BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/6484 device gre0 entered promiscuous mode caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6484 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c37076d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801d4e63000 0000000000000003 ffff8801c3707718 ffffffff81df7854 ffff8801c3707730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 6570:6573 got transaction with invalid parent offset or type audit: type=1400 audit(1513075717.170:35): avc: denied { connect } for pid=6578 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 audit: type=1400 audit(1513075717.170:36): avc: denied { getopt } for pid=6578 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 audit: type=1400 audit(1513075717.170:37): avc: denied { getattr } for pid=6578 comm="syz-executor5" path="socket:[15694]" dev="sockfs" ino=15694 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 binder: 6570:6573 transaction failed 29201/-22, size 80-16 line 3253 binder_alloc: binder_alloc_mmap_handler: 6570 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6570:6593 ioctl 40046207 0 returned -16 binder_alloc: 6570: binder_alloc_buf, no vma binder: 6570:6597 transaction failed 29189/-3, size 80-16 line 3130 audit: type=1400 audit(1513075717.630:38): avc: denied { setattr } for pid=6617 comm="syz-executor3" name="ns" dev="proc" ino=16992 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. selinux_nlmsg_perm: 1 callbacks suppressed SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=6610 comm=syz-executor1 IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. IPv6: NLM_F_REPLACE set, but no existing node found! SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=6629 comm=syz-executor1 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. binder_alloc: binder_alloc_mmap_handler: 6686 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6686:6688 ioctl 40046207 0 returned -16 binder_alloc: 6686: binder_alloc_buf, no vma binder: 6686:6713 transaction failed 29189/-3, size 80-16 line 3130 binder: 6703:6711 Acquire 1 refcount change on invalid ref 2 ret -22 binder: 6703:6711 IncRefs 0 refcount change on invalid ref 0 ret -22 binder: 6703:6711 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 6703:6711 ERROR: BC_REGISTER_LOOPER called without request binder: 6703:6711 Release 1 refcount change on invalid ref 0 ret -22 binder: 6703:6711 ioctl c0306201 20002fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6686:6688 transaction 50 out, still active binder: 6703:6736 DecRefs 0 refcount change on invalid ref 2 ret -22 binder: 6703:6736 BC_FREE_BUFFER u0000000000000000 no match binder: 6703:6736 BC_INCREFS_DONE u0000000000000000 node 56 cookie mismatch 0000000000000004 != 0000000000000000 binder: BINDER_SET_CONTEXT_MGR already set binder: 6703:6736 ioctl 40046207 0 returned -16 binder: 6703:6766 got transaction with unaligned buffers size, 65 binder: unexpected work type, 4, not freed binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 50, target dead binder: BINDER_SET_CONTEXT_MGR already set binder: 6703:6776 ioctl 40046207 0 returned -16 netlink: 14 bytes leftover after parsing attributes in process `syz-executor2'. binder: 6703:6776 Acquire 1 refcount change on invalid ref 2 ret -22 binder: 6703:6776 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 6703:6776 ERROR: BC_REGISTER_LOOPER called without request binder: tried to use weak ref as strong ref binder: 6703:6776 Release 1 refcount change on invalid ref 0 ret -22 binder: 6703:6776 ioctl c0306201 20002fd0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 6703:6776 ioctl 40046207 0 returned -16 netlink: 14 bytes leftover after parsing attributes in process `syz-executor2'. binder: 6703:6801 DecRefs 0 refcount change on invalid ref 2 ret -22 binder: 6703:6801 BC_FREE_BUFFER u0000000000000000 no match binder: 6703:6801 BC_INCREFS_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 6703:6801 ioctl 40046207 0 returned -16 binder_alloc: 6703: binder_alloc_buf, no vma binder: 6703:6805 transaction failed 29189/-3, size 0-40 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 6703:6805 ioctl 40046207 0 returned -16 binder: 6703:6766 transaction failed 29201/-22, size 0-40 line 3175 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6844 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd6ff480 ffffffff81d90889 ffff8801cd6ff760 0000000000000000 ffff8801a602b190 ffff8801cd6ff650 ffff8801a602b080 ffff8801cd6ff678 ffffffff8165e497 0000000000003bcb ffff8801cd6f0918 ffff8801cd6f08a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 70 CPU: 1 PID: 6818 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8587ae0 ffffffff81d90889 ffff8801d8587dc0 0000000000000000 ffff8801a602b190 ffff8801d8587cb0 ffff8801a602b080 ffff8801d8587cd8 ffffffff8165e497 0000000000003af1 ffff8801d8f638f0 ffff8801d8f638a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 IPVS: Creating netns size=2536 id=15 CPU: 0 PID: 6830 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7d9f830 ffffffff81d90889 ffff8801c7d9fb10 0000000000000000 ffff8801a602b190 ffff8801c7d9fa00 ffff8801a602b080 ffff8801c7d9fa28 ffffffff8165e497 0000000000003af1 ffff8801c522a0f0 ffff8801c522a0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedreceive ipc/mqueue.c:1092 [inline] [] SyS_mq_timedreceive+0xcd/0xdb0 ipc/mqueue.c:1077 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 6899:6905 not enough space to store 4 fds in buffer binder: 6899:6905 transaction failed 29201/-22, size 72-32 line 3272 binder_alloc: binder_alloc_mmap_handler: 6899 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6899:6905 ioctl 40046207 0 returned -16 binder_alloc: 6899: binder_alloc_buf, no vma binder: 6899:6911 transaction failed 29189/-3, size 72-32 line 3130 device lo entered promiscuous mode device lo left promiscuous mode audit: type=1400 audit(1513075720.020:39): avc: denied { create } for pid=6949 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode binder: 7258:7260 BC_INCREFS_DONE u4004630600000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 7258:7260 