vmalloc: allocation failure: 17177772032 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 8314 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/8331 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 ffff8801d0cf7880 ffffffff81d90889 1ffff1003a19ef13 ffff8801c4e43000 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801d0cf7990 ffffffff8144eb82 024000c200000003 0000000041b58ab3 ffffffff84191625 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 8331 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c4c576d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801a8ae0000 0000000000000003 ffff8801c4c57718 ffffffff81df7854 ffff8801c4c57730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:95513 inactive_anon:42 isolated_anon:0 active_file:3643 inactive_file:7334 isolated_file:0 unevictable:0 dirty:115 writeback:0 unstable:0 slab_reclaimable:7439 slab_unreclaimable:50500 mapped:22866 shmem:51 pagetables:831 bounce:0 free:1442364 free_pcp:453 free_cma:0 binder: 8342:8345 got reply transaction with no transaction stack binder: 8342:8345 transaction failed 29201/-71, size 0-8 line 2923 binder_alloc: 8342: binder_alloc_buf, no vma binder: 8342:8345 transaction failed 29189/-3, size 0-0 line 3130 binder: 8342:8345 ioctl c018620b 2000bfe8 returned -14 binder: undelivered TRANSACTION_ERROR: 29189 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/8358 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 8358 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c528f6d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801c82de000 0000000000000003 ffff8801c528f718 ffffffff81df7854 ffff8801c528f730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 8342:8360 got reply transaction with no transaction stack binder: 8342:8360 transaction failed 29201/-71, size 24-16 line 2923 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8342:8363 got reply transaction with no transaction stack binder: 8342:8363 transaction failed 29201/-71, size 0-8 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 8342:8363 ioctl 40046207 0 returned -16 binder_alloc: 8342: binder_alloc_buf, no vma binder: 8342:8360 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: 8342:8363 got reply transaction with no transaction stack binder: 8342:8363 transaction failed 29201/-71, size 24-16 line 2923 binder: undelivered TRANSACTION_ERROR: 29201 capability: warning: `syz-executor0' uses deprecated v2 capabilities in a way that may be insecure SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8375 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8375 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8386 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8375 comm=syz-executor5 Node 0 active_anon:365280kB inactive_anon:132kB active_file:14572kB inactive_file:29360kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91420kB dirty:540kB writeback:0kB shmem:168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2910 6411 6411 DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:648kB free_cma:0kB lowmem_reserve[]: 0 0 3501 3501 Normal free:2785344kB min:36816kB low:46020kB high:55224kB active_anon:365280kB inactive_anon:132kB active_file:14572kB inactive_file:29360kB unevictable:0kB writepending:568kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:29968kB slab_unreclaimable:206488kB kernel_stack:5504kB pagetables:3072kB bounce:0kB free_pcp:1340kB local_pcp:696kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB DMA32: 1*4kB (M) 1*8kB (M) 3*16kB (M) 3*32kB (M) 4*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981148kB Normal: 164*4kB (UME) 74*8kB (UM) 730*16kB (UME) 425*32kB (UM) 587*64kB (ME) 256*128kB (UM) 74*256kB (UM) 6*512kB (UME) 2*1024kB (UM) 7*2048kB (UME) 647*4096kB (M) = 2785376kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11032 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly binder: 8507:8508 ioctl 40046205 9 returned -22 binder: 8507:8508 BC_FREE_BUFFER u0000000000000000 no match binder: 8507:8508 ioctl 40046205 9 returned -22 binder: 8507:8522 BC_FREE_BUFFER u0000000000000000 no match binder: 8526:8527 ioctl 40086602 43 returned -22 binder: 8526:8527 got reply transaction with no transaction