BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor6/4840 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 4840 Comm: syz-executor6 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 60377ede1a74cfe3 ffff8801d37b7828 ffffffff81cc9b0f 0000000000000000 ffffffff839fd4a0 ffff8801d37b7868 ffffffff81d28d18 ffffffff83ced1a0 1ffff1003a6f6f14 ffff8800b8954480 ffff8800b8a54900 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor7/4903 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 4903 Comm: syz-executor7 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 4429aae27ec6ee7e ffff8801d56ef828 ffffffff81cc9b0f 0000000000000001 ffffffff839fd4a0 ffff8801d56ef868 ffffffff81d28d18 ffffffff83ced1a0 1ffff1003aaddf14 ffff8801d63a6000 ffff8801d63a7440 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 device gre0 entered promiscuous mode nla_parse: 14 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. binder: 5152:5156 got reply transaction with no transaction stack binder: 5152:5156 transaction failed 29201/-71, size 32-8 line 2924 audit: type=1400 audit(1512950116.391:11): avc: denied { set_context_mgr } for pid=5152 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket binder: 5152:5164 ioctl 404c534a 2000b000 returned -22 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor6/5182 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 5182 Comm: syz-executor6 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 a01654fcd4bc4c1d ffff8801d174f828 ffffffff81cc9b0f 0000000000000000 ffffffff839fd4a0 ffff8801d174f868 ffffffff81d28d18 ffffffff83ced1a0 1ffff1003a2e9f14 ffff8801d63a7680 ffff8801d63a66c0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 binder: 5152:5200 got reply transaction with no transaction stack binder: 5152:5200 transaction failed 29201/-71, size 24-16 line 2924 binder: undelivered TRANSACTION_ERROR: 29201 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: 5152:5194 got reply transaction with no transaction stack audit: type=1400 audit(1512950116.771:12): avc: denied { call } for pid=5152 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 5152: binder_alloc_buf, no vma binder: 5152:5164 transaction failed 29189/-3, size 0-0 line 3131 binder: BINDER_SET_CONTEXT_MGR already set binder: 5152:5194 transaction failed 29201/-71, size 32-8 line 2924 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor7/5201 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 5201 Comm: syz-executor7 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 94a114319d301c89 ffff8801d052f828 ffffffff81cc9b0f 0000000000000001 ffffffff839fd4a0 ffff8801d052f868 ffffffff81d28d18 ffffffff83ced1a0 1ffff1003a0a5f14 ffff8801d63a6fc0 ffff8801d63a6b40 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor7/5203 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 5203 Comm: syz-executor7 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 1df985029d5d629f ffff8801d0487828 ffffffff81cc9b0f 0000000000000001 ffffffff839fd4a0 ffff8801d0487868 ffffffff81d28d18 ffffffff83ced1a0 1ffff1003a090f14 ffff8801d63a6b40 ffff8801d63a6d80 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: 5152:5194 ioctl 404c534a 2000b000 returned -22 binder: 5152:5230 got reply transaction with no transaction stack binder: 5152:5230 transaction failed 29201/-71, size 24-16 line 2924 audit: type=1400 audit(1512950117.031:13): avc: denied { create } for pid=5239 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1512950117.171:14): avc: denied { getopt } for pid=5239 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 binder_alloc: 5152: binder_alloc_buf, no vma binder_alloc: 5152: binder_alloc_buf, no vma binder: 5152:5164 transaction failed 29189/-3, size 0-0 line 3131 binder: 5152:5156 ioctl 40046207 0 returned -16 binder: 5152:5194 transaction failed 29189/-3, size 0-0 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode binder: 5469:5477 got reply transaction with no transaction stack binder: 5469:5477 transaction failed 29201/-71, size 32-8 line 2924 binder: 5469:5477 ioctl 404c534a 2000b000 returned -22 binder: 5469:5477 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: release 5469:5477 transaction 12 out, still active binder: release 5469:5477 transaction 11 in, still active binder: undelivered TRANSACTION_COMPLETE binder: 5506:5507 got reply transaction with no transaction stack binder: 5506:5507 transaction failed 29201/-71, size 32-8 line 2924 binder: 5506:5507 ioctl 404c534a 2000b000 returned -22 binder: 5506:5507 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 5516:5518 got reply transaction with no transaction stack binder: 5469:5485 got reply transaction with bad transaction stack, transaction 11 has target 0:0 binder: 5469:5485 transaction failed 29201/-71, size 24-16 line 2939 binder: 5506:5511 got reply transaction with bad transaction stack, transaction 15 has target 5506:5507 binder: 5506:5511 transaction failed 29201/-71, size 24-16 line 2939 binder: release 5469:5485 transaction 11 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 12, target dead binder: send failed reply for transaction 11, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: 5506:5523 got reply transaction with no transaction stack binder: 5506:5523 transaction failed 29201/-71, size 32-8 line 2924 binder: BINDER_SET_CONTEXT_MGR already set binder: 5506:5511 ioctl 40046207 0 returned -16 binder: 5506:5523 ioctl 404c534a 2000b000 returned -22 binder: 5506:5511 BC_DEAD_BINDER_DONE 0000000000000002 not found binder_alloc: 5506: binder_alloc_buf, no vma binder: 5506:5523 transaction failed 29189/-3, size 0-0 line 3131 binder: 5469:5528 got reply transaction with no transaction stack binder: 5469:5528 transaction failed 29201/-71, size 32-8 line 2924 binder: BINDER_SET_CONTEXT_MGR already set binder: 5469:5485 ioctl 40046207 0 returned -16 binder: 5469:5528 ioctl 404c534a 2000b000 returned -22 binder: 5469:5485 BC_DEAD_BINDER_DONE 0000000000000002 not found binder_alloc: 5469: binder_alloc_buf, no vma binder: 5469:5528 transaction failed 29189/-3, size 0-0 line 3131 binder: 5506:5507 got reply transaction with no transaction stack binder: 5506:5507 transaction failed 29201/-71, size 24-16 line 2924 binder: 5516:5536 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5506:5507 transaction 16 out, still active binder: release 5506:5507 transaction 15 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 5506:5511 transaction 15 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 16, target dead binder: send failed reply for transaction 15, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: 5469:5477 got reply transaction with no transaction stack binder: 5469:5477 transaction failed 29201/-71, size 24-16 line 2924 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: 5516:5543 got reply transaction with bad transaction stack, transaction 27 has target 5516:5536 binder: 5516:5543 transaction failed 29201/-71, size 24-16 line 2939 binder: release 5516:5543 transaction 27 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 28 to 5516:5536 binder: undelivered TRANSACTION_ERROR: 29201 binder: 5516:5557 got reply transaction with no transaction stack binder: 5516:5557 transaction failed 29201/-71, size 32-8 line 2924 binder: BINDER_SET_CONTEXT_MGR already set binder: 5516:5543 ioctl 40046207 0 returned -16 binder: 5516:5557 BC_DEAD_BINDER_DONE 0000000000000002 not found binder_alloc: 5516: binder_alloc_buf, no vma binder: 5516:5536 transaction failed 29189/-3, size 0-0 line 3131 binder: 5516:5518 transaction failed 29201/-71, size 32-8 line 2924 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5516:5536 transaction 27 in, still active binder: send failed reply for transaction 27, target dead binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode binder: 5740:5741 got reply transaction with no transaction stack binder: 5740:5741 transaction failed 29201/-71, size 32-8 line 2924 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. audit: type=1400 audit(1512950119.221:15): avc: denied { connect } for pid=5745 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 5740:5771 got reply transaction with no transaction stack binder: 5740:5771 transaction failed 29201/-71, size 32-8 line 2924 binder: BINDER_SET_CONTEXT_MGR already set binder: 5740:5747 ioctl 40046207 0 returned -16 audit: type=1400 audit(1512950119.221:16): avc: denied { setopt } for pid=5745 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor6/5794 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 5794 Comm: syz-executor6 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 a16db84988b8205b ffff8801d56df828 ffffffff81cc9b0f 0000000000000000 ffffffff839fd4a0 ffff8801d56df868[ 55.342643] netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. ffffffff81d28d18 ffffffff83ced1a0 1ffff1003aadbf14 ffff8801d63a66c0 ffff8801d63a6240 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: 5882:5885 got reply transaction with no transaction stack binder: 5882:5885 transaction failed 29201/-71, size 32-8 line 2924 binder: 5882:5885 ioctl 404c534a 2000b000 returned -22 binder: 5882:5885 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 5882:5900 got reply transaction with bad transaction stack, transaction 37 has target 5882:5885 binder: 5882:5900 transaction failed 29201/-71, size 24-16 line 2939 binder: 5882:5900 got reply transaction with no transaction stack binder: 5882:5900 transaction failed 29201/-71, size 32-8 line 2924 binder: BINDER_SET_CONTEXT_MGR already set binder: 5882:5885 ioctl 40046207 0 returned -16 binder: 5882:5950 ioctl 404c534a 2000b000 returned -22 binder_alloc: 5882: binder_alloc_buf, no vma