check_preemption_disabled: 6 callbacks suppressed BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/6943 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6943 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c39876d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801a51ac800 0000000000000003 ffff8801c3987718 ffffffff81df7854 ffff8801c3987730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075548.604:45): avc: denied { read } for pid=6935 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/6943 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6943 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c39876d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801a51ac800 0000000000000003 ffff8801c3987718 ffffffff81df7854 ffff8801c3987730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 6984:6996 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 6984:6996 BC_INCREFS_DONE u000000002011a000 no match device lo entered promiscuous mode binder: 6984:6996 got transaction with invalid parent offset or type binder: 6984:7004 got transaction to invalid handle binder: 6984:7004 transaction failed 29201/-22, size 0-40 line 3007 binder: 6984:6996 transaction failed 29201/-22, size 32-24 line 3253 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: binder_alloc_mmap_handler: 6984 2011a000-2051a000 already mapped failed -16 binder: 6984:7004 ioctl 40046207 0 returned -16 binder: 6984:6996 ioctl c0306201 2000f000 returned -14 binder: 6984:7004 got transaction to invalid handle binder: 6984:7004 transaction failed 29201/-22, size 0-40 line 3007 binder: undelivered TRANSACTION_ERROR: 29201 device gre0 entered promiscuous mode audit: type=1400 audit(1513075549.714:46): avc: denied { net_bind_service } for pid=7093 comm="syz-executor3" capability=10 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device gre0 entered promiscuous mode nla_parse: 13 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63367 sclass=netlink_route_socket pig=7140 comm=syz-executor1 binder: 7151:7153 got new transaction with bad transaction stack, transaction 47 has target 7151:0 binder: 7151:7153 transaction failed 29201/-71, size 0-0 line 3034 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63367 sclass=netlink_route_socket pig=7158 comm=syz-executor1 binder: release 7151:7153 transaction 47 out, still active netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. binder: send failed reply for transaction 47, target dead binder: 7151:7153 got new transaction with bad transaction stack, transaction 50 has target 7151:0 binder: 7151:7153 transaction failed 29201/-71, size 0-0 line 3034 binder: release 7151:7153 transaction 50 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 50, target dead device gre0 entered promiscuous mode device gre0 entered promiscuous mode