netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'.
IPv6: Can't replace route, no match found

=====================================
[ BUG: bad unlock balance detected! ]
4.9.67-gf26d3c7 #106 Not tainted
-------------------------------------
syz-executor1/777 is trying to release lock (mrt_lock[  190.703534] netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'.
IPv6: Can't replace route, no match found
) at:
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor1/777:
 #0:  (&p->lock){+.+.+.}, at: [<ffffffff815e4cdd>] seq_read+0xdd/0x1290 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 777 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cc3578e8 ffffffff81d906e9 ffffffff849ae8f8 ffff8801a7f63000
 ffffffff834dec54 ffffffff849ae8f8 ffff8801a7f63888 ffff8801cc357918
 ffffffff812353f4 dffffc0000000000 ffffffff849ae8f8 00000000ffffffff
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff812353f4>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398
 [<ffffffff8123dec8>] __lock_release kernel/locking/lockdep.c:3540 [inline]
 [<ffffffff8123dec8>] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775
 [<ffffffff838a951a>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff838a951a>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff834dec54>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff815e5683>] seq_read+0xa83/0x1290 fs/seq_file.c:283
 [<ffffffff816be32f>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff81568cb1>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156cb20>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156cb20>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156cdd4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156cef6>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815703e7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815703e7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
binder: BINDER_SET_CONTEXT_MGR already set
binder: 765:783 ioctl 40046207 0 returned -16
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
device gre0 entered promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 957 Comm: syz-executor5 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c88df9a0 ffffffff81d906e9 ffff8801c88dfc80 0000000000000000
 ffff8801d8562b90 ffff8801c88dfb70 ffff8801d8562a80 ffff8801c88dfb98
 ffffffff8165e307 0000000000000282 ffff8801c88dfaf0 00000001c6ff9067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff8116816c>] SYSC_sigaltstack kernel/signal.c:3170 [inline]
 [<ffffffff8116816c>] SyS_sigaltstack+0x6c/0x90 kernel/signal.c:3168
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 1025 Comm: syz-executor5 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c883f9a0 ffffffff81d906e9 ffff8801c883fc80 0000000000000000
 ffff8801d8562e90 ffff8801c883fb70 ffff8801d8562d80 ffff8801c883fb98
 ffffffff8165e307 0000000000000282 ffff8801c883faf0 00000001a923d067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff8116816c>] SYSC_sigaltstack kernel/signal.c:3170 [inline]
 [<ffffffff8116816c>] SyS_sigaltstack+0x6c/0x90 kernel/signal.c:3168
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
device gre0 entered promiscuous mode
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
sg_write: data in/out 327644/32 bytes for SCSI command 0x4-- guessing data in;
   program syz-executor7 not setting count and/or reply_len properly
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
binder: BINDER_SET_CONTEXT_MGR already set
binder: 1180:1186 ioctl 40046207 0 returned -16
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 1171 Comm: syz-executor5 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c9ea76c0 ffffffff81d906e9 ffff8801c9ea79a0 0000000000000000
 ffff8801d8563190 ffff8801c9ea7890 ffff8801d8563080 ffff8801c9ea78b8
 ffffffff8165e307 0000000000000000 ffff8801c9ea7810 00000001a36e6067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff814ffc5f>] process_vm_rw+0x1bf/0x210 mm/process_vm_access.c:280
 [<ffffffff814fff67>] SYSC_process_vm_writev mm/process_vm_access.c:307 [inline]
 [<ffffffff814fff67>] SyS_process_vm_writev+0x47/0x60 mm/process_vm_access.c:302
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 1157 Comm: syz-executor5 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cdab76b0 ffffffff81d906e9 ffff8801cdab7990 0000000000000000
 ffff8801d8563190 ffff8801cdab7880 ffff8801d8563080 ffff8801cdab78a8
 ffffffff8165e307 ffff8801cd608280 ffff8801cdab7800 00000001a36e6067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff832e0e57>] inet_ioctl+0x117/0x1c0 net/ipv4/af_inet.c:908