binder: 5882:5885 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 5882:5927 transaction failed 29189/-3, size 0-0 line 3131 binder_alloc: 5882: binder_alloc_buf, no vma binder: 5882:5950 transaction failed 29189/-3, size 0-0 line 3131 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. binder: 5882:5900 got reply transaction with no transaction stack binder: undelivered TRANSACTION_ERROR: 29189 binder: 5882:5900 transaction failed 29201/-71, size 24-16 line 2924 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. binder: release 5882:5885 transaction 38 out, still active binder: release 5882:5885 transaction 37 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 5882:5900 transaction 37 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 38, target dead binder: send failed reply for transaction 37, target dead binder: undelivered TRANSACTION_ERROR: 29201 netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode binder: 6106:6109 got reply transaction with no transaction stack binder: 6106:6109 transaction failed 29201/-71, size 32-8 line 2924 binder: 6106:6109 ioctl 404c534a 2000b000 returned -22 binder: 6106:6109 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 6106:6116 got reply transaction with bad transaction stack, transaction 46 has target 6106:6109 binder: 6106:6116 transaction failed 29201/-71, size 24-16 line 2939 binder: 6106:6135 got reply transaction with no transaction stack binder: 6106:6135 transaction failed 29201/-71, size 32-8 line 2924 binder: BINDER_SET_CONTEXT_MGR already set binder: 6106:6109 ioctl 40046207 0 returned -16 binder: 6106:6152 ioctl 404c534a 2000b000 returned -22 binder_alloc: 6106: binder_alloc_buf, no vma binder: 6106:6109 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 6106:6116 transaction failed 29189/-3, size 536924119-0 line 3131 binder_alloc: 6106: binder_alloc_buf, no vma binder: 6106:6152 transaction failed 29189/-3, size 0-0 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6106:6109 transaction 47 out, still active binder: release 6106:6109 transaction 46 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 6106:6116 transaction 46 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 47, target dead binder: send failed reply for transaction 46, target dead binder: undelivered TRANSACTION_ERROR: 29201 netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. binder: 7234:7236 ioctl c0306201 20006fd0 returned -14 binder: 7234:7236 ioctl 404c534a 2000b000 returned -22 binder: 7234:7236 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 7234:7249 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: 7234:7236 ioctl c018620b 20006fe8 returned -14 binder: 7234:7249 got reply transaction with bad transaction stack, transaction 53 has target 7234:7236 binder: 7234:7249 transaction failed 29201/-71, size 24-16 line 2939 binder: BINDER_SET_CONTEXT_MGR already set binder: 7234:7249 ioctl 40046207 0 returned -16 binder: 7234:7267 ioctl 404c534a 2000b000 returned -22 binder: 7234:7236 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 7234:7267 IncRefs 0 refcount change on invalid ref 4 ret -22 binder_alloc: 7234: binder_alloc_buf, no vma binder: 7234:7249 transaction failed 29189/-3, size 0-0 line 3131 binder: 7234:7295 ioctl c018620b 20006fe8 returned -14 binder: 7234:7267 got reply transaction with no transaction stack binder: 7234:7267 transaction failed 29201/-71, size 24-16 line 2924 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: release 7234:7236 transaction 53 in, still active binder: send failed reply for transaction 53 to 7234:7249 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: 7515:7518 got reply transaction with no transaction stack binder: 7515:7518 transaction failed 29201/-71, size 32-8 line 2924 binder: 7515:7529 ioctl 404c534a 2000b000 returned -22 binder: 7515:7529 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 7515:7518 got reply transaction with no transaction stack binder: release 7515:7541 transaction 59 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 60 to 7515:7529 binder: 7515:7518 transaction failed 29201/-71, size 24-16 line 2924 binder: 7515:7579 got reply transaction with no transaction stack binder: BINDER_SET_CONTEXT_MGR already set binder: 7515:7529 ioctl 40046207 0 returned -16 binder: 7515:7579 transaction failed 29201/-71, size 32-8 line 2924 binder: 7515:7598 ioctl 404c534a 2000b000 returned -22 binder: 7515:7518 BC_DEAD_BINDER_DONE 0000000000000002 not found binder_alloc: 7515: binder_alloc_buf, no vma binder: 7515:7529 transaction failed 29189/-3, size 536924119-0 line 3131 binder: 7515:7518 got reply transaction with no transaction stack binder: undelivered TRANSACTION_ERROR: 29189 binder: 7515:7518 transaction failed 29201/-71, size 24-16 line 2924 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201