FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5619 Comm: syz-executor2 Not tainted 4.4.120-gd63fdf6 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 41da7ee5ba1e9687 ffff8800aa8df8a0 ffffffff81d0408d ffff8801ca32c180 1ffff1001551bf21 ffff8800aa8dfa28 0000000000000000[ 46.247973] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor7/5661 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 0000000000000000 ffff8800aa8dfa50 ffffffff81607305 ffffffff81237410 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316 [] do_anonymous_page mm/memory.c:2731 [inline] [] handle_pte_fault mm/memory.c:3295 [inline] [] __handle_mm_fault mm/memory.c:3426 [inline] [] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455 [] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033 [] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline] [] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459 [] sysenter_flags_fixed+0xd/0x17 CPU: 0 PID: 5661 Comm: syz-executor7 Not tainted 4.4.120-gd63fdf6 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 c8da2fd14bf6b532 ffff8801c43d75b8 ffffffff81d0408d 0000000000000000 ffffffff839fe5a0 ffffffff83cefc20 ffff8801c5a81800 0000000000000003 ffff8801c43d75f8 ffffffff81d63fe4 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] sock_write_iter+0x226/0x3b0 net/socket.c:834 [] do_iter_readv_writev+0x138/0x1e0 fs/read_write.c:664 [] compat_do_readv_writev+0x2d4/0x6e0 fs/read_write.c:982 [] compat_writev+0xdc/0x150 fs/read_write.c:1090 [] C_SYSC_writev fs/read_write.c:1110 [inline] [] compat_SyS_writev+0xd8/0x1b0 fs/read_write.c:1099 [] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline] [] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459 [] sysenter_flags_fixed+0xd/0x17 binder: 5671:5684 ioctl 40046205 6 returned -22 syz-executor2 uses obsolete (PF_INET,SOCK_PACKET) binder: 5710:5714 unknown command 0 binder: 5710:5714 ioctl c0306201 20004000 returned -22 binder: 5710:5714 unknown command 0 binder: 5710:5714 ioctl c0306201 20004000 returned -22 audit: type=1400 audit(1521877551.416:13): avc: denied { create } for pid=5884 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable capability: warning: `syz-executor5' uses 32-bit capabilities (legacy support in use) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23094 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23094 sclass=netlink_route_socket binder: 6055:6061 unknown command 0 binder: 6055:6061 ioctl c0306201 20000500 returned -22 TCP: request_sock_TCP: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. audit_printk_skb: 24 callbacks suppressed audit: type=1400 audit(1521877552.716:22): avc: denied { set_context_mgr } for pid=6114 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 6114:6122 ERROR: BC_REGISTER_LOOPER called without request audit: type=1400 audit(1521877552.716:23): avc: denied { call } for pid=6114 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 6114: binder_alloc_buf, no vma binder: 6114:6122 transaction failed 29189/-3, size 0-0 line 3128 binder: BINDER_SET_CONTEXT_MGR already set binder: 6114:6122 ioctl 40046207 0 returned -16 binder: 6114:6133 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered TRANSACTION_ERROR: 29189 device bridge0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=4 nlmsg_type=50 sclass=netlink_tcpdiag_socket SELinux: unrecognized netlink message: protocol=4 nlmsg_type=50 sclass=netlink_tcpdiag_socket audit: type=1400 audit(1521877553.936:24): avc: denied { set_context_mgr } for pid=6333 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1521877553.986:25): avc: denied { call } for pid=6333 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 l2tp_core: tunl 18394: sockfd_lookup(fd=607773565) returned -9 binder: BINDER_SET_CONTEXT_MGR already set l2tp_core: tunl 18394: sockfd_lookup(fd=607773565) returned -9 binder_alloc: binder_alloc_mmap_handler: 6333 20000000-20001000 already mapped failed -16 audit: type=1400 audit(1521877554.086:26): avc: denied { call } for pid=6333 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 6333: binder_alloc_buf, no vma binder: 6333:6343 transaction failed 29189/-3, size 0-0 line 3128 binder: 6333:6368 ioctl 40046207 0 returned -16 binder_alloc: 6333: binder_alloc_buf, no vma binder: 6333:6372 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: 6386:6398 transaction failed 29189/-22, size 40-8 line 3005 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unknown mount option netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1521877555.606:27): avc: denied { create } for pid=6553 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1521877555.676:28): avc: denied { create } for pid=6553 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1521877555.966:29): avc: denied { create } for pid=6607 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1521877556.026:30): avc: denied { create } for pid=6607 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 device lo entered promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket audit: type=1400 audit(1521877556.766:31): avc: denied { create } for pid=6700 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1025 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1025 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1025 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1025 sclass=netlink_audit_socket blk_update_request: I/O error, dev loop0, sector 0 audit_printk_skb: 10 callbacks suppressed audit: type=1400 audit(1521877557.776:35): avc: denied { create } for pid=6883 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 binder_alloc: binder_alloc_mmap_handler: 6898 20000000-20002000 already mapped failed -16 audit: type=1400 audit(1521877557.876:36): avc: denied { create } for pid=6883 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1521877557.906:37): avc: denied { write } for pid=6883 comm="syz-executor0" path="socket:[15192]" dev="sockfs" ino=15192 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1521877557.946:38): avc: denied { write } for pid=6883 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64657 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64657 sclass=netlink_route_socket audit: type=1400 audit(1521877558.656:39): avc: denied { create } for pid=7047 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1521877558.706:40): avc: denied { create } for pid=7047 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1521877558.736:41): avc: denied { create } for pid=7047 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1521877558.736:42): avc: denied { write } for pid=7047 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 7060:7067 BC_DEAD_BINDER_DONE 0000000000000001 not found audit: type=1400 audit(1521877558.836:43): avc: denied { set_context_mgr } for pid=7060 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1521877558.896:44): avc: denied { call } for pid=7060 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 7060:7089 transaction failed 29201/-22, size 5732381268558808568--2757899721725684982 line 3128 binder: 7060:7096 BC_DEAD_BINDER_DONE 0000000000000001 not found binder: BINDER_SET_CONTEXT_MGR already set binder: 7060:7103 ioctl 40046207 0 returned -16 binder_alloc: binder_alloc_mmap_handler: 7060 2000c000-2000e000 already mapped failed -16 binder_alloc: 7060: binder_alloc_buf, no vma binder: 7060:7089 transaction failed 29189/-3, size 5732381268558808568--2757899721725684982 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=44899 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=44899 sclass=netlink_route_socket