC_FREE_BUFFER u0000000000000000 no match binder: 27281:27285 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27281:27296 unknown command 0 binder: 27281:27296 ioctl c0306201 2000a000 returned -22 binder: 27281:27285 ioctl 40046207 0 returned -16 binder_alloc: 27281: binder_alloc_buf, no vma binder: 27281:27285 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 214, process died. binder: 27313:27318 unknown command 0 binder: 27313:27318 ioctl c0306201 2000a000 returned -22 binder: 27313:27318 BC_FREE_BUFFER u0000000000000000 no match binder: 27313:27318 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27313:27331 ioctl 40046207 0 returned -16 binder: 27313:27318 unknown command 0 binder: 27313:27318 ioctl c0306201 2000a000 returned -22 binder_alloc: 27313: binder_alloc_buf, no vma binder: 27313:27341 transaction failed 29189/-3, size 24-8 line 2890 sctp: [Deprecated]: syz-executor7 (pid 27367) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 27375) Use of int in maxseg socket option. Use struct sctp_assoc_value instead binder: undelivered transaction 219, process died. binder: 27395:27399 unknown command 0 binder: 27395:27399 ioctl c0306201 2000a000 returned -22 binder: 27395:27399 BC_FREE_BUFFER u0000000000000000 no match binder: 27395:27399 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27395:27415 unknown command 0 binder: 27395:27415 ioctl c0306201 2000a000 returned -22 binder_alloc: 27395: binder_alloc_buf, no vma binder: 27395:27437 transaction failed 29189/-3, size 24-8 line 2890 binder: 27395:27399 ioctl 40046207 0 returned -16 sg_write: data in/out 845460194/1 bytes for SCSI command 0xe7-- guessing data in; program syz-executor7 not setting count and/or reply_len properly sg_write: data in/out 845460194/1 bytes for SCSI command 0xe7-- guessing data in; program syz-executor7 not setting count and/or reply_len properly binder: undelivered transaction 224, process died. binder: 27486:27493 unknown command 0 binder: 27486:27493 ioctl c0306201 2000a000 returned -22 binder: 27486:27493 BC_FREE_BUFFER u0000000000000000 no match binder: 27486:27493 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27486:27493 ioctl 40046207 0 returned -16 binder: 27486:27504 unknown command 0 binder: 27486:27504 ioctl c0306201 2000a000 returned -22 binder_alloc: 27486: binder_alloc_buf, no vma binder: 27486:27511 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 229, process died. binder: 27557:27561 unknown command 0 binder: 27557:27561 ioctl c0306201 2000a000 returned -22 binder: 27557:27561 BC_FREE_BUFFER u0000000000000000 no match binder: 27557:27561 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27557:27572 unknown command 0 binder: 27557:27572 ioctl c0306201 2000a000 returned -22 binder: 27557:27561 ioctl 40046207 0 returned -16 binder_alloc: 27557: binder_alloc_buf, no vma binder: 27557:27561 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 234, process died. binder: 27611:27616 unknown command 0 binder: 27611:27616 ioctl c0306201 2000a000 returned -22 binder: 27611:27616 BC_FREE_BUFFER u0000000000000000 no match binder: 27611:27616 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27611:27623 unknown command 0 binder: 27611:27623 ioctl c0306201 2000a000 returned -22 binder: 27611:27616 ioctl 40046207 0 returned -16 binder_alloc: 27611: binder_alloc_buf, no vma binder: 27611:27616 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 239, process died. binder: 27684:27685 got transaction with invalid handle, 0 binder: 27684:27685 transaction failed 29201/-22, size 24-8 line 2982 binder: BINDER_SET_CONTEXT_MGR already set binder: 27684:27685 ioctl 40046207 0 returned -16 binder_alloc: 27684: binder_alloc_buf, no vma binder: 27684:27693 transaction failed 29189/-3, size 24-8 line 2890 binder: 27724:27730 unknown command 0 binder: 27724:27730 ioctl c0306201 2000a000 returned -22 binder: 27724:27745 BC_FREE_BUFFER u0000000000000000 no match binder: 27724:27745 ERROR: BC_REGISTER_LOOPER called without request binder: 27724:27753 unknown command 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 27724:27730 ioctl 40046207 