BUG: Bad rss-counter state mm:0000000082e02555 idx:0 val:165 BUG: Bad rss-counter state mm:0000000082e02555 idx:1 val:1054 updating oom_score_adj for 8130 (syz-executor2) from 0 to 0 because it shares mm with 8124 (syz-executor2). Report if this is unexpected. BUG: non-zero pgtables_bytes on freeing mm: 36864 updating oom_score_adj for 8131 (syz-executor2) from 0 to 0 because it shares mm with 8124 (syz-executor2). Report if this is unexpected. futex_wake_op: syz-executor5 tries to shift op by -1; fix this program ICMPv6: NA: bb:bb:bb:bb:bb:03 advertised our address fe80::3aa on syz3! futex_wake_op: syz-executor5 tries to shift op by -1; fix this program device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 'syz-executor6': attribute type 4 has an invalid length. netlink: 'syz-executor6': attribute type 4 has an invalid length. binder: BINDER_SET_CONTEXT_MGR already set binder: 8488:8491 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 8488:8491 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 8488:8507 ioctl 40046207 0 returned -16 nla_parse: 3 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8562 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8562 comm=syz-executor5 IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. IPv6: NLM_F_REPLACE set, but no existing node found! binder_alloc: binder_alloc_mmap_handler: 8618 20004000-20005000 already mapped failed -16 *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7 kauditd_printk_skb: 204 callbacks suppressed audit: type=1400 audit(1513734927.835:695): avc: denied { name_bind } for pid=8644 comm="syz-executor1" src=26721 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1513734927.835:696): avc: denied { node_bind } for pid=8644 comm="syz-executor1" src=26721 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 binder: 8645:8650 ERROR: BC_REGISTER_LOOPER called without request binder: 8650 RLIMIT_NICE not set binder: 8650 RLIMIT_NICE not set binder: 8650 RLIMIT_NICE not set binder: 8645:8650 got transaction with invalid offset (0, min 0 max 0) or object. binder: 8645:8650 transaction failed 29201/-22, size 0-8 line 3010 binder: send failed reply for transaction 57 to 8645:8654 binder: undelivered TRANSACTION_ERROR: 29190 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: 8645:8650 ERROR: BC_REGISTER_LOOPER called without request binder: 8650 RLIMIT_NICE not set binder_alloc: 8645: binder_alloc_buf, no vma binder: 8645:8656 transaction failed 29189/-3, size 0-0 line 2947 binder: undelivered TRANSACTION_ERROR: 29189 CR4: actual=0x0000000000022050, shadow=0x0000000000020000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff81096f7b RSP = 0xffffc900010f7cd0 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fb23cb2c700 GSBase=ffff88021fc00000 TRBase=fffffffffe500000 GDTBase=fffffffffe4fe000 IDTBase=ffffffffff3fe000 CR0=0000000080050033 CR3=00000001fa6bc003 CR4=00000000001626f0 Sysenter RSP=fffffffffe4ff200 CS:RIP=0010:ffffffff82601b00 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=0000004a EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffeb4bb30556 EPT pointer = 0x00000001fa72101e audit: type=1326 audit(1513734928.231:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=24 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=36 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513734928.232:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8661 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 binder: binder_mmap: 8682 20002000-20006000 bad vm_flags failed -1 binder: 8682:8689 ioctl c0306201 20006fd0 returned -14 binder: 8682:8684 ioctl c0306201 20004000 returned -14 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=8838 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=8852 comm=syz-executor3 device gre0 entered promiscuous mode binder: 8984:8992 ERROR: BC_REGISTER_LOOPER called without request binder: 8992 RLIMIT_NICE not set binder_alloc: 8984: binder_alloc_buf size 29113360509841272 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 8984:9032 got reply transaction with no transaction stack binder: 8984:9032 transaction failed 29201/-71, size 24-8 line 2747 binder: 8984:9032 ioctl c0306201 2000bfd0 returned -14 binder: 8984:9007 transaction failed 29201/-28, size 29113360509841270-0 line 2947 binder_alloc: binder_alloc_mmap_handler: 8984 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 8984:9007 ioctl 40046207 0 returned -16 binder: 8984:9032 ERROR: BC_REGISTER_LOOPER called without request binder: 9032 RLIMIT_NICE not set binder_alloc: 8984: binder_alloc_buf, no vma binder: 8984:9037 transaction failed 29189/-3, size 29113360509841270-0 line 2947 binder: 8984:9032 got reply transaction with no transaction stack binder: 8984:9032 transaction failed 29201/-71, size 24-8 line 2747 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55447 sclass=netlink_route_socket pig=9048 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55447 sclass=netlink_route_socket pig=9048 comm=syz-executor3 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. encrypted_key: insufficient parameters specified encrypted_key: insufficient parameters specified netlink: 'syz-executor4': attribute type 27 has an invalid length. netlink: 'syz-executor4': attribute type 27 has an invalid length. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=9384 comm=syz-executor3 QAT: Invalid ioctl QAT: Invalid ioctl netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. syz-executor4 (9521): /proc/9520/oom_adj is deprecated, please use /proc/9520/oom_score_adj instead. binder: 9585:9587 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 9585:9610 BC_DEAD_BINDER_DONE 0000000000000000 not found device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode general protection fault: 0000 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: 0018:ffff88021fc03f20 EFLAGS: 00010006 RAX: ffffffff83025500 RBX: 00000000001606f0 RCX: ffffffff8108d968 RDX: 0000000000010000 RSI: 0000000000000000 RDI: 00000000001606f0 RBP: ffff88021fc03f20 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000006 R13: ffffffff83025500 R14: ffffffff81026eb0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff6dd74a000 CR3: 000000000301e005 CR4: 00000000001626f0 Call Trace: __write_cr4 arch/x86/include/asm/paravirt.h:76 [inline] __cr4_set arch/x86/include/asm/tlbflush.h:252 [inline] cr4_clear_bits arch/x86/include/asm/tlbflush.h:275 [inline] kvm_cpu_vmxoff arch/x86/kvm/vmx.c:3582 [inline] hardware_disable+0x1a0/0x210 arch/x86/kvm/vmx.c:3588 kvm_arch_hardware_disable+0x14/0x50 arch/x86/kvm/x86.c:7983 hardware_disable_nolock+0x30/0x40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3291 flush_smp_call_function_queue+0x95/0x1e0 kernel/smp.c:243 generic_smp_call_function_single_interrupt+0x13/0x30 kernel/smp.c:192 smp_call_function_single_interrupt+0x42/0x240 arch/x86/kernel/smp.c:295 call_function_single_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:942 RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 RSP: 0018:ffffffff83003e30 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff04 RAX: ffffffff83025500 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffffff83025500 RSI: 0000000000000001 RDI: ffffffff83025500 RBP: ffffffff83003e30 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffffffff8304f960 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:93 [inline] default_idle+0x2e/0x1a0 arch/x86/kernel/process.c:354 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:345 default_idle_call+0x1e/0x40 kernel/sched/idle.c:98 cpuidle_idle_call kernel/sched/idle.c:156 [inline] do_idle+0x17e/0x220 kernel/sched/idle.c:246 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:351 rest_init+0xc7/0xd0 init/main.c:436 start_kernel+0x52b/0x53a init/main.c:717 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x72/0x75 arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 Code: 0f 1f 80 00 00 00 00 55 48 89 e5 0f 20 d8 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 0f 22 df 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 <0f> 22 e7 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 44 0f 20 c0 5d RIP: native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: ffff88021fc03f20 ---[ end trace 820369a1060cb778 ]---