SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=16299 comm=syz-executor6 check_preemption_disabled: 5 callbacks suppressed BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/16296 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 16296 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8b076d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801d0cec800 0000000000000003 ffff8801c8b07718 ffffffff81df7854 ffff8801c8b07730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 tc_dump_action: action bad kind tc_dump_action: action bad kind FAULT_FLAG_ALLOW_RETRY missing 30 binder: 16361:16363 ioctl 40046205 8 returned -22 CPU: 0 PID: 16350 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a72cf840 ffffffff81d90889 ffff8801a72cfb20 0000000000000000 ffff8801a45cb790 ffff8801a72cfa10 ffff8801a45cb680 ffff8801a72cfa38 ffffffff8165e497 000000000000724c ffff8801c3695118 ffff8801c36950a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 binder: binder_mmap: 16361 20476000-20479000 bad vm_flags failed -1 binder: 16361:16375 got reply transaction with no transaction stack binder: 16361:16375 transaction failed 29201/-71, size 0-56 line 2923 binder: 16361:16375 ioctl 40046205 8 returned -22 binder_alloc: binder_alloc_mmap_handler: 16361 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 16361:16386 ioctl 40046207 0 returned -16 binder_alloc: 16361: binder_alloc_buf, no vma binder: 16361:16375 transaction failed 29189/-3, size 80-16 line 3130 binder: binder_mmap: 16361 20476000-20479000 bad vm_flags failed -1 binder: 16361:16386 got reply transaction with no transaction stack binder: 16361:16386 transaction failed 29201/-71, size 0-56 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 177 to 16361:16375 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_fsetxattr fs/xattr.c:504 [inline] [] SyS_fsetxattr+0x130/0x190 fs/xattr.c:493 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 device lo entered promiscuous mode binder: 16457:16461 ioctl 40106410 20926ff0 returned -22 binder: 16457:16461 tried to acquire reference to desc 0, got 1 instead binder: BINDER_SET_CONTEXT_MGR already set binder: 16457:16477 ioctl 40046207 0 returned -16 binder: 16457:16477 tried to acquire reference to desc 0, got 1 instead binder: 16457:16477 BC_REQUEST_DEATH_NOTIFICATION death notification already set binder: BINDER_SET_CONTEXT_MGR already set binder: 16457:16461 ioctl 40046207 0 returned -16 binder: 16457:16477 ioctl 40106410 20926ff0 returned -22 device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=16612 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=16612 comm=syz-executor3 device eql entered promiscuous mode skbuff: bad partial csum: csum=65534/0 len=32 binder: BINDER_SET_CONTEXT_MGR already set binder: 16737:16745 ioctl 40046207 0 returned -16 binder: 16755:16757 ioctl 40046205 6 returned -22 binder: 16755:16757 ioctl 40046205 0 returned -22 binder: 16755:16757 ERROR: BC_REGISTER_LOOPER called without request binder: 16755:16765 got transaction to invalid handle binder: 16755:16765 transaction failed 29201/-22, size 0-8 line 3007 binder: 16755:16765 got reply transaction with bad transaction stack, transaction 190 has target 16755:0 binder: 16755:16765 transaction failed 29201/-71, size 24-8 line 2938 binder: 16755:16765 BC_FREE_BUFFER u0000000000000000 no match binder: 16755:16765 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 16755:16765 got transaction to invalid handle binder: 16755:16765 transaction failed 29201/-22, size 72-8 line 3007 binder: release 16755:16765 transaction 190 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: 16755:16772 ioctl 40046205 6 returned -22 binder: 16755:16772 ioctl 40046205 0 returned -22 binder_alloc: binder_alloc_mmap_handler: 16755 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 16755:16772 ioctl 40046207 0 returned -16 binder: 16755:16757 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 16755: binder_alloc_buf, no vma binder: 16755:16772 transaction failed 29189/-3, size 0-0 line 3130 binder: 16755:16757 got transaction to invalid handle binder: 16755:16757 transaction failed 29201/-22, size 0-8 line 3007 binder: 16755:16757 got reply transaction with no transaction stack binder: 16755:16757 transaction failed 29201/-71, size 24-8 line 2923 binder: 16808:16814 ioctl 40286608 5 returned -22 binder: 16808:16814 ioctl 40046205 3 returned -22 binder: 16808:16814 ioctl 40046205 3 returned -22 binder: 16808:16814 ERROR: BC_REGISTER_LOOPER called without request binder: 16808:16814 ioctl 40046205 1000 returned -22 binder: 16808:16814 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 16808:16825 ioctl 40286608 5 returned -22 binder: 16808:16841 ioctl 40046205 3 returned -22 binder: 16808:16841 ioctl 40046205 3 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 16808:16841 ioctl 40046207 0 returned -16 binder: 16808:16825 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 16808: binder_alloc_buf, no vma binder: 16808:16841 transaction failed 29189/-3, size 0-0 line 3130 binder: 16808:16841 