0 returned -16 binder_alloc: 27724: binder_alloc_buf, no vma binder: 27724:27745 transaction failed 29189/-3, size 24-8 line 2890 binder: 27724:27753 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 247, process died. binder: 27781:27782 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 27781:27782 unknown command 0 binder: 27781:27782 ioctl c0306201 2000a000 returned -22 binder: 27781:27782 transaction failed 29189/-22, size 24-8 line 2775 binder: 27781:27782 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 27781:27782 unknown command 0 binder: 27781:27782 ioctl c0306201 2000a000 returned -22 binder: 27781:27782 transaction failed 29189/-22, size 24-8 line 2775 binder: 27807:27809 unknown command 0 binder: 27807:27809 ioctl c0306201 2000a000 returned -22 binder: 27807:27809 BC_FREE_BUFFER u0000000000000000 no match binder: 27818:27824 unknown command 0 binder: 27818:27824 ioctl c0306201 2000a000 returned -22 binder: 27818:27824 BC_FREE_BUFFER u0000000000000000 no match binder: 27818:27824 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27818:27835 ioctl 40046207 0 returned -16 binder: 27807:27836 unknown command 0 binder: 27807:27836 ioctl c0306201 2000a000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 27807:27822 ioctl 40046207 0 returned -16 binder: 27818:27824 unknown command 0 binder: 27818:27824 ioctl c0306201 2000a000 returned -22 binder_alloc: 27807: binder_alloc_buf, no vma binder: 27807:27836 transaction failed 29189/-3, size 24-8 line 2890 binder_alloc: 27818: binder_alloc_buf, no vma binder: 27818:27824 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 257, process died. binder: 27857:27861 unknown command 0 binder: 27857:27861 ioctl c0306201 2000a000 returned -22 binder_alloc: 27857: binder_alloc_buf, no vma binder: 27857:27861 transaction failed 29189/-3, size 24-8 line 2890 binder: BINDER_SET_CONTEXT_MGR already set binder: 27857:27861 ioctl 40046207 0 returned -16 binder: 27857:27866 unknown command 0 binder: 27857:27866 ioctl c0306201 2000a000 returned -22 binder_alloc: 27857: binder_alloc_buf, no vma binder: 27857:27866 transaction failed 29189/-3, size 24-8 line 2890 binder: 27807:27809 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered transaction 254, process died. binder: 27900:27905 unknown command 0 binder: 27900:27905 ioctl c0306201 2000a000 returned -22 binder: 27900:27905 BC_FREE_BUFFER u0000000000000000 no match binder: 27900:27905 ERROR: BC_REGISTER_LOOPER called without request binder: 27929:27931 unknown command 0 binder: 27929:27931 ioctl c0306201 2000a000 returned -22 binder: 27900:27920 unknown command 0 binder: 27900:27920 ioctl c0306201 2000a000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 27900:27905 ioctl 40046207 0 returned -16 binder_alloc: 27900: binder_alloc_buf, no vma binder: 27900:27920 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 269, process died. binder: 27929:27943 BC_FREE_BUFFER u0000000000000000 no match binder: 27929:27943 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 27929 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 27929:27943 ioctl 40046207 0 returned -16 binder: 27929:27956 unknown command 0 binder: 27929:27956 ioctl c0306201 2000a000 returned -22 binder_alloc: 27929: binder_alloc_buf, no vma binder: 27929:27956 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 274, process died. binder: 27980:27996 unknown command 0 binder: 27980:27996 ioctl c0306201 2000a000 returned -22 binder: 27980:27996 BC_FREE_BUFFER u0000000000000000 no match binder: 27980:27996 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 27980:28012 ioctl 40046207 0 returned -16 binder: 27980:27996 unknown command 0 binder: 27980:27996 ioctl c0306201 2000a000 returned -22 binder_alloc: 27980: binder_alloc_buf, no vma binder: 27980:27996 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 279, process died. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 28063 Comm: syz-executor0 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3654 __do_kmalloc_node mm/slab.c:3674 [inline] __kmalloc_node+0x33/0x70 mm/slab.c:3682 kmalloc_node include/linux/slab.h:541 [inline] kvmalloc_node+0x99/0xd0 mm/util.c:397 kvmalloc include/linux/mm.h:541 [inline] seq_buf_alloc fs/seq_file.c:29 [inline] traverse+0x752/0xa00 fs/seq_file.c:102 seq_read+0x96a/0x13d0 fs/seq_file.c:189 proc_reg_read+0xef/0x170 fs/proc/inode.c:217 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 do_preadv+0x11b/0x1a0 fs/read_write.c:1043 SYSC_preadv fs/read_write.c:1093 [inline] SyS_preadv+0x30/0x40 fs/read_write.c:1088 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f6aae84ac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00007f6aae84a950 RCX: 0000000000452a39 RDX: 0000000000000001 RSI: 0000000020eee000 RDI: 0000000000000013 RBP: 00007f6aae84a940 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000001c R11: 0000000000000212 R12: 00000000004b73b4 R13: 00007f6aae84aac8 R14: 00000000004b73c6 R15: 0000000000000000 binder: 28084:28085 unknown command 0 binder: 28079:28090 unknown command 0 binder: 28079:28090 ioctl c0306201 2000a000 returned -22 binder: 28079:28090 BC_FREE_BUFFER u0000000000000000 no match binder: 28079:28090 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28079 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28079:28090 ioctl 40046207 0 returned -16 binder: 28079:28096 unknown command 0 binder: 28079:28096 ioctl c0306201 2000a000 returned -22 binder_alloc: 28079: binder_alloc_buf, no vma binder: 28079:28096 transaction failed 29189/-3, size 24-8 line 2890 binder: 28084:28101 BC_FREE_BUFFER u0000000000000000 no match binder: 28084:28101 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered transaction 286, process died. binder: BINDER_SET_CONTEXT_MGR already set binder: 28084:28107 ioctl 40046207 0 returned -16 binder: 28084:28101 unknown command 0 binder: 28084:28101 ioctl c0306201 2000a000 returned -22 binder_alloc: 28084: binder_alloc_buf, no vma binder: 28084:28101 transaction failed 29189/-3, size 24-8 line 2890 binder: 28112:28117 unknown command 0 binder: 28112:28117 ioctl c0306201 2000a000 returned -22 binder: 28112:28117 BC_FREE_BUFFER u0000000000000000 no match binder: 28112:28117 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28112:28117 ioctl 40046207 0 returned -16 binder: 28112:28117 unknown command 0 binder: 28112:28117 ioctl c0306201 2000a000 returned -22 binder_alloc: 28112: binder_alloc_buf, no vma binder: 28112:28117 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 294, process died. binder: 28130:28133 unknown command 0 binder: 28130:28133 ioctl c0306201 2000a000 returned -22 binder: 28130:28133 BC_FREE_BUFFER u0000000000000000 no match binder: 28130:28133 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28130 20000000-20002000 already mapped failed -16 binder: 28130:28139 unknown command 0 binder: 28130:28139 ioctl c0306201 2000a000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 28130:28133 ioctl 40046207 0 returned -16 binder_alloc: 28130: binder_alloc_buf, no vma binder: 28130:28139 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 299, process died. binder: 28084:28085 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 289, process died. binder: 28175:28180 unknown command 0 binder: 28174:28182 unknown command 0 binder: 28174:28182 ioctl c0306201 2000a000 returned -22 binder: 28174:28182 BC_FREE_BUFFER u0000000000000000 no match binder: 28174:28182 ERROR: BC_REGISTER_LOOPER called without request binder: 28175:28193 BC_FREE_BUFFER u0000000000000000 no match binder: 28175:28193 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28174:28194 ioctl 40046207 0 returned -16 binder: 28174:28182 unknown command 0 binder: 28174:28182 ioctl c0306201 2000a000 returned -22 binder_alloc: 28174: binder_alloc_buf, no vma binder: 28174:28182 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 306, process died. binder: BINDER_SET_CONTEXT_MGR already set binder: 28175:28204 ioctl 40046207 0 returned -16 binder: 28175:28193 unknown command 0 binder: 28175:28193 ioctl c0306201 2000a000 returned -22 binder: 28209:28211 unknown command 0 binder: 28209:28211 ioctl c0306201 2000a000 returned -22 binder_alloc: 28175: binder_alloc_buf, no vma binder: 28175:28193 