netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor3/18154 binder_alloc: 18100: binder_alloc_buf, no vma binder: 18100:18128 transaction failed 29189/-3, size 80-16 line 3131 binder: 18100:18136 ioctl 40046207 0 returned -16 binder: 18100:18102 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 18100:18102 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 18100:18102 got reply transaction with bad transaction stack, transaction 192 has target 18100:0 binder: 18100:18102 transaction failed 29201/-71, size 48-56 line 2939 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 18154 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 1c6b4bdca1058721 ffff8801d1ac7828 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8801d1ac7868 ffffffff81d28d58 ffffffff83ced1a0 1ffff1003a358f14 ffff8800b92c98c0 ffff8800b92c8b40 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: release 18100:18102 transaction 192 out, still active binder: send failed reply for transaction 192, target dead binder: 18201:18205 got transaction with invalid offset (0, min 24 max 48) or object. binder: 18201:18224 transaction failed 29201/-28, size 0-32 line 3131 binder: 18201:18205 transaction failed 29201/-22, size 48-48 line 3194 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket binder_alloc: binder_alloc_mmap_handler: 18201 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket binder: 18201:18205 ioctl 40046207 0 returned -16 binder_alloc: 18201: binder_alloc_buf, no vma binder: 18201:18241 transaction failed 29189/-3, size 48-48 line 3131 binder_alloc: 18201: binder_alloc_buf, no vma binder: 18201:18241 transaction failed 29189/-3, size 0-32 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: 18276:18277 ioctl c0306201 2000e000 returned -14 binder: 18276:18280 ioctl c0306201 2000e000 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 18276:18277 ioctl 40046207 0 returned -16 audit: type=1326 audit(1513040518.806:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18283 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513040518.866:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18283 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 binder: 18377:18380 got transaction to invalid handle binder: 18377:18380 transaction failed 29201/-22, size 72-16 line 3008 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: binder_alloc_mmap_handler: 18377 20000000-20002000 already mapped failed -16 binder: 18377:18396 ioctl 40046207 0 returned -16 binder: 18377:18415 got transaction to invalid handle binder: 18377:18415 transaction failed 29201/-22, size 72-16 line 3008 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: 18464:18470 got transaction with invalid parent offset or type binder: 18464:18470 transaction failed 29201/-22, size 72-16 line 3254 binder: BINDER_SET_CONTEXT_MGR already set binder: 18464:18470 ioctl 40046207 0 returned -16 binder_alloc: 18464: binder_alloc_buf, no vma binder: 18464:18470 transaction failed 29189/-3, size 72-16 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop6, sector 0 Buffer I/O error on dev loop6, logical block 0, lost async page write binder: 18913:18914 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 18913:18914 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 18913:18914 got reply transaction with bad transaction stack, transaction 218 has target 18913:0 binder: 18913:18922 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 18913:18914 transaction failed 29201/-71, size 48-56 line 2939 netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'. binder_alloc: binder_alloc_mmap_handler: 18913 20000000-20002000 already mapped failed -16 netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'. loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop6, sector 0 Buffer I/O error on dev loop6, logical block 0, lost async page write binder: BINDER_SET_CONTEXT_MGR already set binder: 18913:18914 ioctl 40046207 0 returned -16 binder: 18913:18922 unknown command 0 binder: 18913:18922 ioctl c0306201 201f2fd0 returned -22 binder_alloc: 18913: binder_alloc_buf, no vma binder: 18913:18925 IncRefs 0 refcount change on invalid ref 2 ret -22 binder: 18913:18925 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 18913:18925 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 18913:18925 got reply transaction with no transaction stack binder: 18913:18925 transaction failed 29201/-71, size 48-56 line 2924 binder: 18913:18925 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 18913:18925 BC_FREE_BUFFER u0000000000000000 no match binder: 18913:18925 got transaction to invalid handle binder: 18913:18925 transaction failed 29201/-22, size 0-32 line 3008 binder: 18913:18914 transaction failed 29189/-3, size 80-16 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 18913:18914 transaction 218 out, still active binder: send failed reply for transaction 218, target dead netlink: 56 bytes leftover after parsing attributes in process `syz-executor1'. binder_alloc: 19073: binder_alloc_buf, no vma binder: 19073:19075 transaction failed 29189/-3, size 80-16 line 3131 binder: 19073:19075 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 19073:19075 BC_FREE_BUFFER u0000000000000000 no match binder: 19073:19075 got transaction to invalid handle binder: 19073:19075 transaction failed 29201/-22, size 0-32 line 3008 binder: BINDER_SET_CONTEXT_MGR already set binder: 19073:19075 ioctl 40046207 0 returned -16 binder_alloc: 19073: binder_alloc_buf, no vma binder: 19073:19097 transaction failed 29189/-3, size 80-16 line 3131 binder: 19073:19127 IncRefs 0 refcount change on invalid ref 2 ret -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket binder: 19073:19127 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 19073:19127 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 19073:19127 got reply transaction with no transaction stack binder: 19073:19127 transaction failed 29201/-71, size 48-56 line 2924 binder: 19073:19075 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 19073:19075 BC_FREE_BUFFER u0000000000000000 no match binder: 19073:19075 got transaction to invalid handle binder: 19073:19075 transaction failed 29201/-22, size 0-32 line 3008 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket sg_write: data in/out 901092476/192 bytes for SCSI command 0x1b-- guessing data in; program syz-executor0 not setting count and/or reply_len properly binder: 19517:19519 got transaction with invalid parent offset or type binder: 19517:19519 transaction failed 29201/-22, size 72-16 line 3254 netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. binder: BINDER_SET_CONTEXT_MGR already set netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. binder_alloc: binder_alloc_mmap_handler: 19517 20000000-20002000 already mapped failed -16 binder: 19517:19541 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 56 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor7'. loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop6, sector 0 Buffer I/O error on dev loop6, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop6, sector 0 Buffer I/O error on dev loop6, logical block 0, lost async page write netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. blk_update_request: I/O error, dev loop6, sector 0 blk_update_request: I/O error, dev loop6, sector 0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket binder: 20181:20183 ioctl 85 20416000 returned -22 binder: 20181:20183 unknown command 0 binder: 20181:20183 ioctl c0306201 20000fd0 returned -22 binder: 20181:20194 ioctl 85 20416000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 20181:20194 ioctl 40046207 0 returned -16 binder: 20181:20183 unknown command 0 binder: 20181:20183 ioctl c0306201 20000fd0 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket