kernel BUG at drivers/android/binder.c:LINE!
ยอดดู 293 ครั้ง
ข้ามไปที่ข้อความที่ยังไม่อ่านรายการแรก
syzbot
14 เม.ย. 2562 05:28:1914/4/62
ถึง syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b324a701 Merge 4.9.86 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=119b4d8b800000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd4cdb0219a8c00a
dashboard link: https://syzkaller.appspot.com/bug?extid=91c2ac92fcaeb6745ca8
compiler: gcc (GCC) 7.1.1 20170620
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17a395a3800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+91c2ac...@syzkaller.appspotmail.com
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 9 to 3815:3817
binder: 3818:3821 transaction failed 29189/-22, size 0-0 line 3004
------------[ cut here ]------------
binder: 3822:3823 ERROR: BC_REGISTER_LOOPER called without request
kernel BUG at drivers/android/binder.c:2006!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
binder: release 3822:3823 transaction 15 out, still active
binder: release 3822:3823 transaction 14 in, still active
binder: undelivered TRANSACTION_COMPLETE
Modules linked in:[ 26.930348] binder: 3822:3824
BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
binder: 3822:3824 got reply transaction with bad target transaction stack
0, expected 16
binder: 3822:3824 transaction failed 29201/-71, size 40-72 line 2956
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3825:3826 ioctl 40046207 0 returned -16
binder: 3825:3826 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3825:3827 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 4.9.86-gb324a70 #58
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3825:3828 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3829:3830 ioctl 40046207 0 returned -16
binder: 3829:3830 ERROR: BC_REGISTER_LOOPER called without request
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3829:3831 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
Workqueue: events binder_deferred_func[ 27.059295] binder_alloc: 3822:
binder_alloc_buf, no vma
binder: 3829:3832 transaction failed 29189/-3, size 0-0 line 3127
task: ffff8801d9510000 task.stack: ffff8801d9518000
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3833:3834 ioctl 40046207 0 returned -16
binder: 3833:3834 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3833:3835 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
RIP: 0010:[<ffffffff82d565e5>] [<ffffffff82d565e5>]
binder_pop_transaction_ilocked+0x145/0x190 drivers/android/binder.c:2006
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3833:3836 transaction failed 29189/-3, size 0-0 line 3127
RSP: 0018:ffff8801d951fa80 EFLAGS: 00010293
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3837:3838 ioctl 40046207 0 returned -16
binder: 3837:3838 ERROR: BC_REGISTER_LOOPER called without request
RAX: ffff8801d9510000 RBX: ffff8801c20db680 RCX: ffffffff82d565e5
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3837:3839 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
RDX: 0000000000000000 RSI: ffff8801d44d1200 RDI: ffff8801c20db6c0
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3837:3840 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3841:3842 ioctl 40046207 0 returned -16
binder: 3841:3842 ERROR: BC_REGISTER_LOOPER called without request
RBP: ffff8801d951faa0 R08: 0000000000000001 R09: 0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3841:3843 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3841:3844 transaction failed 29189/-3, size 0-0 line 3127
R13: ffff8801d44d1200 R14: 0000000000007205 R15: 0000000000000ee7
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3845:3846 ioctl 40046207 0 returned -16
binder: 3845:3846 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3845:3847 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3845:3848 transaction failed 29189/-3, size 0-0 line 3127
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3849:3850 ioctl 40046207 0 returned -16
binder: 3849:3850 ERROR: BC_REGISTER_LOOPER called without request
CR2: 0000000008340008 CR3: 000000000441e000 CR4: 0000000000160670
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3849:3851 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3849:3852 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3853:3854 ioctl 40046207 0 returned -16
binder: 3853:3854 ERROR: BC_REGISTER_LOOPER called without request
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3853:3855 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
Stack:
ffff8801d44d1200[ 27.453298] binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3853:3856 transaction failed 29189/-3, size 0-0 line 3127
ffff8801c20db680[ 27.468855] binder: BINDER_SET_CONTEXT_MGR already set
binder: 3857:3858 ioctl 40046207 0 returned -16
binder: 3857:3858 ERROR: BC_REGISTER_LOOPER called without request
0000000000000ee9 0000000000007205[ 27.491172] binder_alloc: 3822:
binder_alloc_buf, no vma
binder: 3857:3859 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
ffff8801d951fad8 ffffffff82d64839 ffff8801d44d1200 ffff8801c0ce7400
0000000000007205[ 27.518306] binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3857:3860 transaction failed 29189/-3, size 0-0 line 3127
ffffffff83eaf4c0[ 27.533767] binder: BINDER_SET_CONTEXT_MGR already set
binder: 3861:3862 ioctl 40046207 0 returned -16
binder: 3861:3862 ERROR: BC_REGISTER_LOOPER called without request
ffffed003841b6d9[ 27.556197] binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3861:3863 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
ffff8801d951fb08[ 27.578825] Call Trace:
[<ffffffff82d64839>] binder_send_failed_reply+0xe9/0x3a0
drivers/android/binder.c:2142
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3861:3864 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3865:3866 ioctl 40046207 0 returned -16
binder: 3865:3866 ERROR: BC_REGISTER_LOOPER called without request
[<ffffffff82d64bc2>] binder_cleanup_transaction+0xd2/0x140
drivers/android/binder.c:2188
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3865:3867 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
[<ffffffff82d64de0>] binder_release_work+0x1b0/0x260
drivers/android/binder.c:4365
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3865:3868 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3869:3870 ioctl 40046207 0 returned -16
binder: 3869:3870 ERROR: BC_REGISTER_LOOPER called without request
[<ffffffff82d652b8>] binder_thread_release+0x428/0x600
drivers/android/binder.c:4563
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3869:3871 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3869:3872 transaction failed 29189/-3, size 0-0 line 3127
[<ffffffff82d658cf>] binder_deferred_release drivers/android/binder.c:5104
[inline]
[<ffffffff82d658cf>] binder_deferred_func+0x43f/0xd10
drivers/android/binder.c:5176
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3873:3874 ioctl 40046207 0 returned -16
binder: 3873:3874 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3873:3875 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
[<ffffffff811898a0>] process_one_work+0x7e0/0x1610 kernel/workqueue.c:2092
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3873:3876 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3877:3878 ioctl 40046207 0 returned -16
binder: 3877:3878 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3877:3879 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3877:3880 transaction failed 29189/-3, size 0-0 line 3127
[<ffffffff8118a7b0>] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2226
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3881:3882 ioctl 40046207 0 returned -16
binder: 3881:3882 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3881:3883 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
[<ffffffff8119a7bd>] kthread+0x26d/0x300 kernel/kthread.c:211
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3881:3884 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3885:3886 ioctl 40046207 0 returned -16
binder: 3885:3886 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3885:3887 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3885:3888 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3889:3890 ioctl 40046207 0 returned -16
binder: 3889:3890 ERROR: BC_REGISTER_LOOPER called without request
[<ffffffff838b57ac>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:374
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3889:3891 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
Code: df 80 3c 02 00 75 62 [ 28.042279] binder_alloc: 3822:
binder_alloc_buf, no vma
binder: 3889:3892 transaction failed 29189/-3, size 0-0 line 3127
5b 49 c7 45 20 00 [ 28.058347] binder: BINDER_SET_CONTEXT_MGR already set
binder: 3893:3894 ioctl 40046207 0 returned -16
binder: 3893:3894 ERROR: BC_REGISTER_LOOPER called without request
00 00 00 41 5c 41 [ 28.080169] binder_alloc: 3822: binder_alloc_buf, no
vma
binder: 3893:3895 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
5d 41 5e 5d c3 e8 09 4e 61 fe 0f 0b e8 02 4e 61 fe 0f 0b e8 [ 28.107300]
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3893:3896 transaction failed 29189/-3, size 0-0 line 3127
fb 4d 61 fe <0f> 0b [ 28.123577] binder: BINDER_SET_CONTEXT_MGR already
set
binder: 3897:3898 ioctl 40046207 0 returned -16
binder: 3897:3898 ERROR: BC_REGISTER_LOOPER called without request
e8 f4 4d 61 fe 0f 0b [ 28.146194] binder_alloc: 3822: binder_alloc_buf,
no vma
binder: 3897:3899 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
e8 dd 80 7e fe e9 1c ff ff ff e8 f3
RIP [<ffffffff82d565e5>] binder_pop_transaction_ilocked+0x145/0x190
drivers/android/binder.c:2006
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3897:3900 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3901:3902 ioctl 40046207 0 returned -16
binder: 3901:3902 ERROR: BC_REGISTER_LOOPER called without request
RSP <ffff8801d951fa80>
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3901:3903 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