transaction failed 29189/-3, size 24-8 line 2890 binder: 28209:28211 BC_FREE_BUFFER u0000000000000000 no match binder: 28209:28211 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28209:28227 ioctl 40046207 0 returned -16 binder: 28209:28225 unknown command 0 binder: 28209:28225 ioctl c0306201 2000a000 returned -22 binder_alloc: 28209: binder_alloc_buf, no vma binder: 28209:28211 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 314, process died. binder: 28175:28180 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 307, process died. binder: 28249:28259 unknown command 0 binder: 28249:28259 ioctl c0306201 2000a000 returned -22 binder: 28249:28259 BC_FREE_BUFFER u0000000000000000 no match binder: 28249:28259 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28249 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28249:28259 ioctl 40046207 0 returned -16 binder: 28276:28279 unknown command 0 binder: 28276:28279 ioctl c0306201 2000a000 returned -22 binder: 28276:28279 BC_FREE_BUFFER u0000000000000000 no match binder: 28276:28279 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28276:28284 ioctl 40046207 0 returned -16 binder: 28276:28279 unknown command 0 binder: 28276:28279 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 322, process died. binder: 28296:28300 unknown command 0 binder: 28296:28300 ioctl c0306201 2000a000 returned -22 binder: 28296:28300 BC_FREE_BUFFER u0000000000000000 no match binder: 28296:28300 ERROR: BC_REGISTER_LOOPER called without request binder: 28249:28306 unknown command 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 28296:28303 ioctl 40046207 0 returned -16 binder: 28296:28300 unknown command 0 binder: 28296:28300 ioctl c0306201 2000a000 returned -22 binder_alloc: 28296: binder_alloc_buf, no vma binder: 28296:28303 transaction failed 29189/-3, size 24-8 line 2890 binder_alloc: 28249: binder_alloc_buf, no vma binder: 28249:28274 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 326, process died. binder: 28249:28306 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 319, process died. binder: 28318:28322 unknown command 0 binder: 28318:28322 ioctl c0306201 2000a000 returned -22 binder: 28318:28322 BC_FREE_BUFFER u0000000000000000 no match binder: 28318:28322 ERROR: BC_REGISTER_LOOPER called without request binder: 28339:28346 unknown command 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 28318:28352 ioctl 40046207 0 returned -16 binder: 28318:28322 unknown command 0 binder: 28318:28322 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 333, process died. binder: 28339:28367 BC_FREE_BUFFER u0000000000000000 no match binder: 28339:28367 ERROR: BC_REGISTER_LOOPER called without request binder: 28362:28371 unknown command 0 binder: 28362:28371 ioctl c0306201 2000a000 returned -22 binder: 28362:28371 BC_FREE_BUFFER u0000000000000000 no match binder: 28362:28371 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28362:28376 ioctl 40046207 0 returned -16 binder: 28362:28371 unknown command 0 binder: 28362:28371 ioctl c0306201 2000a000 returned -22 binder_alloc: 28362: binder_alloc_buf, no vma binder: 28362:28376 transaction failed 29189/-3, size 24-8 line 2890 binder_alloc: binder_alloc_mmap_handler: 28339 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28339:28380 ioctl 40046207 0 returned -16 binder: 28339:28367 unknown command 0 binder: 28339:28367 ioctl c0306201 2000a000 returned -22 binder_alloc: 28339: binder_alloc_buf, no vma binder: 28339:28367 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 340, process died. binder: 28339:28346 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 337, process died. binder: 28400:28403 got transaction with invalid handle, 0 binder: 28398:28409 unknown command 0 binder: 28398:28409 ioctl c0306201 2000a000 returned -22 binder: 28398:28409 BC_FREE_BUFFER u0000000000000000 no match binder: 28398:28409 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28398 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28398:28409 ioctl 40046207 0 returned -16 binder: 28398:28413 unknown command 0 binder: 28398:28413 ioctl c0306201 2000a000 