BUG: Bad rss-counter state mm:0000000082e02555 idx:0 val:165
BUG: Bad rss-counter state mm:0000000082e02555 idx:1 val:1054
updating oom_score_adj for 8130 (syz-executor2) from 0 to 0 because it shares mm with 8124 (syz-executor2). Report if this is unexpected.
BUG: non-zero pgtables_bytes on freeing mm: 36864
updating oom_score_adj for 8131 (syz-executor2) from 0 to 0 because it shares mm with 8124 (syz-executor2). Report if this is unexpected.
futex_wake_op: syz-executor5 tries to shift op by -1; fix this program
ICMPv6: NA: bb:bb:bb:bb:bb:03 advertised our address fe80::3aa on syz3!
futex_wake_op: syz-executor5 tries to shift op by -1; fix this program
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
netlink: 'syz-executor6': attribute type 4 has an invalid length.
netlink: 'syz-executor6': attribute type 4 has an invalid length.
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8488:8491 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8488:8491 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8488:8507 ioctl 40046207 0 returned -16
nla_parse: 3 callbacks suppressed
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8562 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8562 comm=syz-executor5
IPv6: NLM_F_REPLACE set, but no existing node found!
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
IPv6: NLM_F_REPLACE set, but no existing node found!
binder_alloc: binder_alloc_mmap_handler: 8618 20004000-20005000 already mapped failed -16
*** Guest State ***
CR0: actual=0x0000000080000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7
kauditd_printk_skb: 204 callbacks suppressed
audit: type=1400 audit(1513734927.835:695): avc:  denied  { name_bind } for  pid=8644 comm="syz-executor1" src=26721 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
audit: type=1400 audit(1513734927.835:696): avc:  denied  { node_bind } for  pid=8644 comm="syz-executor1" src=26721 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1
binder: 8645:8650 ERROR: BC_REGISTER_LOOPER called without request
binder: 8650 RLIMIT_NICE not set
binder: 8650 RLIMIT_NICE not set
binder: 8650 RLIMIT_NICE not set
binder: 8645:8650 got transaction with invalid offset (0, min 0 max 0) or object.
binder: 8645:8650 transaction failed 29201/-22, size 0-8 line 3010
binder: send failed reply for transaction 57 to 8645:8654
binder: undelivered TRANSACTION_ERROR: 29190
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: 8645:8650 ERROR: BC_REGISTER_LOOPER called without request
binder: 8650 RLIMIT_NICE not set
binder_alloc: 8645: binder_alloc_buf, no vma
binder: 8645:8656 transaction failed 29189/-3, size 0-0 line 2947
binder: undelivered TRANSACTION_ERROR: 29189
CR4: actual=0x0000000000022050, shadow=0x0000000000020000, gh_mask=ffffffffffffe871
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000f80  RIP = 0x0000000000000000
RFLAGS=0x00000002         DR7 = 0x0000000000000400
Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GDTR:                           limit=0x000007ff, base=0x0000000000001000
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
IDTR:                           limit=0x000001ff, base=0x0000000000003800
TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
EFER =     0x0000000000000001  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff81096f7b  RSP = 0xffffc900010f7cd0
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007fb23cb2c700 GSBase=ffff88021fc00000 TRBase=fffffffffe500000
GDTBase=fffffffffe4fe000 IDTBase=ffffffffff3fe000
CR0=0000000080050033 CR3=00000001fa6bc003 CR4=00000000001626f0
Sysenter RSP=fffffffffe4ff200 CS:RIP=0010:ffffffff82601b00
EFER = 0x0000000000000d01  PAT = 0x0000000000000000
*** Control State ***
PinBased=0000003f CPUBased=b699edfa SecondaryExec=0000004a
EntryControls=0000d1ff ExitControls=0023efff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffeb4bb30556
EPT pointer = 0x00000001fa72101e
audit: type=1326 audit(1513734928.231:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=24 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=36 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452a09 code=0x7ffc0000
audit: type=1326 audit(1513734928.232:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000
binder: binder_mmap: 8682 20002000-20006000 bad vm_flags failed -1
binder: 8682:8689 ioctl c0306201 20006fd0 returned -14
binder: 8682:8684 ioctl c0306201 20004000 returned -14
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=8838 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=8852 comm=syz-executor3
device gre0 entered promiscuous mode
binder: 8984:8992 ERROR: BC_REGISTER_LOOPER called without request
binder: 8992 RLIMIT_NICE not set
binder_alloc: 8984: binder_alloc_buf size 29113360509841272 failed, no address space
binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
binder: 8984:9032 got reply transaction with no transaction stack
binder: 8984:9032 transaction failed 29201/-71, size 24-8 line 2747
binder: 8984:9032 ioctl c0306201 2000bfd0 returned -14
binder: 8984:9007 transaction failed 29201/-28, size 29113360509841270-0 line 2947
binder_alloc: binder_alloc_mmap_handler: 8984 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 8984:9007 ioctl 40046207 0 returned -16
binder: 8984:9032 ERROR: BC_REGISTER_LOOPER called without request
binder: 9032 RLIMIT_NICE not set
binder_alloc: 8984: binder_alloc_buf, no vma
binder: 8984:9037 transaction failed 29189/-3, size 29113360509841270-0 line 2947
binder: 8984:9032 got reply transaction with no transaction stack
binder: 8984:9032 transaction failed 29201/-71, size 24-8 line 2747
binder: undelivered TRANSACTION_ERROR: 29201
binder: undelivered TRANSACTION_ERROR: 29189
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55447 sclass=netlink_route_socket pig=9048 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55447 sclass=netlink_route_socket pig=9048 comm=syz-executor3
binder: undelivered TRANSACTION_ERROR: 29201
netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'.
