BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/6370 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6370 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d65cf6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801d65c0000 0000000000000003 ffff8801d65cf718 ffffffff81df7854 ffff8801d65cf730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6425 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd87f8b0 ffffffff81d90889 ffff8801cd87fb90 0000000000000000 ffff8801c5906110 ffff8801cd87fa80 ffff8801c5906000 ffff8801cd87faa8 ffffffff8165e497 0000000000005f34 ffff8801a0ede8f0 ffff8801a0ede8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6410 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c978f850 ffffffff81d90889 ffff8801c978fb30 0000000000000000 ffff8801c5906110 ffff8801c978fa20 ffff8801c5906000 ffff8801c978fa48 ffffffff8165e497 0000000000005f34 ffff8801cec238f0 ffff8801cec238a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. CPU: 0 PID: 6437 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c97978b0 ffffffff81d90889 ffff8801c9797b90 0000000000000000 ffff8801c5906110 ffff8801c9797a80 ffff8801c5906000 ffff8801c9797aa8 ffffffff8165e497 0000000000005f34 ffff8801a0ee08f0 ffff8801a0ee08a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=6589 comm=syz-executor2 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=6589 comm=syz-executor2 binder_alloc: 6841: binder_alloc_buf, no vma binder: 6841:6844 transaction failed 29189/-3, size 0-0 line 3130 binder_alloc: 6841: binder_alloc_buf, no vma binder: 6841:6854 transaction failed 29189/-3, size 0-0 line 3130 binder_alloc: binder_alloc_mmap_handler: 6841 20000000-20002000 already mapped failed -16 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6862 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d117f480 ffffffff81d90889 ffff8801d117f760 0000000000000000 ffff8801c5906710 ffff8801d117f650 ffff8801c5906600 ffff8801d117f678 ffffffff8165e497 0000000000000e95 ffff8801c4db2118 ffff8801c4db20a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6858 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c2f9f930 ffffffff81d90889 ffff8801c2f9fc10 0000000000000000 ffff8801c5906710 ffff8801c2f9fb00 ffff8801c5906600 ffff8801c2f9fb28 ffffffff8165e497 0000000000005f34 ffff8801c748b8f0 ffff8801c748b8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6862 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d117f480 ffffffff81d90889 ffff8801d117f760 0000000000000000 ffff8801c8dfeb90 ffff8801d117f650 ffff8801c8dfea80 ffff8801d117f678 ffffffff8165e497 0000000000000e95 ffff8801c4db2118 ffff8801c4db20a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6858 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c2f9f930 ffffffff81d90889 ffff8801c2f9fc10 0000000000000000 ffff8801c8dfeb90 ffff8801c2f9fb00 ffff8801c8dfea80 ffff8801c2f9fb28 ffffffff8165e497 0000000000005f34 ffff8801c748b8f0 ffff8801c748b8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1400 audit(1513075276.277:39): avc: denied { write } for pid=6926 comm="syz-executor5" path="socket:[17274]" dev="sockfs" ino=17274 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1513075276.317:40): avc: denied { accept } for pid=6926 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 nla_parse: 6 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1513075276.437:41): avc: denied { read } for pid=6926 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 IPv6: Can't replace route, no match found netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, lost async page write IPv6: Can't replace route, no match found loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, lost async page write sock: sock_set_timeout: `syz-executor1' (pid 7046) tries to set negative timeout FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7049 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1527940 ffffffff81d90889 ffff8801d1527c20 0000000000000000 ffff8801c8dfea10 ffff8801d1527b10 ffff8801c8dfe900 ffff8801d1527b38 ffffffff8165e497 0000000000000006 ffff8801d21a8000 ffffffff838ab3f9 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode CPU: 0 PID: 7058 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d224f5d0 ffffffff81d90889 ffff8801d224f8b0 0000000000000000 ffff8801c8dfea10 ffff8801d224f7a0 ffff8801c8dfe900 ffff8801d224f7c8 ffffffff8165e497 0000000000005f34 ffff8801d21ab8f0 ffff8801d21ab8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 sg_write: data in/out 901092476/192 bytes for SCSI command 0x1b-- guessing data in; program syz-executor6 not setting count and/or reply_len properly netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor1'. device gre0 entered promiscuous mode binder: 7272:7277 ioctl 8924 20002000 returned -22 binder: 7272:7277 ERROR: BC_REGISTER_LOOPER called without request SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7284 comm=syz-executor7 binder_alloc: 7272: binder_alloc_buf size 68719476736 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 7272:7286 transaction failed 29201/-28, size 68719476736-0 line 3130 binder: 7272:7293 ioctl 8924 20002000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 7272:7286 ioctl 40046207 0 returned -16 binder: 7272:7293 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 7272: binder_alloc_buf, no vma binder: 7272:7293 transaction failed 29189/-3, size 68719476736-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7291 comm=syz-executor7 netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. device gre0 entered promiscuous mode TCP: request_sock_TCP: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device gre0 entered promiscuous mode TCP: request_sock_TCP: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. PF_BRIDGE: RTM_SETLINK with unknown ifindex PF_BRIDGE: RTM_SETLINK with unknown ifindex qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly device lo entered promiscuous mode device gre0 entered promiscuous mode binder: 7871:7874 unknown command 0 binder: 7871:7874 ioctl c0306201 2000a000 returned -22 binder: 7871:7880 BC_FREE_BUFFER u0000000000000000 no match binder: 7871:7880 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 7871:7880 ioctl 40046207 0 returned -16 binder: 7871:7885 unknown command 0 binder: 7871:7885 ioctl c0306201 2000a000 returned -22 binder_alloc: 7871: binder_alloc_buf, no vma binder: 7871:7885 transaction failed 29189/-3, size 24-8 line 3130 binder: undelivered transaction 54, process died. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8114 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8eb78a0 ffffffff81d90889 ffff8801d8eb7b80 0000000000000000 ffff8801c8dff610 ffff8801d8eb7a70 ffff8801c8dff500 ffff8801d8eb7a98 ffffffff8165e497 0000000000005f34 ffff8801c3dda0f0 ffff8801c3dda0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8127 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d03578f0 ffffffff81d90889 ffff8801d0357bd0 0000000000000000 ffff8801c8dff610 ffff8801d0357ac0 ffff8801c8dff500 ffff8801d0357ae8 ffffffff8165e497 0000000000005f34 ffff8801c80c88f0 ffff8801c80c88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable binder: 8183:8186 ioctl 40046205 0 returned -22 binder: 8183:8186 ERROR: BC_REGISTER_LOOPER called without request binder: 8183:8186 got transaction to invalid handle binder: 8183:8186 transaction failed 29201/-22, size 0-8 line 3007 binder: 8183:8186 ioctl c0306201 20005fd0 returned -14 binder: release 8183:8186 transaction 58 in, still active binder: send failed reply for transaction 58 to 8183:8195 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8183:8186 BC_FREE_BUFFER u0000000000000000 no match binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 8183:8186 ioctl 40046205 6 returned -22 binder: 8183:8195 ioctl 40046205 0 returned -22 binder: 8183:8195 ERROR: BC_REGISTER_LOOPER called without request binder: 8183:8195 ioctl c0306201 20008fd0 returned -11 binder: 8183:8195 unknown command 0 binder: 8183:8195 ioctl c0306201 20002fd0 returned -22 binder: 8183:8186 BC_FREE_BUFFER u0000000000000000 no match binder: 8183:8186 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 8183:8186 got transaction to invalid handle binder: 8183:8186 transaction failed 29201/-22, size 72-8 line 3007 binder: 8183:8186 ioctl c0306201 20005fd0 returned -14 binder: release 8183:8186 transaction 61 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 61, target dead CPU: 1 PID: 8131 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c36f79a0 ffffffff81d90889 ffff8801c36f7c80 0000000000000000 ffff8801c8dff610 ffff8801c36f7b70 ffff8801c8dff500 ffff8801c36f7b98 ffffffff8165e497 0000000000005f34 ffff8801c80cd0f0 ffff8801c80cd0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075281.847:42): avc: denied { execute } for pid=8243 comm="syz-executor6" path="pipe:[20100]" dev="pipefs" ino=20100 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 8243:8248 ioctl 40046207 0 returned -16 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=8291 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=8291 comm=syz-executor2 device gre0 entered promiscuous mode