device gre0 entered promiscuous mode BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/5964 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 5964 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a6af76d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801d8d66000 0000000000000003 ffff8801a6af7718 ffffffff81df7854 ffff8801a6af7730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513074725.743:35): avc: denied { getopt } for pid=6046 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6047 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a1ccf4a0 ffffffff81d90889 ffff8801a1ccf780 0000000000000000 ffff8801c429a410 ffff8801a1ccf670 ffff8801c429a300 ffff8801a1ccf698 ffffffff8165e497 0000000000003af1 ffff8801a7c688f0 ffff8801a7c688a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_poll fs/select.c:983 [inline] [] SyS_poll+0x120/0x3f0 fs/select.c:971 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 6055 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a1fbf940 ffffffff81d90889 ffff8801a1fbfc20 0000000000000000 ffff8801c429a410 ffff8801a1fbfb10 ffff8801c429a300 ffff8801a1fbfb38 ffffffff8165e497 0000000000003af1 ffff8801a1faa0f0 ffff8801a1faa0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6065 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a1fc7940 ffffffff81d90889 ffff8801a1fc7c20 0000000000000000 ffff8801c4735190 ffff8801a1fc7b10 ffff8801c4735080 ffff8801a1fc7b38 ffffffff8165e497 0000000000003af1 ffff8801a1d2a0f0 ffff8801a1d2a0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6047 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a1ccf850 ffffffff81d90889 ffff8801a1ccfb30 0000000000000000 ffff8801c4735190 ffff8801a1ccfa20 ffff8801c4735080 ffff8801a1ccfa48 ffffffff8165e497 0000000000003af1 ffff8801a7c688f0 ffff8801a7c688a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:284 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 6058 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a7dbf4a0 ffffffff81d90889 ffff8801a7dbf780 0000000000000000 ffff8801c4735190 ffff8801a7dbf670 ffff8801c4735080 ffff8801a7dbf698 ffffffff8165e497 0000000000003af1 ffff8801a1fae8f0 ffff8801a1fae8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_poll fs/select.c:983 [inline] [] SyS_poll+0x120/0x3f0 fs/select.c:971 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode audit: type=1400 audit(1513074727.063:36): avc: denied { write } for pid=6129 comm="syz-executor6" name="net" dev="proc" ino=15534 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1513074727.063:37): avc: denied { add_name } for pid=6129 comm="syz-executor6" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 nla_parse: 10 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. capability: warning: `syz-executor4' uses deprecated v2 capabilities in a way that may be insecure netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=16 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode netlink: 6 bytes leftover after parsing attributes in process `syz-executor2'. selinux_nlmsg_perm: 4 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6487 comm=syz-executor2 device syz5 entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. audit_printk_skb: 3 callbacks suppressed audit: type=1400 audit(1513074729.883:39): avc: denied { ioctl } for pid=6708 comm="syz-executor4" path="socket:[17143]" dev="sockfs" ino=17143 ioctlcmd=0x642e scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6734 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c4137480 ffffffff81d90889 ffff8801c4137760 0000000000000000 ffff8801c4734590 ffff8801c4137650 ffff8801c4734480 ffff8801c4137678 ffffffff8165e497 0000000000003bcb ffff8801a6bb3918 ffff8801a6bb38a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6743 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a35e7480 ffffffff81d90889 ffff8801a35e7760 0000000000000000 ffff8801c4734290 ffff8801a35e7650 ffff8801c4734180 ffff8801a35e7678 ffffffff8165e497 0000000000003bcb ffff8801a86f3918 ffff8801a86f38a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=17 PF_BRIDGE: RTM_SETLINK with unknown ifindex netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. PF_BRIDGE: RTM_SETLINK with unknown ifindex netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. keychord: unsupported version 0 keychord: unsupported version 0 binder: 6950:6954 ioctl 40286608 5 returned -22 audit: type=1400 audit(1513074731.573:40): avc: denied { dyntransition } for pid=6947 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 binder: 6950:6966 ioctl 40046205 3 returned -22 binder: 6950:6966 ioctl 40046205 3 returned -22 binder: 6950:6966 ERROR: BC_REGISTER_LOOPER called without request binder: 6950:6966 ioctl c0306201 204edfd0 returned -11 binder_alloc: 6950: binder_alloc_buf, no vma binder: 6950:6966 transaction failed 29189/-3, size 0-0 line 3130 netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. tmpfs: No value for mount option 'ij' binder: 6950:6966 ioctl 40046205 1000 returned -22 binder: 6950:6966 DecRefs 0 refcount change on invalid ref 1 ret -22 binder: 6950:6966 BC_INCREFS_DONE node 31 has no pending increfs request binder: 6950:6966 ioctl c0306201 2000efd0 returned -11 binder: 6950:6990 ioctl 40286608 5 returned -22 netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. binder: 6950:6966 ioctl 40046205 3 returned -22 binder: 6950:6966 transaction failed 29189/-22, size 0-0 line 3007 binder: 6950:6990 got reply transaction with no transaction stack binder: 6950:6990 transaction failed 29201/-71, size 32-8 line 2923 tmpfs: No value for mount option 'ij' binder: 7026:7029 BC_FREE_BUFFER u0000000000000000 no match binder: 7026:7029 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 7026:7029 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 7026:7029 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 7026:7029 got reply transaction with no transaction stack binder: 7026:7029 transaction failed 29201/-71, size 72-40 line 2923 binder: 7026:7029 DecRefs 0 refcount change on invalid ref 2 ret -22 binder: 7026:7029 BC_REQUEST_DEATH_NOTIFICATION death notification already set binder: 7026 invalid dec weak, ref 36 desc 0 s 1 w 0 binder: 7026:7041 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 7026:7041 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000003 != fffffffffffffffe binder: 7026:7041 got reply transaction with no transaction stack binder: 7026:7041 transaction failed 29201/-71, size 0-48 line 2923 binder: 7026:7044 tried to acquire reference to desc 0, got 1 instead binder: 7026:7044 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7026:7041 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 7026:7044 BC_FREE_BUFFER u0000000000000000 no match binder: 7026:7044 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7026:7044 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 7026:7044 ERROR: BC_REGISTER_LOOPER called without request binder: 7026:7044 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 7026:7044 got reply transaction with no transaction stack binder: 7026:7044 transaction failed 29201/-71, size 72-40 line 2923 binder: 7026:7044 DecRefs 0 refcount change on invalid ref 2 ret -22 binder: 7026:7044 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: undelivered death notification, 0000000000000000 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 device gre0 entered promiscuous mode binder: 7200:7201 ERROR: BC_REGISTER_LOOPER called without request binder: 7200:7209 got transaction with invalid offsets ptr binder: 7200:7209 transaction failed 29201/-14, size 0-16 line 3158 netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. binder: 7200:7209 ioctl 8904 20004ffc returned -22 binder: 7200:7209 ioctl c0306201 2000ffd0 returned -14 netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. binder_alloc: 7200: binder_alloc_buf, no vma binder: 7200:7201 transaction failed 29189/-3, size 0-16 line 3130 binder: 7200:7233 got reply transaction with no transaction stack binder: 7200:7233 transaction failed 29201/-71, size 32-8 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: 7265:7267 ERROR: BC_REGISTER_LOOPER called without request binder: 7265:7272 got transaction with invalid offsets ptr binder: 7265:7272 transaction failed 29201/-14, size 0-16 line 3158 program syz-executor7 is using a deprecated SCSI ioctl, please convert it to SG_IO binder: 7265:7272 ioctl 8904 20004ffc returned -22 binder: 7265:7272 ioctl c0306201 2000ffd0 returned -14 binder_alloc: 7265: binder_alloc_buf, no vma binder: 7265:7267 transaction failed 29189/-3, size 0-16 line 3130 binder: 7265:7272 got reply transaction with no transaction stack binder: 7265:7272 transaction failed 29201/-71, size 32-8 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 program syz-executor7 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 device syz1 entered promiscuous mode sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 binder: 7336:7337 ERROR: BC_REGISTER_LOOPER called without request binder: 7336:7347 BC_FREE_BUFFER u0000000000000000 no match binder: 7336:7347 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 7336:7337 ioctl c0306201 2000dfd0 returned -14 binder: 7336:7347 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 7336:7347 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 7336:7353 got reply transaction with bad transaction stack, transaction 53 has target 7336:7337 binder: 7336:7353 transaction failed 29201/-71, size 32-8 line 2938 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7371 comm=syz-executor4 binder: BINDER_SET_CONTEXT_MGR already set binder: 7336:7353 ioctl 40046207 0 returned -16 binder: 7336:7353 ERROR: BC_REGISTER_LOOPER called without request SELinux: unrecognized netlink message: protocol=9 nlmsg_type=6 sclass=netlink_audit_socket pig=7371 comm=syz-executor4 binder: 7336:7353 BC_FREE_BUFFER u0000000000000000 no match binder: 7336:7353 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 7336:7353 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 7336:7353 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder_alloc: 7336: binder_alloc_buf, no vma binder: 7336:7370 transaction failed 29189/-3, size 0-0 line 3130 binder: 7336:7370 ioctl c0306201 2000dfd0 returned -14 binder: 7336:7347 got reply transaction with no transaction stack binder: 7336:7347 transaction failed 29201/-71, size 32-8 line 2923 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7371 comm=syz-executor4 netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=6 sclass=netlink_audit_socket pig=7371 comm=syz-executor4 binder: release 7336:7337 transaction 53 in, still active binder: send failed reply for transaction 53 to 7336:7353 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 device gre0 entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7474 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c21b7940 ffffffff81d90889 ffff8801c21b7c20 0000000000000000 ffff8801a41b0710 ffff8801c21b7b10 ffff8801a41b0600 ffff8801c21b7b38 ffffffff8165e497 0000000000003af1 ffff8801d5f238f0 ffff8801d5f238a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode audit: type=1400 audit(1513074734.423:41): avc: denied { create } for pid=7566 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=key permissive=1 IPVS: Creating netns size=2536 id=18 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=7620 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=7665 comm=syz-executor7