encrypted_key: insufficient parameters specified
encrypted_key: insufficient parameters specified
netlink: 'syz-executor4': attribute type 27 has an invalid length.
netlink: 'syz-executor4': attribute type 27 has an invalid length.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=9384 comm=syz-executor3
QAT: Invalid ioctl
QAT: Invalid ioctl
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
syz-executor4 (9521): /proc/9520/oom_adj is deprecated, please use /proc/9520/oom_score_adj instead.
binder: 9585:9587 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 9585:9610 BC_DEAD_BINDER_DONE 0000000000000000 not found
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
general protection fault: 0000 [#1] SMP
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76
RSP: 0018:ffff88021fc03f20 EFLAGS: 00010006
RAX: ffffffff83025500 RBX: 00000000001606f0 RCX: ffffffff8108d968
RDX: 0000000000010000 RSI: 0000000000000000 RDI: 00000000001606f0
RBP: ffff88021fc03f20 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000006
R13: ffffffff83025500 R14: ffffffff81026eb0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff6dd74a000 CR3: 000000000301e005 CR4: 00000000001626f0
Call Trace:
 <IRQ>
 __write_cr4 arch/x86/include/asm/paravirt.h:76 [inline]
 __cr4_set arch/x86/include/asm/tlbflush.h:252 [inline]
 cr4_clear_bits arch/x86/include/asm/tlbflush.h:275 [inline]
 kvm_cpu_vmxoff arch/x86/kvm/vmx.c:3582 [inline]
 hardware_disable+0x1a0/0x210 arch/x86/kvm/vmx.c:3588
 kvm_arch_hardware_disable+0x14/0x50 arch/x86/kvm/x86.c:7983
 hardware_disable_nolock+0x30/0x40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3291
 flush_smp_call_function_queue+0x95/0x1e0 kernel/smp.c:243
 generic_smp_call_function_single_interrupt+0x13/0x30 kernel/smp.c:192
 smp_call_function_single_interrupt+0x42/0x240 arch/x86/kernel/smp.c:295
 call_function_single_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:942
 </IRQ>
RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54
RSP: 0018:ffffffff83003e30 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff04
RAX: ffffffff83025500 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff83025500 RSI: 0000000000000001 RDI: ffffffff83025500
RBP: ffffffff83003e30 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8304f960 R14: 0000000000000000 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:93 [inline]
 default_idle+0x2e/0x1a0 arch/x86/kernel/process.c:354
 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:345
 default_idle_call+0x1e/0x40 kernel/sched/idle.c:98
 cpuidle_idle_call kernel/sched/idle.c:156 [inline]
 do_idle+0x17e/0x220 kernel/sched/idle.c:246
 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:351
 rest_init+0xc7/0xd0 init/main.c:436
 start_kernel+0x52b/0x53a init/main.c:717
 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
 x86_64_start_kernel+0x72/0x75 arch/x86/kernel/head64.c:359
 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237
Code: 0f 1f 80 00 00 00 00 55 48 89 e5 0f 20 d8 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 0f 22 df 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 <0f> 22 e7 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 44 0f 20 c0 5d 
RIP: native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: ffff88021fc03f20
---[ end trace 820369a1060cb778 ]---