returned -22 binder_alloc: 28398: binder_alloc_buf, no vma binder: 28398:28413 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 348, process died. binder: BINDER_SET_CONTEXT_MGR already set binder: 28400:28424 ioctl 40046207 0 returned -16 binder: 28448:28452 unknown command 0 binder: 28448:28452 ioctl c0306201 2000a000 returned -22 binder_alloc: 28448: binder_alloc_buf, no vma binder: 28448:28452 transaction failed 29189/-3, size 24-8 line 2890 binder: BINDER_SET_CONTEXT_MGR already set binder: 28448:28452 ioctl 40046207 0 returned -16 binder: 28448:28456 unknown command 0 binder: 28448:28456 ioctl c0306201 2000a000 returned -22 binder_alloc: 28448: binder_alloc_buf, no vma binder: 28448:28456 transaction failed 29189/-3, size 24-8 line 2890 binder: 28400:28403 transaction failed 29201/-22, size 24-8 line 2982 binder: 28477:28484 unknown command 0 binder: 28481:28486 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 28481:28486 unknown command 0 binder: 28481:28486 ioctl c0306201 2000a000 returned -22 binder: 28481:28486 transaction failed 29189/-22, size 24-8 line 2775 binder: 28481:28502 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 28481:28502 unknown command 0 binder: 28481:28502 ioctl c0306201 2000a000 returned -22 binder_alloc: 28477: binder_alloc_buf, no vma binder: 28477:28498 transaction failed 29189/-3, size 24-8 line 2890 binder: BINDER_SET_CONTEXT_MGR already set binder: 28477:28498 ioctl 40046207 0 returned -16 binder: 28477:28509 unknown command 0 binder: 28477:28509 ioctl c0306201 2000a000 returned -22 binder_alloc: 28477: binder_alloc_buf, no vma binder: 28477:28509 transaction failed 29189/-3, size 24-8 line 2890 binder: 28513:28518 unknown command 0 binder: 28513:28518 ioctl c0306201 2000a000 returned -22 binder_alloc: 28513: binder_alloc_buf, no vma binder: 28513:28518 transaction failed 29189/-3, size 24-8 line 2890 binder: BINDER_SET_CONTEXT_MGR already set binder: 28513:28518 ioctl 40046207 0 returned -16 binder: 28513:28520 unknown command 0 binder: 28513:28520 ioctl c0306201 2000a000 returned -22 binder: 28477:28484 ioctl c0306201 2000a000 returned -22 binder: 28557:28559 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 28557:28559 unknown command 0 binder: 28557:28559 ioctl c0306201 2000a000 returned -22 binder: 28557:28559 transaction failed 29189/-22, size 24-8 line 2775 binder_alloc: binder_alloc_mmap_handler: 28557 20000000-20002000 already mapped failed -16 binder: 28580:28581 unknown command 0 binder: 28580:28581 ioctl c0306201 2000a000 returned -22 binder: 28580:28581 BC_FREE_BUFFER u0000000000000000 no match binder: 28580:28581 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28580 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28580:28581 ioctl 40046207 0 returned -16 binder: 28580:28585 unknown command 0 binder: 28580:28585 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 369, process died. binder: 28595:28596 unknown command 0 binder: 28595:28596 ioctl c0306201 2000a000 returned -22 binder: 28595:28596 BC_FREE_BUFFER u0000000000000000 no match binder: 28595:28596 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28595:28602 ioctl 40046207 0 returned -16 binder: 28595:28596 unknown command 0 binder_alloc: 28595: binder_alloc_buf, no vma binder: 28595:28596 ioctl c0306201 2000a000 returned -22 binder: 28595:28602 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 373, process died. binder: 28614:28618 unknown command 0 binder: 28614:28618 ioctl c0306201 2000a000 returned -22 binder: 28614:28618 BC_FREE_BUFFER u0000000000000000 no match binder: 28614:28618 ERROR: BC_REGISTER_LOOPER called without request binder: 28615:28619 unknown command 0 binder: 28615:28619 ioctl c0306201 2000a000 returned -22 binder: 28615:28619 BC_FREE_BUFFER u0000000000000000 no match binder: 28615:28619 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28614 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28614:28618 ioctl 40046207 0 returned -16 binder: 28614:28625 unknown command 0 binder: 28614:28625 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 378, process died. binder_alloc: binder_alloc_mmap_handler: 28615 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28615:28619 ioctl 40046207 0 returned -16 binder: 28615:28630 unknown command 0 binder: 28615:28630 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 381, process died. binder: 28557:28645 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 28557:28645 unknown command 0 binder: 28557:28645 ioctl c0306201 2000a000 returned -22 binder: 28557:28568 transaction failed 29189/-22, size 24-8 line 2775 binder: 28647:28648 got transaction with invalid handle, 0 binder: 28650:28657 unknown command 0 binder: 28650:28657 ioctl c0306201 2000a000 returned -22 binder: 28650:28657 BC_FREE_BUFFER u0000000000000000 no match binder: 28650:28657 ERROR: BC_REGISTER_LOOPER called without request binder: 28651:28660 unknown command 0 binder: 28651:28660 ioctl c0306201 2000a000 returned -22 binder: 28651:28660 BC_FREE_BUFFER u0000000000000000 no match binder: 28651:28660 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28650:28664 ioctl 40046207 0 returned -16 binder: 28650:28657 unknown command 0 binder: 28650:28657 ioctl c0306201 2000a000 returned -22 binder_alloc: 28650: binder_alloc_buf, no vma binder: 28650:28664 transaction failed 29189/-3, size 24-8 line 2890 binder: 28646:28659 unknown command 0 binder: 28646:28659 ioctl c0306201 2000a000 returned -22 binder: 28646:28659 BC_FREE_BUFFER u0000000000000000 no match binder: 28646:28659 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 28651 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28651:28660 ioctl 40046207 0 returned -16 binder: 28651:28660 unknown command 0 binder: 28651:28660 ioctl c0306201 2000a000 returned -22 binder_alloc: 28651: binder_alloc_buf, no vma binder: 28651:28660 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 392, process died. binder_alloc: binder_alloc_mmap_handler: 28646 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 28646:28659 ioctl 40046207 0 returned -16 binder: 28646:28659 unknown command 0 binder: 28646:28659 ioctl c0306201 2000a000 returned -22 binder_alloc: 28646: binder_alloc_buf, no vma binder: 28646:28659 transaction failed 29189/-3, size 24-8 line 2890 binder: undelivered transaction 397, process died. binder: undelivered transaction 390, process died. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 28673 Comm: syz-executor2 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] __do_kmalloc mm/slab.c:3709 [inline] __kmalloc+0x63/0x760 mm/slab.c:3720 kmalloc include/linux/slab.h:504 [inline] kzalloc include/linux/slab.h:688 [inline] neigh_alloc net/core/neighbour.c:322 [inline] __neigh_create+0x296/0x1d90 net/core/neighbour.c:493 neigh_create include/net/neighbour.h:315 [inline] __neigh_lookup_errno include/net/neighbour.h:506 [inline] arp_req_set+0x665/0x830 net/ipv4/arp.c:1061 arp_ioctl+0x3a8/0x9c0 net/ipv4/arp.c:1225 inet_ioctl+0x89/0x1c0 net/ipv4/af_inet.c:889 sock_do_ioctl+0x65/0xb0 net/socket.c:964 sock_ioctl+0x2c2/0x440 net/socket.c:1061 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f9490a16c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f9490a16aa0 RCX: 0000000000452a39 RDX: 0000000020608fbc RSI: 0000000000008955 RDI: 0000000000000013 RBP: 00007f9490a16a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75fb R13: 00007f9490a16bc8 R14: 00000000004b75fb R15: 0000000000000000 binder: 28678:28681 unknown command 0 binder: 28678:28681 ioctl c0306201 2000a000 returned -22 binder: 28678:28681 BC_FREE_BUFFER u0000000000000000 no match binder: 28678:28681 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 28647:28665 ioctl 40046207 0 returned -16 binder_alloc: binder_alloc_mmap_handler: 28647 20000000-20002000 already mapped failed -16 binder: 28675:28677 unknown command 0 binder: 28675:28677 ioctl c0306201 2000a000 returned -22 binder: 28675:28677 BC_FREE_BUFFER u0000000000000000 no match binder: 28675:28677 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 28647: binder_alloc_buf, no vma binder: 28647:28672 transaction failed 29189/-3, size 24-8 line 2890 binder_alloc: binder_alloc_mmap_handler: 28678 20000000-20002000 already mapped failed -16