ioctl 40046207 0 returned -16 device lo entered promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode nla_parse: 1 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode device gre0 left promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. keychord: Insufficient bytes present for keycount 18 keychord: Insufficient bytes present for keycount 18 audit: type=1400 audit(1513075721.850:40): avc: denied { setpcap } for pid=7462 comm="syz-executor3" capability=8 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7580 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c3c7f710 ffffffff81d90889 ffff8801c3c7f9f0 0000000000000000 ffff8801a602a290 ffff8801c3c7f8e0 ffff8801a602a180 ffff8801c3c7f908 ffffffff8165e497 0000000000003af1 ffff8801c4fc88f0 ffff8801c4fc88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075722.360:41): avc: denied { bind } for pid=7637 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 CPU: 0 PID: 7589 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cc7b7930 ffffffff81d90889 ffff8801cc7b7c10 0000000000000000 ffff8801a602a290 ffff8801cc7b7b00 ffff8801a602a180 ffff8801cc7b7b28 ffffffff8165e497 0000000000003af1 ffff8801ca9c88f0 ffff8801ca9c88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7589 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cc7b7930 ffffffff81d90889 ffff8801cc7b7c10 0000000000000000 ffff8801a602ba90 ffff8801cc7b7b00 ffff8801a602b980 ffff8801cc7b7b28 ffffffff8165e497 0000000000003af1 ffff8801ca9c88f0 ffff8801ca9c88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 7580 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c3c7f710 ffffffff81d90889 ffff8801c3c7f9f0 0000000000000000 ffff8801a602ba90 ffff8801c3c7f8e0 ffff8801a602b980 ffff8801c3c7f908 ffffffff8165e497 0000000000003af1 ffff8801c4fc88f0 ffff8801c4fc88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: set_ctl: invalid protocol: 31912 1.136.255.255:0 8h}W_# device gre0 entered promiscuous mode binder: 7677:7679 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 7677:7679 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 7677:7685 ioctl 40046207 0 returned -16 binder_alloc: 7677: binder_alloc_buf, no vma binder: 7677:7685 transaction failed 29189/-3, size 0-0 line 3130 keychord: using input dev AT Translated Set 2 keyboard for fevent binder: BINDER_SET_CONTEXT_MGR already set netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. binder: 7677:7701 ioctl 40046207 0 returned -16 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. binder: 7677:7685 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 7677:7685 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 7677:7685 ioctl 40046207 0 returned -16 binder_alloc: 7677: binder_alloc_buf, no vma binder: 7677:7701 transaction failed 29189/-3, size 0-0 line 3130 tty_warn_deprecated_flags: 'syz-executor0' is using deprecated serial flags (with no effect): 00008000 netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. tty_warn_deprecated_flags: 'syz-executor0' is using deprecated serial flags (with no effect): 00008000 sg_write: data in/out 327644/32 bytes for SCSI command 0x4-- guessing data in; program syz-executor3 not setting count and/or reply_len properly netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. binder: 7832:7839 got transaction with invalid offsets ptr binder: 7832:7839 transaction failed 29201/-14, size 0-4095 line 3158 IPVS: Creating netns size=2536 id=16 binder: BINDER_SET_CONTEXT_MGR already set binder: 7832:7839 ioctl 40046207 0 returned -16 binder_alloc: 7832: binder_alloc_buf, no vma binder: 7832:7847 transaction failed 29189/-3, size 0-4095 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 IPVS: Creating netns size=2536 id=17 binder: 7921:7922 DecRefs 0 refcount change on invalid ref 8 ret -22 binder: 7921 invalid dec weak, ref 73 desc 0 s 1 w 0 binder: 7921:7933 unknown command 0 binder: 7921:7933 ioctl c0306201 20008000 returned -22 audit: type=1400 audit(1513075724.110:42): avc: denied { create } for pid=7937 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 7921:7947 ioctl 40046207 0 returned -16 binder: 7921:7970 DecRefs 0 refcount change on invalid ref 8 ret -22 binder: 7921:7970 unknown command 0 binder: 7921:7970 ioctl c0306201 20003fd0 returned -22 binder: 7921 invalid dec weak, ref 74 desc 0 s 1 w 0 binder: 7921:7933 unknown command 0 binder: 7921:7933 ioctl c0306201 20008000 returned -22 binder: 7921:7922 unknown command 536907732 binder: 7921:7922 ioctl c0306201 20003fd0 returned -22 program syz-executor5 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor5 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=8226 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=8249 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8286 comm=syz-executor1 IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! ALSA: seq fatal error: cannot create timer (-19) ALSA: seq fatal error: cannot create timer (-19) FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8430 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a52178c0 ffffffff81d90889 ffff8801a5217ba0 0000000000000000 ffff8801ce299f10 ffff8801a5217a90 ffff8801ce299e00 ffff8801a5217ab8 ffffffff8165e497 0000000000003af1 ffff8801c72838f0 ffff8801c72838a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=8453 comm=syz-executor7 IPVS: Creating netns size=2536 id=18 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=8457 comm=syz-executor7 IPVS: Creating netns size=2536 id=19 device gre0 entered promiscuous mode device gre0 left promiscuous mode CPU: 1 PID: 8437 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a4287830 ffffffff81d90889 ffff8801a4287b10 0000000000000000 ffff8801ce299f10 ffff8801a4287a00 ffff8801ce299e00 ffff8801a4287a28 ffffffff8165e497 0000000000003af1 ffff8801c72eb8f0 ffff8801c72eb8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedreceive ipc/mqueue.c:1092 [inline] [] SyS_mq_timedreceive+0xcd/0xdb0 ipc/mqueue.c:1077 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 left promiscuous mode nla_parse: 12 callbacks suppressed netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode