BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/8473 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 8473 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a498f6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801a49fc800 0000000000000003 ffff8801a498f718 ffffffff81df7854 ffff8801a498f730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: undelivered transaction 78, process died. device gre0 entered promiscuous mode device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8586 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8586 comm=syz-executor6 blk_update_request: 7 callbacks suppressed blk_update_request: I/O error, dev loop7, sector 0 buffer_io_error: 7 callbacks suppressed Buffer I/O error on dev loop7, logical block 0, lost async page write 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H mmap: syz-executor2 (8897): VmData 18792448 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. binder: 8913:8920 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 8913:8925 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 8931:8933 ioctl 85 20416000 returned -22 binder: 8931:8933 IncRefs 0 refcount change on invalid ref 2 ret -22 binder: 8931:8933 Acquire 1 refcount change on invalid ref 4 ret -22 binder: 8931:8933 unknown command 0 binder: 8931:8933 ioctl c0306201 20000fd0 returned -22 binder: 8931:8944 ioctl 85 20416000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 8931:8944 ioctl 40046207 0 returned -16 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=8989 comm=syz-executor2 nla_parse: 18 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=8989 comm=syz-executor2 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. binder: 9025:9027 ioctl 8924 20002000 returned -22 device gre0 entered promiscuous mode binder: 9025:9045 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 9025: binder_alloc_buf size 55535628152424 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 9025:9027 transaction failed 29201/-28, size 68719476736-55466908675685 line 3130 netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. binder: 9025:9055 ioctl 8924 20002000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 9025:9027 ioctl 40046207 0 returned -16 binder: 9025:9055 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 9025: binder_alloc_buf, no vma binder: 9025:9027 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 sock: process `syz-executor5' is using obsolete setsockopt SO_BSDCOMPAT netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. IPVS: Creating netns size=2536 id=15 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9260 comm=syz-executor5 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. IPVS: Creating netns size=2536 id=16 IPVS: Creating netns size=2536 id=17 device gre0 entered promiscuous mode device gre0 left promiscuous mode binder: 9571:9580 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 9571:9580 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 9571:9580 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 device gre0 entered promiscuous mode binder: 9571:9593 BC_FREE_BUFFER u0000000000000000 no match binder: 9571:9593 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 9571:9593 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 9571:9593 ERROR: BC_REGISTER_LOOPER called without request binder: 9571:9593 got reply transaction with no transaction stack binder: 9571:9593 transaction failed 29201/-71, size 0-0 line 2923 binder: 9571:9593 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 9571:9593 ERROR: BC_REGISTER_LOOPER called without request binder: 9571:9597 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 9571:9597 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: 9571:9597 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 9571:9597 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 9571:9597 got reply transaction with no transaction stack binder: 9571:9597 transaction failed 29201/-71, size 0-48 line 2923 binder: 9571:9597 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 9571:9597 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 9571:9600 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 9571:9600 BC_FREE_BUFFER u0000000000000000 no match binder: 9571:9600 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 9571:9600 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 9571:9600 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 9571:9600 got reply transaction with no transaction stack binder: 9571:9600 transaction failed 29201/-71, size 0-0 line 2923 binder: 9571:9600 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 9571:9600 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode binder: BINDER_SET_CONTEXT_MGR already set binder: 9668:9673 ioctl 40046207 0 returned -16 audit: type=1400 audit(1513075876.225:46): avc: denied { attach_queue } for pid=9649 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tun_socket permissive=1 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9710 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9710 comm=syz-executor4 netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. audit: type=1400 audit(1513075876.965:47): avc: denied { net_bind_service } for pid=9913 comm="syz-executor0" capability=10 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 9pnet_virtio: no channels available for device H¨ 9pnet_virtio: no channels available for device H¨ binder: 9987:9991 ioctl c0306201 20000fd0 returned -14 binder: 10086:10100 got reply transaction with no transaction stack binder: 10086:10100 transaction failed 29201/-71, size 2-6181628549 line 2923 binder: 10086:10140 got reply transaction with no transaction stack binder: 10086:10140 transaction failed 29201/-71, size 2-6181628549 line 2923 updating oom_score_adj for 10163 (syz-executor6) from 0 to 58 because it shares mm with 10151 (syz-executor6). Report if this is unexpected. syz-executor5: vmalloc: allocation failure: 17177772032 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 10182 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c596f880 ffffffff81d90889 1ffff10038b2df13 ffff8801ca74c800 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801c596f990 ffffffff8144eb82 024000c200000003 0000000041b58ab3 ffffffff84191625 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:103294 inactive_anon:44 isolated_anon:0 active_file:3714 inactive_file:7319 isolated_file:0 unevictable:0 dirty:144 writeback:0 unstable:0 slab_reclaimable:6145 slab_unreclaimable:24494 mapped:22970 shmem:116 pagetables:862 bounce:0 free:1462169 free_pcp:323 free_cma:0 device lo entered promiscuous mode device lo left promiscuous mode syz-executor5: vmalloc: allocation failure: 17177772032 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 10198 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d01b7880 ffffffff81d90889 1ffff1003a036f13 ffff8801cd709800 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801d01b7990 ffffffff8144eb82 024000c200000003 0000000041b58ab3 ffffffff84191625 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:90417 inactive_anon:43 isolated_anon:0 active_file:3714 inactive_file:7319 isolated_file:0 unevictable:0 dirty:144 writeback:0 unstable:0 slab_reclaimable:6149 slab_unreclaimable:24730 mapped:22950 shmem:115 pagetables:792 bounce:0 free:1474724 free_pcp:401 free_cma:0 Node 0 active_anon:361668kB inactive_anon:172kB active_file:14856kB inactive_file:29276kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91800kB dirty:576kB writeback:0kB shmem:460kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 67584kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:0kB free_cma:0kB Normal free:2901840kB min:36816kB low:46020kB high:55224kB active_anon:361668kB inactive_anon:172kB active_file:14856kB inactive_file:29276kB unevictable:0kB writepending:576kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:24596kB slab_unreclaimable:98920kB kernel_stack:6432kB pagetables:3168kB bounce:0kB free_pcp:908kB local_pcp:472kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11147 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved sock: process `syz-executor0' is using obsolete setsockopt SO_BSDCOMPAT device lo entered promiscuous mode device lo left promiscuous mode Node 0 active_anon:361260kB inactive_anon:172kB active_file:14856kB inactive_file:29288kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91752kB dirty:588kB writeback:0kB shmem:460kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 26624kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2910 6411 6411 DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:696kB free_cma:0kB lowmem_reserve[]: 0 0 3501 3501 Normal free:2900024kB min:36816kB low:46020kB high:55224kB active_anon:361260kB inactive_anon:172kB active_file:14856kB inactive_file:29288kB unevictable:0kB writepending:588kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:24692kB slab_unreclaimable:102652kB kernel_stack:5568kB pagetables:3004kB bounce:0kB free_pcp:1116kB local_pcp:448kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB DMA32: 1*4kB (M) 3*8kB (M) 6*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981148kB Normal: 496*4kB (UME) 1045*8kB (UME) 647*16kB (UME) 309*32kB (UME) 1069*64kB (UME) 617*128kB (UME) 205*256kB (UME) 30*512kB (UME) 2*1024kB (U) 5*2048kB (ME) 645*4096kB (UM) = 2900024kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11150 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved device gre0 entered promiscuous mode nla_parse: 3 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/10373 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 10373 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cba176d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801d1dd8000 0000000000000003 ffff8801cba17718 ffffffff81df7854 ffff8801cba17730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/10373 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 10373 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 audit: type=1400 audit(1513075879.645:48): avc: denied { create } for pid=10404 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=key permissive=1 ffff8801cba176d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801d1dd8000 0000000000000003 ffff8801cba17718 ffffffff81df7854 ffff8801cba17730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 entered promiscuous mode blk_update_request: I/O error, dev loop7, sector 0 Buffer I/O error on dev loop7, logical block 0, lost async page write blk_update_request: I/O error, dev loop7, sector 8 Buffer I/O error on dev loop7, logical block 1, lost async page write blk_update_request: I/O error, dev loop7, sector 16 Buffer I/O error on dev loop7, logical block 2, lost async page write blk_update_request: I/O error, dev loop7, sector 24 Buffer I/O error on dev loop7, logical block 3, lost async page write blk_update_request: I/O error, dev loop7, sector 32 Buffer I/O error on dev loop7, logical block 4, lost async page write blk_update_request: I/O error, dev loop7, sector 40 Buffer I/O error on dev loop7, logical block 5, lost async page write blk_update_request: I/O error, dev loop7, sector 48 Buffer I/O error on dev loop7, logical block 6, lost async page write blk_update_request: I/O error, dev loop7, sector 56 Buffer I/O error on dev loop7, logical block 7, lost async page write blk_update_request: I/O error, dev loop7, sector 64 Buffer I/O error on dev loop7, logical block 8, lost async page write blk_update_request: I/O error, dev loop7, sector 72 Buffer I/O error on dev loop7, logical block 9, lost async page write netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. keychord: invalid keycode count 0 netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. keychord: invalid keycode count 0 netlink: 40 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 40 bytes leftover after parsing attributes in process `syz-executor4'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10734 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9a8f850 ffffffff81d90889 ffff8801d9a8fb30 0000000000000000 ffff8801a44fcd10 ffff8801d9a8fa20 ffff8801a44fcc00 ffff8801d9a8fa48 ffffffff8165e497 0000000000006e92 ffff8801d9a868f0 ffff8801d9a868a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51