BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/6729
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 6729 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d5eef6d8 ffffffff81d90889 0000000000000000 ffffffff83c17800
ffffffff83f42ec0 ffff8801aed31800 0000000000000003 ffff8801d5eef718
ffffffff81df7854 ffff8801d5eef730 ffffffff83f42ec0[ 45.871305] tc_dump_action: action bad kind
dffffc0000000000Call Trace:
[<ffffffff81d90889>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90889>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81df7854>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
[<ffffffff81df78bc>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
tc_dump_action: action bad kind
[<ffffffff833f3f78>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
[<ffffffff833f3f78>] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363
[<ffffffff83360470>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
[<ffffffff833d2677>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096
[<ffffffff833d2dda>] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122
[<ffffffff8356cb49>] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline]
[<ffffffff8356cb49>] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498
[<ffffffff835645ee>] pfkey_process+0x61e/0x730 net/key/af_key.c:2826
[<ffffffff83565e99>] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670
[<ffffffff82ecfb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
[<ffffffff82ecfb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
[<ffffffff82ed1791>] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968
[<ffffffff82ed37c6>] __sys_sendmsg+0xd6/0x190 net/socket.c:2002
[<ffffffff82ed38ad>] SYSC_sendmsg net/socket.c:2013 [inline]
[<ffffffff82ed38ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2009
[<ffffffff838aa9c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
nla_parse: 60 callbacks suppressed
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'.
mmap: syz-executor3 (7136): VmData 35430400 exceed data ulimit 127. Update limits or use boot option ignore_rlimit_data.
audit: type=1400 audit(1513087834.774:33): avc: denied { create } for pid=7168 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
audit: type=1400 audit(1513087835.824:34): avc: denied { getattr } for pid=7409 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
devpts: called with bogus options
devpts: called with bogus options
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57618 sclass=netlink_route_socket pig=7936 comm=syz-executor3
devpts: called with bogus options
devpts: called with bogus options
devpts: called with bogus options
devpts: called with bogus options
audit: type=1400 audit(1513087838.054:35): avc: denied { create } for pid=8018 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
sock: process `syz-executor6' is using obsolete setsockopt SO_BSDCOMPAT
sd 0:0:1:0: [sg0] tag#186 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#186 CDB: Test Unit Ready
sd 0:0:1:0: [sg0] tag#186 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#186 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#186 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#186 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#245 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#245 CDB: Test Unit Ready
sd 0:0:1:0: [sg0] tag#245 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#245 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#245 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#245 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pig=8456 comm=syz-executor5
nla_parse: 71 callbacks suppressed
netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pig=8456 comm=syz-executor5
netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8597 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8619 comm=syz-executor2
device gre0 entered promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
binder: 9154:9157 ERROR: BC_REGISTER_LOOPER called without request
binder: 9154:9168 BC_FREE_BUFFER u0000000000000000 no match
audit: type=1400 audit(1513087842.594:36): avc: denied { setopt } for pid=9170 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
binder: 9154:9168 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
binder: 9154:9157 unknown command 0
binder: 9154:9168 BC_ACQUIRE_DONE uffffffffffffffff no match
binder: 9154:9168 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER
binder: 9154:9187 got reply transaction with bad transaction stack, transaction 36 has target 9154:9157
binder: 9154:9187 transaction failed 29201/-71, size 32-8 line 2938
binder: 9154:9157 ioctl c0306201 2000a000 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 9154:9168 ioctl 40046207 0 returned -16
binder: 9154:9168 ERROR: BC_REGISTER_LOOPER called without request
binder: release 9154:9157 transaction 36 in, still active
binder: send failed reply for transaction 36 to 9154:9187
binder: undelivered TRANSACTION_COMPLETE
binder: 9154:9168 BC_FREE_BUFFER u0000000000000000 no match
binder: 9154:9168 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
binder: 9154:9168 BC_ACQUIRE_DONE uffffffffffffffff no match
binder: 9154:9168 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER
binder: 9154:9187 transaction failed 29189/-22, size 0-0 line 3007
binder: 9154:9157 ioctl c0306201 2000a000 returned -14
binder: undelivered TRANSACTION_ERROR: 29201
binder: undelivered TRANSACTION_ERROR: 29189
device syz0 entered promiscuous mode
binder: undelivered TRANSACTION_ERROR: 29189