ioctl 40046205 1000 returned -22 binder: 16808:16857 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 16808:16857 BC_INCREFS_DONE u0000000000000000 no match binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 190, target dead binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 200, process died. device syz5 entered promiscuous mode binder: 16952:16954 ERROR: BC_REGISTER_LOOPER called without request binder: 16952:16954 transaction failed 29189/-22, size 0-0 line 3007 binder: 16952:16954 BC_ACQUIRE_DONE node 205 has no pending acquire request binder: 16952:16954 got reply transaction with no transaction stack binder: 16952:16954 transaction failed 29201/-71, size 48-40 line 2923 sg_write: data in/out 327644/9765 bytes for SCSI command 0x0-- guessing data in; program syz-executor3 not setting count and/or reply_len properly binder: 16952:16954 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 16952: binder_alloc_buf, no vma binder: 16952:16975 transaction failed 29189/-3, size 0-0 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 16952:16975 ioctl 40046207 0 returned -16 binder: 16952:16954 BC_ACQUIRE_DONE u0000000000000000 no match binder: 16952:16954 got reply transaction with no transaction stack binder: 16952:16954 transaction failed 29201/-71, size 48-40 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: 17024:17027 BC_ACQUIRE_DONE node 211 has no pending acquire request device lo left promiscuous mode binder_alloc: binder_alloc_mmap_handler: 17024 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 17024:17027 ioctl 40046207 0 returned -16 binder_alloc: 17024: binder_alloc_buf, no vma binder: 17024:17038 transaction failed 29189/-3, size 80-16 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 17024:17027 transaction 212 out, still active binder: unexpected work type, 4, not freed binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 212, target dead device lo entered promiscuous mode device lo left promiscuous mode audit: type=1400 audit(1513074924.326:62): avc: denied { ioctl } for pid=17120 comm="syz-executor6" path="socket:[37502]" dev="sockfs" ino=37502 ioctlcmd=0x8903 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 nla_parse: 14 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. binder: 17242 invalid dec weak, ref 219 desc 0 s 1 w 0 binder: 17242:17245 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000000 != fffffffffffffffe binder: 17242:17245 got reply transaction with no transaction stack binder: 17242:17245 transaction failed 29201/-71, size 0-48 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 17242:17259 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 17242:17245 ioctl 40046207 0 returned -16 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=46 sclass=netlink_xfrm_socket pig=17272 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=46 sclass=netlink_xfrm_socket pig=17291 comm=syz-executor6 loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) loop_reread_partitions: partition scan of loop0 () failed (rc=-13) netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode device lo left promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode device lo left promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready blk_update_request: 11 callbacks suppressed blk_update_request: I/O error, dev loop0, sector 0 blk_update_request: I/O error, dev loop0, sector 255 keychord: Insufficient bytes present for keycount 250 sg_write: data in/out 327644/32 bytes for SCSI command 0x4-- guessing data in; program syz-executor0 not setting count and/or reply_len properly binder: 17736:17737 BC_FREE_BUFFER u0000000000000000 no match binder: 17736:17737 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 17736:17737 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 17736:17737 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 17736:17748 DecRefs 0 refcount change on invalid ref 2 ret -22 binder: 17736:17748 BC_REQUEST_DEATH_NOTIFICATION death notification already set binder: 17736:17737 got reply transaction with no transaction stack binder: 17736:17737 transaction failed 29201/-71, size 72-40 line 2923 binder: 17736:17737 ioctl c0306201 20010000 returned -14 binder: 17736 invalid dec weak, ref 223 desc 0 s 1 w 0 binder: 17736:17737 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER binder: 17736:17737 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 17736:17778 tried to acquire reference to desc 0, got 1 instead binder: 17736:17778 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 17736:17748 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 17736:17748 BC_FREE_BUFFER u0000000000000000 no match binder: 17736:17748 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 17736:17748 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 17736:17748 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 17736:17748 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 17736:17748 got reply transaction with no transaction stack binder: 17736:17748 transaction failed 29201/-71, size 