stack binder: 8526:8527 transaction failed 29201/-71, size 2-1144397507205 line 2923 binder: 8526:8527 Release 1 refcount change on invalid ref 4 ret -22 binder: 8526:8527 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 8526:8527 Acquire 1 refcount change on invalid ref 2 ret -22 binder: 8526:8527 ERROR: BC_REGISTER_LOOPER called without request binder: 8526:8527 BC_CLEAR_DEATH_NOTIFICATION invalid ref -2 binder: 8526:8527 got transaction with unaligned buffers size, 3571 binder: 8526:8527 transaction failed 29201/-22, size 48-32 line 3175 binder: 8526:8527 ioctl 40086602 43 returned -22 binder: 8526:8561 got reply transaction with no transaction stack binder: 8526:8561 transaction failed 29201/-71, size 2-1144397507205 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 8526:8543 ioctl 40046207 0 returned -16 binder_alloc: 8526: binder_alloc_buf, no vma binder: 8526:8561 transaction failed 29189/-3, size 0-0 line 3130 device gre0 entered promiscuous mode binder: 8526:8567 Release 1 refcount change on invalid ref 4 ret -22 binder: 8526:8567 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 8526:8567 Acquire 1 refcount change on invalid ref 2 ret -22 binder: 8526:8567 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered TRANSACTION_ERROR: 29189 binder: release 8526:8527 transaction 81 in, still active binder: send failed reply for transaction 81 to 8526:8543 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1400 audit(1513075247.618:49): avc: denied { getopt } for pid=8616 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 audit: type=1400 audit(1513075247.648:50): avc: denied { getattr } for pid=8616 comm="syz-executor4" path="socket:[22352]" dev="sockfs" ino=22352 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8697 Comm: syz-executor4 Not tainted 4.9.68-gfb66dc2 #107 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a6cf7480 ffffffff81d90889 ffff8801a6cf7760 0000000000000000 ffff8801a3396410 ffff8801a6cf7650 ffff8801a3396300 ffff8801a6cf7678 ffffffff8165e497 0000000000004951 ffff8801a0206918 ffff8801a02068a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder_alloc: binder_alloc_mmap_handler: 8707 2055a000-2055c000 already mapped failed -16 binder: 8707:8715 ioctl c0306201 20004fd0 returned -14 binder_alloc: binder_alloc_mmap_handler: 8707 20005000-20009000 already mapped failed -16 device gre0 entered promiscuous mode binder_alloc: binder_alloc_mmap_handler: 8707 20d07000-20d0a000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 8707 20000000-20004000 already mapped failed -16 binder: 8707:8715 ioctl c0306201 20004fd0 returned -14 netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. blk_update_request: I/O error, dev loop7, sector 0 Buffer I/O error on dev loop7, logical block 0, lost async page write blk_update_request: I/O error, dev loop7, sector 8 Buffer I/O error on dev loop7, logical block 1, lost async page write blk_update_request: I/O error, dev loop7, sector 16 Buffer I/O error on dev loop7, logical block 2, lost async page write blk_update_request: I/O error, dev loop7, sector 24 Buffer I/O error on dev loop7, logical block 3, lost async page write blk_update_request: I/O error, dev loop7, sector 32 Buffer I/O error on dev loop7, logical block 4, lost async page write blk_update_request: I/O error, dev loop7, sector 40 Buffer I/O error on dev loop7, logical block 5, lost async page write blk_update_request: I/O error, dev loop7, sector 48 Buffer I/O error on dev loop7, logical block 6, lost async page write blk_update_request: I/O error, dev loop7, sector 56 Buffer I/O error on dev loop7, logical block 7, lost async page write blk_update_request: I/O error, dev loop7, sector 64 Buffer I/O error on dev loop7, logical block 8, lost async page write blk_update_request: I/O error, dev loop7, sector 72 Buffer I/O error on dev loop7, logical block 9, lost async page write SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8848 comm=syz-executor7 keychord: Insufficient bytes present for keycount 10188 keychord: Insufficient bytes present for keycount 10188 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8862 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c3f8f710 ffffffff81d90889 