netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'.
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor3/18154
binder_alloc: 18100: binder_alloc_buf, no vma
binder: 18100:18128 transaction failed 29189/-3, size 80-16 line 3131
binder: 18100:18136 ioctl 40046207 0 returned -16
binder: 18100:18102 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4
binder: 18100:18102 DecRefs 0 refcount change on invalid ref 3 ret -22
binder: 18100:18102 got reply transaction with bad transaction stack, transaction 192 has target 18100:0
binder: 18100:18102 transaction failed 29201/-71, size 48-56 line 2939
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 18154 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 1c6b4bdca1058721 ffff8801d1ac7828 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d1ac7868 ffffffff81d28d58
 ffffffff83ced1a0 1ffff1003a358f14 ffff8800b92c98c0 ffff8800b92c8b40
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff830dc180>] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278
 [<ffffffff830e5c6e>] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485
 [<ffffffff830ffed1>] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531
 [<ffffffff830d20cc>] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134
 [<ffffffff8319024c>] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d94e47>] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665
 [<ffffffff82d97179>] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
binder: release 18100:18102 transaction 192 out, still active
binder: send failed reply for transaction 192, target dead
binder: 18201:18205 got transaction with invalid offset (0, min 24 max 48) or object.
binder: 18201:18224 transaction failed 29201/-28, size 0-32 line 3131
binder: 18201:18205 transaction failed 29201/-22, size 48-48 line 3194
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket
binder_alloc: binder_alloc_mmap_handler: 18201 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket
binder: 18201:18205 ioctl 40046207 0 returned -16
binder_alloc: 18201: binder_alloc_buf, no vma
binder: 18201:18241 transaction failed 29189/-3, size 48-48 line 3131
binder_alloc: 18201: binder_alloc_buf, no vma
binder: 18201:18241 transaction failed 29189/-3, size 0-32 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
binder: 18276:18277 ioctl c0306201 2000e000 returned -14
binder: 18276:18280 ioctl c0306201 2000e000 returned -14
binder: BINDER_SET_CONTEXT_MGR already set
binder: 18276:18277 ioctl 40046207 0 returned -16
audit: type=1326 audit(1513040518.806:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18283 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0
audit: type=1326 audit(1513040518.866:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18283 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0
binder: 18377:18380 got transaction to invalid handle
binder: 18377:18380 transaction failed 29201/-22, size 72-16 line 3008
binder: BINDER_SET_CONTEXT_MGR already set
binder_alloc: binder_alloc_mmap_handler: 18377 20000000-20002000 already mapped failed -16
binder: 18377:18396 ioctl 40046207 0 returned -16
binder: 18377:18415 got transaction to invalid handle
binder: 18377:18415 transaction failed 29201/-22, size 72-16 line 3008
binder: undelivered TRANSACTION_ERROR: 29201
binder: undelivered TRANSACTION_ERROR: 29201
binder: 18464:18470 got transaction with invalid parent offset or type
binder: 18464:18470 transaction failed 29201/-22, size 72-16 line 3254
binder: BINDER_SET_CONTEXT_MGR already set
binder: 18464:18470 ioctl 40046207 0 returned -16
binder_alloc: 18464: binder_alloc_buf, no vma
binder: 18464:18470 transaction failed 29189/-3, size 72-16 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies.  Check SNMP counters.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket
netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket
netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket
loop: Write error at byte offset 0, length 512.
blk_update_request: I/O error, dev loop6, sector 0
Buffer I/O error on dev loop6, logical block 0, lost async page write
binder: 18913:18914 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4
binder: 18913:18914 DecRefs 0 refcount change on invalid ref 3 ret -22
binder: 18913:18914 got reply transaction with bad transaction stack, transaction 218 has target 18913:0
binder: 18913:18922 BC_DEAD_BINDER_DONE 0000000000000002 not found
binder: 18913:18914 transaction failed 29201/-71, size 48-56 line 2939
netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'.
binder_alloc: binder_alloc_mmap_handler: 18913 20000000-20002000 already mapped failed -16
netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'.
loop: Write error at byte offset 0, length 512.