---[ end trace b5562e39ac31520f ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: b324a701 Merge 4.9.86 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=119b4d8b800000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd4cdb0219a8c00a
dashboard link: https://syzkaller.appspot.com/bug?extid=91c2ac92fcaeb6745ca8
compiler: gcc (GCC) 7.1.1 20170620
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17a395a3800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+91c2ac...@syzkaller.appspotmail.com
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 9 to 3815:3817
binder: 3818:3821 transaction failed 29189/-22, size 0-0 line 3004
------------[ cut here ]------------
binder: 3822:3823 ERROR: BC_REGISTER_LOOPER called without request
kernel BUG at drivers/android/binder.c:2006!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
binder: release 3822:3823 transaction 15 out, still active
binder: release 3822:3823 transaction 14 in, still active
binder: undelivered TRANSACTION_COMPLETE
Modules linked in:[ 26.930348] binder: 3822:3824
BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
binder: 3822:3824 got reply transaction with bad target transaction stack
0, expected 16
binder: 3822:3824 transaction failed 29201/-71, size 40-72 line 2956
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3825:3826 ioctl 40046207 0 returned -16
binder: 3825:3826 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3825:3827 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 4.9.86-gb324a70 #58
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3825:3828 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3829:3830 ioctl 40046207 0 returned -16
binder: 3829:3830 ERROR: BC_REGISTER_LOOPER called without request
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3829:3831 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
Workqueue: events binder_deferred_func[ 27.059295] binder_alloc: 3822:
binder_alloc_buf, no vma
binder: 3829:3832 transaction failed 29189/-3, size 0-0 line 3127
task: ffff8801d9510000 task.stack: ffff8801d9518000
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3833:3834 ioctl 40046207 0 returned -16
binder: 3833:3834 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3833:3835 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
RIP: 0010:[<ffffffff82d565e5>] [<ffffffff82d565e5>]
binder_pop_transaction_ilocked+0x145/0x190 drivers/android/binder.c:2006
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3833:3836 transaction failed 29189/-3, size 0-0 line 3127
RSP: 0018:ffff8801d951fa80 EFLAGS: 00010293
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3837:3838 ioctl 40046207 0 returned -16
binder: 3837:3838 ERROR: BC_REGISTER_LOOPER called without request
RAX: ffff8801d9510000 RBX: ffff8801c20db680 RCX: ffffffff82d565e5
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3837:3839 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
RDX: 0000000000000000 RSI: ffff8801d44d1200 RDI: ffff8801c20db6c0
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3837:3840 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3841:3842 ioctl 40046207 0 returned -16
binder: 3841:3842 ERROR: BC_REGISTER_LOOPER called without request
RBP: ffff8801d951faa0 R08: 0000000000000001 R09: 0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3841:3843 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3841:3844 transaction failed 29189/-3, size 0-0 line 3127
R13: ffff8801d44d1200 R14: 0000000000007205 R15: 0000000000000ee7
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3845:3846 ioctl 40046207 0 returned -16
binder: 3845:3846 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3845:3847 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3845:3848 transaction failed 29189/-3, size 0-0 line 3127
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3849:3850 ioctl 40046207 0 returned -16
binder: 3849:3850 ERROR: BC_REGISTER_LOOPER called without request
CR2: 0000000008340008 CR3: 000000000441e000 CR4: 0000000000160670
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3849:3851 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3849:3852 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3853:3854 ioctl 40046207 0 returned -16
binder: 3853:3854 ERROR: BC_REGISTER_LOOPER called without request
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3853:3855 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
Stack:
ffff8801d44d1200[ 27.453298] binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3853:3856 transaction failed 29189/-3, size 0-0 line 3127
ffff8801c20db680[ 27.468855] binder: BINDER_SET_CONTEXT_MGR already set
binder: 3857:3858 ioctl 40046207 0 returned -16
binder: 3857:3858 ERROR: BC_REGISTER_LOOPER called without request
0000000000000ee9 0000000000007205[ 27.491172] binder_alloc: 3822:
binder_alloc_buf, no vma
binder: 3857:3859 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
ffff8801d951fad8 ffffffff82d64839 ffff8801d44d1200 ffff8801c0ce7400
0000000000007205[ 27.518306] binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3857:3860 transaction failed 29189/-3, size 0-0 line 3127