 [<ffffffff82ec8ef5>] sock_do_ioctl+0x65/0xb0 net/socket.c:892
 [<ffffffff82ec9940>] sock_ioctl+0x2e0/0x3d0 net/socket.c:978
 [<ffffffff815aa59a>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff815aa59a>] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
 [<ffffffff815ab5bf>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<ffffffff815ab5bf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
binder: 1180:1193 ioctl 40046205 101 returned -22
binder: BC_ATTEMPT_ACQUIRE not supported
binder: 1180:1193 ioctl c0306201 20002fd0 returned -22
binder: 1180:1193 ioctl 8903 20001000 returned -22
device gre0 entered promiscuous mode
binder: BINDER_SET_CONTEXT_MGR already set
binder: 1180:1206 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 1180:1193 ioctl 40046207 0 returned -16
binder: 1180:1206 ioctl 40046205 101 returned -22
binder: BC_ATTEMPT_ACQUIRE not supported
binder: 1180:1193 ioctl c0306201 20002fd0 returned -22
binder: 1180:1193 ioctl 8903 20001000 returned -22
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 1302 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a545f670 ffffffff81d906e9 ffff8801a545f950 0000000000000000
 ffff8801cb98e890 ffff8801a545f840 ffff8801cb98e780 ffff8801a545f868
 ffffffff8165e307 ffff8801db2214a0 ffff8801a545f7c0 00000001d5a8b067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815afe9e>] do_pselect fs/select.c:688 [inline]
 [<ffffffff815afe9e>] SYSC_pselect6 fs/select.c:729 [inline]
 [<ffffffff815afe9e>] SyS_pselect6+0x2ae/0x550 fs/select.c:714
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 1349 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801aa007850 ffffffff81d906e9 ffff8801aa007b30 0000000000000000
 ffff8801cb98ff10 ffff8801aa007a20 ffff8801cb98fe00 ffff8801aa007a48
 ffffffff8165e307 ffff8801aa0078b8 ffff8801aa0079a0 00000001c76e4067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815a814c>] do_fcntl fs/fcntl.c:284 [inline]
 [<ffffffff815a814c>] SYSC_fcntl fs/fcntl.c:372 [inline]
 [<ffffffff815a814c>] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
binder_alloc: 1406: binder_alloc_buf size 536907960 failed, no address space
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 1367 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a4c97850 ffffffff81d906e9 ffff8801a4c97b30 0000000000000000
 ffff8801d8563a90 ffff8801a4c97a20 ffff8801d8563980 ffff8801a4c97a48
 ffffffff8165e307 ffff8801a4c978b8 ffff8801a4c979a0 00000001a54b7067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815a814c>] do_fcntl fs/fcntl.c:284 [inline]
 [<ffffffff815a814c>] SYSC_fcntl fs/fcntl.c:372 [inline]
 [<ffffffff815a814c>] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
device gre0 entered promiscuous mode
binder: BINDER_SET_CONTEXT_MGR already set
binder: 1406:1424 ioctl 40046207 0 returned -16
binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
binder: 1406:1407 transaction failed 29201/-28, size 204-536907572 line 3130
binder_alloc: 1406: binder_alloc_buf, no vma
binder: 1406:1424 transaction failed 29189/-3, size 204-536907572 line 3130
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63367 sclass=netlink_route_socket pig=1548 comm=syz-executor6
netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 1558:1560 ioctl c018620b 20009fe8 returned -14
binder: 1558:1560 ERROR: BC_REGISTER_LOOPER called without request
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63367 sclass=netlink_route_socket pig=1563 comm=syz-executor6
binder: 1567:1568 ioctl 40046205 6 returned -22
binder: 1567:1568 ioctl 40046205 0 returned -22
binder: 1567:1570 ioctl 40046205 6 returned -22
binder: 1567:1570 ioctl 40046205 0 returned -22
binder_alloc: binder_alloc_mmap_handler: 1567 20000000-20002000 already mapped failed -16
binder: 1558:1560 ERROR: BC_REGISTER_LOOPER called without request
binder: 1558:1560 DecRefs 0 refcount change on invalid ref 3 ret -22
binder: 1558:1560 DecRefs 0 refcount change on invalid ref 1 ret -22
binder: 1558:1574 ERROR: BC_REGISTER_LOOPER called without request
binder: 1558:1574 got reply transaction with no transaction stack
binder: 1558:1574 transaction failed 29201/-71, size 0-0 line 2923
device gre0 entered promiscuous mode
binder: release 1558:1560 transaction 484 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 484, target dead
binder: 1655:1659 ioctl 40046205 0 returned -22
binder: 1655:1659 ERROR: BC_REGISTER_LOOPER called without request
binder: 1659 RLIMIT_NICE not set
binder: 1655:1659 unknown command 1400526783
binder: 1655:1659 ioctl c0306201 20002fd0 returned -22
binder: 1655:1659 got transaction with invalid offset (1, min 0 max 0) or object.
binder: 1655:1659 transaction failed 29201/-22, size 0-8 line 3193
binder: send failed reply for transaction 486 to 1655:1694
binder: 1655:1659 ioctl c018620b 20000fe8 returned -14
binder: 1655:1659 ioctl c0306201 20005fd0 returned -14
binder: 1655:1659 ioctl c018620b 20000000 returned -14
binder: 1655:1659 BC_FREE_BUFFER uffffffffffffffff no match
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: 1655:1659 ioctl 40046205 6 returned -22
binder: 1655:1659 ioctl 40046205 0 returned -22
binder: 1655:1659 ERROR: BC_REGISTER_LOOPER called without request
binder: 1655:1739 unknown command 0
binder: 1655:1739 ioctl c0306201 20002fd0 returned -22
binder: 1655:1694 got reply transaction with bad transaction stack, transaction 489 has target 1655:0
binder: 1655:1694 transaction failed 29201/-71, size 0-8 line 2938
binder: 1655:1755 ioctl c018620b 20000fe8 returned -14
binder: 1655:1739 ioctl c018620b 20000000 returned -14
binder: 1655:1739 BC_FREE_BUFFER uffffffffffffffff no match
binder: send failed reply for transaction 489 to 1655:1694
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pig=1773 comm=syz-executor1
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pig=1773 comm=syz-executor1
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 1780 Comm: syz-executor6 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cd88f8b0 ffffffff81d906e9 ffff8801cd88fb90 0000000000000000
 ffff8801d8563f10 ffff8801cd88fa80 ffff8801d8563e00 ffff8801cd88faa8
 ffffffff8165e307 ffffffff838981d3 ffff8801cd88fa00 00000001a74d7067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 1772 Comm: syz-executor6 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a37a7850 ffffffff81d906e9 ffff8801a37a7b30 0000000000000000
 ffff8801d8563f10 ffff8801a37a7a20 ffff8801d8563e00 ffff8801a37a7a48
 ffffffff8165e307 ffffffff838a9178 ffff8801a37a79a0 00000001a74d7067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'.
binder: 1883:1887 ERROR: BC_REGISTER_LOOPER called without request
binder: 1883:1887 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 1883:1887 got transaction with invalid offset (0, min 48 max 48) or object.