blk_update_request: I/O error, dev loop6, sector 0
Buffer I/O error on dev loop6, logical block 0, lost async page write
binder: BINDER_SET_CONTEXT_MGR already set
binder: 18913:18914 ioctl 40046207 0 returned -16
binder: 18913:18922 unknown command 0
binder: 18913:18922 ioctl c0306201 201f2fd0 returned -22
binder_alloc: 18913: binder_alloc_buf, no vma
binder: 18913:18925 IncRefs 0 refcount change on invalid ref 2 ret -22
binder: 18913:18925 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4
binder: 18913:18925 DecRefs 0 refcount change on invalid ref 3 ret -22
binder: 18913:18925 got reply transaction with no transaction stack
binder: 18913:18925 transaction failed 29201/-71, size 48-56 line 2924
binder: 18913:18925 BC_DEAD_BINDER_DONE 0000000000000002 not found
binder: 18913:18925 BC_FREE_BUFFER u0000000000000000 no match
binder: 18913:18925 got transaction to invalid handle
binder: 18913:18925 transaction failed 29201/-22, size 0-32 line 3008
binder: 18913:18914 transaction failed 29189/-3, size 80-16 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 18913:18914 transaction 218 out, still active
binder: send failed reply for transaction 218, target dead
netlink: 56 bytes leftover after parsing attributes in process `syz-executor1'.
binder_alloc: 19073: binder_alloc_buf, no vma
binder: 19073:19075 transaction failed 29189/-3, size 80-16 line 3131
binder: 19073:19075 BC_DEAD_BINDER_DONE 0000000000000002 not found
binder: 19073:19075 BC_FREE_BUFFER u0000000000000000 no match
binder: 19073:19075 got transaction to invalid handle
binder: 19073:19075 transaction failed 29201/-22, size 0-32 line 3008
binder: BINDER_SET_CONTEXT_MGR already set
binder: 19073:19075 ioctl 40046207 0 returned -16
binder_alloc: 19073: binder_alloc_buf, no vma
binder: 19073:19097 transaction failed 29189/-3, size 80-16 line 3131
binder: 19073:19127 IncRefs 0 refcount change on invalid ref 2 ret -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket
binder: 19073:19127 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4
binder: 19073:19127 DecRefs 0 refcount change on invalid ref 3 ret -22
binder: 19073:19127 got reply transaction with no transaction stack
binder: 19073:19127 transaction failed 29201/-71, size 48-56 line 2924
binder: 19073:19075 BC_DEAD_BINDER_DONE 0000000000000002 not found
binder: 19073:19075 BC_FREE_BUFFER u0000000000000000 no match
binder: 19073:19075 got transaction to invalid handle
binder: 19073:19075 transaction failed 29201/-22, size 0-32 line 3008
binder: undelivered TRANSACTION_ERROR: 29189
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket
netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket
sg_write: data in/out 901092476/192 bytes for SCSI command 0x1b-- guessing data in;
   program syz-executor0 not setting count and/or reply_len properly
binder: 19517:19519 got transaction with invalid parent offset or type
binder: 19517:19519 transaction failed 29201/-22, size 72-16 line 3254
netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'.
binder: BINDER_SET_CONTEXT_MGR already set
netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'.
binder_alloc: binder_alloc_mmap_handler: 19517 20000000-20002000 already mapped failed -16
binder: 19517:19541 ioctl 40046207 0 returned -16
binder: undelivered TRANSACTION_ERROR: 29201
netlink: 56 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 56 bytes leftover after parsing attributes in process `syz-executor7'.
loop: Write error at byte offset 0, length 512.
blk_update_request: I/O error, dev loop6, sector 0
Buffer I/O error on dev loop6, logical block 0, lost async page write
loop: Write error at byte offset 0, length 512.
blk_update_request: I/O error, dev loop6, sector 0
Buffer I/O error on dev loop6, logical block 0, lost async page write
netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'.
blk_update_request: I/O error, dev loop6, sector 0
blk_update_request: I/O error, dev loop6, sector 0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket
binder: 20181:20183 ioctl 85 20416000 returned -22
binder: 20181:20183 unknown command 0
binder: 20181:20183 ioctl c0306201 20000fd0 returned -22
binder: 20181:20194 ioctl 85 20416000 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 20181:20194 ioctl 40046207 0 returned -16
binder: 20181:20183 unknown command 0
binder: 20181:20183 ioctl c0306201 20000fd0 returned -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=94 sclass=netlink_route_socket