ffffffff83eaf4c0[ 27.533767] binder: BINDER_SET_CONTEXT_MGR already set
binder: 3861:3862 ioctl 40046207 0 returned -16
binder: 3861:3862 ERROR: BC_REGISTER_LOOPER called without request
ffffed003841b6d9[ 27.556197] binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3861:3863 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
ffff8801d951fb08[ 27.578825] Call Trace:
[<ffffffff82d64839>] binder_send_failed_reply+0xe9/0x3a0
drivers/android/binder.c:2142
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3861:3864 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3865:3866 ioctl 40046207 0 returned -16
binder: 3865:3866 ERROR: BC_REGISTER_LOOPER called without request
[<ffffffff82d64bc2>] binder_cleanup_transaction+0xd2/0x140
drivers/android/binder.c:2188
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3865:3867 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
[<ffffffff82d64de0>] binder_release_work+0x1b0/0x260
drivers/android/binder.c:4365
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3865:3868 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3869:3870 ioctl 40046207 0 returned -16
binder: 3869:3870 ERROR: BC_REGISTER_LOOPER called without request
[<ffffffff82d652b8>] binder_thread_release+0x428/0x600
drivers/android/binder.c:4563
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3869:3871 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3869:3872 transaction failed 29189/-3, size 0-0 line 3127
[<ffffffff82d658cf>] binder_deferred_release drivers/android/binder.c:5104
[inline]
[<ffffffff82d658cf>] binder_deferred_func+0x43f/0xd10
drivers/android/binder.c:5176
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3873:3874 ioctl 40046207 0 returned -16
binder: 3873:3874 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3873:3875 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
[<ffffffff811898a0>] process_one_work+0x7e0/0x1610 kernel/workqueue.c:2092
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3873:3876 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3877:3878 ioctl 40046207 0 returned -16
binder: 3877:3878 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3877:3879 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3877:3880 transaction failed 29189/-3, size 0-0 line 3127
[<ffffffff8118a7b0>] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2226
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3881:3882 ioctl 40046207 0 returned -16
binder: 3881:3882 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3881:3883 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
[<ffffffff8119a7bd>] kthread+0x26d/0x300 kernel/kthread.c:211
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3881:3884 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3885:3886 ioctl 40046207 0 returned -16
binder: 3885:3886 ERROR: BC_REGISTER_LOOPER called without request
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3885:3887 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3885:3888 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3889:3890 ioctl 40046207 0 returned -16
binder: 3889:3890 ERROR: BC_REGISTER_LOOPER called without request
[<ffffffff838b57ac>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:374
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3889:3891 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
Code: df 80 3c 02 00 75 62 [ 28.042279] binder_alloc: 3822:
binder_alloc_buf, no vma
binder: 3889:3892 transaction failed 29189/-3, size 0-0 line 3127
5b 49 c7 45 20 00 [ 28.058347] binder: BINDER_SET_CONTEXT_MGR already set
binder: 3893:3894 ioctl 40046207 0 returned -16
binder: 3893:3894 ERROR: BC_REGISTER_LOOPER called without request
00 00 00 41 5c 41 [ 28.080169] binder_alloc: 3822: binder_alloc_buf, no
vma
binder: 3893:3895 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
5d 41 5e 5d c3 e8 09 4e 61 fe 0f 0b e8 02 4e 61 fe 0f 0b e8 [ 28.107300]
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3893:3896 transaction failed 29189/-3, size 0-0 line 3127
fb 4d 61 fe <0f> 0b [ 28.123577] binder: BINDER_SET_CONTEXT_MGR already
set
binder: 3897:3898 ioctl 40046207 0 returned -16
binder: 3897:3898 ERROR: BC_REGISTER_LOOPER called without request
e8 f4 4d 61 fe 0f 0b [ 28.146194] binder_alloc: 3822: binder_alloc_buf,
no vma
binder: 3897:3899 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
e8 dd 80 7e fe e9 1c ff ff ff e8 f3
RIP [<ffffffff82d565e5>] binder_pop_transaction_ilocked+0x145/0x190
drivers/android/binder.c:2006
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3897:3900 transaction failed 29189/-3, size 0-0 line 3127
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3901:3902 ioctl 40046207 0 returned -16
binder: 3901:3902 ERROR: BC_REGISTER_LOOPER called without request
RSP <ffff8801d951fa80>
binder_alloc: 3822: binder_alloc_buf, no vma
binder: 3901:3903 transaction failed 29189/-3, size 0-0 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
---[ end trace b5562e39ac31520f ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
ตอบทุกคน
ตอบกลับผู้สร้าง
ส่งต่อ
ข้อความใหม่ 0 รายการ