72-40 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 17780:17782 ioctl 40046207 0 returned -16 binder: 17736:17778 DecRefs 0 refcount change on invalid ref 2 ret -22 binder: 17736:17778 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 17736:17737 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000003 != fffffffffffffffe binder: 17736:17737 got reply transaction with no transaction stack binder: 17736:17737 transaction failed 29201/-71, size 0-48 line 2923 binder: undelivered death notification, 0000000000000000 sock: process `syz-executor5' is using obsolete setsockopt SO_BSDCOMPAT FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 17959 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd077840 ffffffff81d90889 ffff8801cd077b20 0000000000000000 ffff8801a582b610 ffff8801cd077a10 ffff8801a582b500 ffff8801cd077a38 ffffffff8165e497 000000000000724c ffff8801a4568918 ffff8801a45688a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_fsetxattr fs/xattr.c:504 [inline] [] SyS_fsetxattr+0x130/0x190 fs/xattr.c:493 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 17950 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1897740 ffffffff81d90889 ffff8801d1897a20 0000000000000000 ffff8801a582b610 ffff8801d1897910 ffff8801a582b500 ffff8801d1897938 ffffffff8165e497 0000000000005e64 ffff8801c83b08f0 ffff8801c83b08a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:274 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x8fd/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 17925 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce607700 ffffffff81d90889 ffff8801ce6079e0 0000000000000000 ffff8801a582b610 ffff8801ce6078d0 ffff8801a582b500 ffff8801ce6078f8 ffffffff8165e497 0000000000005e64 ffff8801d62d88f0 ffff8801d62d88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] inet6_ioctl+0x111/0x1e0 net/ipv6/af_inet6.c:529 [] sock_do_ioctl+0x65/0xb0 net/socket.c:892 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 17914 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a40d7890 ffffffff81d90889 ffff8801a40d7b70 0000000000000000 ffff8801a582b610 ffff8801a40d7a60 ffff8801a582b500 ffff8801a40d7a88 ffffffff8165e497 0000000000005e64 ffff8801cd55e8f0 ffff8801cd55e8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] getname_flags+0x10e/0x580 fs/namei.c:148 [] getname+0x19/0x20 fs/namei.c:208 [] do_sys_open+0x21d/0x4c0 fs/open.c:1066 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode CPU: 1 PID: 17938 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8b97800 ffffffff81d90889 ffff8801c8b97ae0 0000000000000000 ffff8801a582b610 ffff8801c8b979d0 ffff8801a582b500 ffff8801c8b979f8 ffffffff8165e497 0000000000005e64 ffff8801d1c088f0 ffff8801d1c088a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] getname_flags+0x10e/0x580 fs/namei.c:148 [] user_path_at_empty+0x2d/0x50 fs/namei.c:2576 [] user_path_at include/linux/namei.h:55 [inline] [] do_utimes+0x20f/0x290 fs/utimes.c:155 [] SYSC_utimensat fs/utimes.c:186 [inline] [] SyS_utimensat+0xe5/0x160 fs/utimes.c:171 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode binder: 18091:18094 BC_FREE_BUFFER u0000000000000000 no match binder: 18091:18107 BC_FREE_BUFFER u0000000000000000 no match binder: 18122:18123 ioctl 400445a0 20006000 returned -22 binder: 18122:18136 ioctl 5423 20003000 returned -22 binder: 18122:18136 got transaction with invalid offsets ptr binder: 18122:18136 transaction failed 29201/-14, size 0-4095 line 3158 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 18122:18123 ioctl 40046207 0 returned -16 binder_alloc: 18122: binder_alloc_buf, no vma binder: 18122:18136 transaction failed 29189/-3, size 0-4095 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor6/18159 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 18159 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d569f6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801d61a1800 0000000000000003 ffff8801d569f718 ffffffff81df7854 ffff8801d569f730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 TCP: request_sock_TCPv6: Possible SYN flooding on port 20030. Sending cookies. Check SNMP counters. [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 device gre0 entered promiscuous mode [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor6/18196 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 18196 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cdb576d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801c68fc800 0000000000000003 ffff8801cdb57718 ffffffff81df7854 ffff8801cdb57730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode IPv6: Can't replace route, no match found sock: process `syz-executor7' is using obsolete setsockopt SO_BSDCOMPAT device gre0 entered promiscuous mode 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H nla_parse: 4 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H audit: type=1400 audit(1513074929.786:63): avc: denied { sys_ptrace } for pid=18341 comm="ps" capability=19 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1 device lo left promiscuous mode