binder: 1883:1887 transaction failed 29201/-22, size 48-16 line 3193
binder: send failed reply for transaction 492 to 1883:1899
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: 1883:1899 ERROR: BC_REGISTER_LOOPER called without request
binder: 1883:1887 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 1883:1887 got reply transaction with no transaction stack
binder: 1883:1887 transaction failed 29201/-71, size 48-16 line 2923
binder: release 1883:1887 transaction 497 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 497, target dead
CPU: 0 PID: 1796 Comm: syz-executor6 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a79df8b0 ffffffff81d906e9 ffff8801a79dfb90 0000000000000000
 ffff8801d8563f10 ffff8801a79dfa80 ffff8801d8563e00 ffff8801a79dfaa8
 ffffffff8165e307 0000000000000000 ffff8801a79dfa00 00000001a74d7067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
binder: 1988:1989 BC_DEAD_BINDER_DONE fffffffffffffffd not found
binder: 1988:1989 BC_ACQUIRE_DONE uffffffffffffffff no match
binder: 1988:1989 ioctl c0306201 2000f000 returned -11
binder: 1988:1989 got transaction with unaligned buffers size, 58534
binder: 1988:1989 transaction failed 29201/-22, size 72-40 line 3175
binder: 1988:1989 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: 1988:1989 BC_DEAD_BINDER_DONE fffffffffffffffd not found
binder: 1988:1989 BC_ACQUIRE_DONE uffffffffffffffff no match
binder: 1988:1989 ioctl c0306201 2000f000 returned -11
binder: 1988:1989 got transaction with unaligned buffers size, 58534
binder: 1988:1989 transaction failed 29201/-22, size 72-40 line 3175
binder: 2029:2034 ioctl 40106410 20926ff0 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 2029:2039 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 2029:2034 ioctl 40046207 0 returned -16
binder: 2029:2039 ioctl 40106410 20926ff0 returned -22
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
ALSA: seq fatal error: cannot create timer (-19)
ALSA: seq fatal error: cannot create timer (-19)
binder: 2185:2186 ioctl 85 20416000 returned -22
binder: 2185:2186 ioctl c018620b 20236fe8 returned -14
binder: 2185:2186 unknown command 0
binder: 2185:2186 ioctl c0306201 20000fd0 returned -22
binder: 2185:2208 ioctl 85 20416000 returned -22
binder: 2185:2186 ioctl c018620b 20236fe8 returned -14
IPVS: Creating netns size=2536 id=50
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
device gre0 entered promiscuous mode
netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'.
device gre0 entered promiscuous mode
netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
tc_dump_action: action bad kind
device lo left promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=2362 comm=syz-executor6
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=2390 comm=syz-executor3
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
device lo entered promiscuous mode
binder: 2449:2455 ioctl 2403 ffff returned -22
binder: 2449:2455 ioctl 8004e500 20005000 returned -22
device lo entered promiscuous mode
binder: undelivered death notification, 0000000000000000
IPVS: Creating netns size=2536 id=51
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=2473 comm=syz-executor0
binder: 2449:2464 ioctl 2403 ffff returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 2449:2488 ioctl 40046207 0 returned -16
binder: 2449:2464 ioctl 8004e500 20005000 returned -22
binder: 2449:2488 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
IPVS: Creating netns size=2536 id=52
device gre0 entered promiscuous mode
binder: 2656:2658 parent offset not aligned correctly.
binder: 2656:2658 transaction failed 29201/-22, size 72-32 line 3272
binder: BINDER_SET_CONTEXT_MGR already set
binder: 2656:2658 ioctl 40046207 0 returned -16
binder_alloc: 2656: binder_alloc_buf, no vma
binder: 2656:2665 transaction failed 29189/-3, size 72-32 line 3130
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 2747 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d871f670 ffffffff81d906e9 ffff8801d871f950 0000000000000000
 ffff8801cb98f010 ffff8801d871f840 ffff8801cb98ef00 ffff8801d871f868
 ffffffff8165e307[  200.088779] cgroup: cgroup2: unknown option ""
 ffff8801cc24ca80 ffff8801d871f7c0 00000001c96ce067
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
cgroup: cgroup2: unknown option ""
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815afe9e>] do_pselect fs/select.c:688 [inline]
 [<ffffffff815afe9e>] SYSC_pselect6 fs/select.c:729 [inline]
 [<ffffffff815afe9e>] SyS_pselect6+0x2ae/0x550 fs/select.c:714
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
PF_BRIDGE: RTM_SETLINK with unknown ifindex
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 2753 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cb077670 ffffffff81d906e9 ffff8801cb077950 0000000000000000
 ffff8801d8563190 ffff8801cb077840[  200.420040] PF_BRIDGE: RTM_SETLINK with unknown ifindex
 ffff8801d8563080 ffff8801cb077868
 ffffffff8165e307 ffff8801db2214a0 ffff8801cb0777c0 00000001c96ce067
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e307>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
 [<ffffffff814cd5f1>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd5f1>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd5f1>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd5f1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838aab58>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815afe9e>] do_pselect fs/select.c:688 [inline]
 [<ffffffff815afe9e>] SYSC_pselect6 fs/select.c:729 [inline]
 [<ffffffff815afe9e>] SyS_pselect6+0x2ae/0x550 fs/select.c:714
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 0 PID: 2828 Comm: syz-executor5 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011