ffff8801c3f8f9f0 0000000000000000 ffff8801a3396590 ffff8801c3f8f8e0 ffff8801a3396480 ffff8801c3f8f908 ffffffff8165e497 0000000000005e64 ffff8801c4b768f0 ffff8801c4b768a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8850 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c984f930 ffffffff81d90889 ffff8801c984fc10 0000000000000000 ffff8801a3396590 ffff8801c984fb00 ffff8801a3396480 ffff8801c984fb28 ffffffff8165e497 0000000000005e64 ffff8801cf6e50f0 ffff8801cf6e50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 FAULT_FLAG_ALLOW_RETRY missing 30 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 8872 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d142f8c0 ffffffff81d90889 ffff8801d142fba0 0000000000000000 ffff8801a3396590 ffff8801d142fa90 ffff8801a3396480 ffff8801d142fab8 ffffffff8165e497 0000000000005e64 ffff8801d95f68f0 ffff8801d95f68a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8832 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d507f710 ffffffff81d90889 ffff8801d507f9f0 0000000000000000 ffff8801a3396590 ffff8801d507f8e0 ffff8801a3396480 ffff8801d507f908 ffffffff8165e497 0000000000005e64 ffff8801d13050f0 ffff8801d13050a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo entered promiscuous mode device lo left promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route device lo entered promiscuous mode device lo left promiscuous mode IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route binder_alloc: 9048: binder_alloc_buf, no vma binder: 9048:9051 transaction failed 29189/-3, size 80-16 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 9048:9071 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode device gre0 entered promiscuous mode IPVS: set_ctl: invalid protocol: 64680 1.136.255.255:0 ��_�#�� device gre0 entered promiscuous mode binder_alloc: 9418: binder_alloc_buf, no vma binder: 9418:9424 transaction failed 29189/-3, size 80-16 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 9418:9424 ioctl 40046207 0 returned -16 binder_alloc: 9418: binder_alloc_buf, no vma binder: 9418:9424 transaction failed 29189/-3, size 80-16 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 nla_parse: 1 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. IPVS: Creating netns size=2536 id=15 devpts: called with bogus options netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. devpts: called with bogus options IPVS: Creating netns size=2536 id=16 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. device lo entered promiscuous mode device lo left promiscuous mode 9pnet_virtio: no channels available for device ./file0 device lo entered promiscuous mode device lo left promiscuous mode 9pnet_virtio: no channels available for device ./file0 device lo entered promiscuous mode device lo left promiscuous mode binder: 9706:9708 ioctl 85 20327000 returned -22 device lo entered promiscuous mode binder: 9706:9708 ioctl c018620b 20236fe8 returned -14 binder: 9706:9708 IncRefs 0 refcount change on invalid ref 2 ret -22 binder: 9706:9708 Acquire 1 refcount change on invalid ref 4 ret -22 binder: 9706:9708 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 9706:9708 unknown command 0 binder: 9706:9708 ioctl c0306201 20000fd0 returned -22 binder: 9706:9709 ioctl 85 20327000 returned -22 binder: 9706:9709 ioctl c018620b 20236fe8 returned -14 binder: 9706:9709 unknown command 0 binder: 9706:9709 ioctl c0306201 20000fd0 returned -22 device lo left promiscuous mode IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found binder: 9742:9748 unknown command -769334904 binder: 9742:9748 ioctl c0306201 20011000 returned -22 binder: 9742:9748 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 9742:9748 BC_INCREFS_DONE uffffffffffffffff no match binder: 9742:9758 ioctl c0306201 20000fd0 returned -11 binder_alloc: 9742: binder_alloc_buf, no vma binder: BINDER_SET_CONTEXT_MGR already set binder: 9742:9758 ioctl 40046207 0 returned -16 binder: 9742:9758 unknown command -769334904 binder: 9742:9758 ioctl c0306201 20011000 returned -22 binder: 9742:9768 unknown command 0 binder: 9742:9768 ioctl c0306201 20004000 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32785 sclass=netlink_route_socket pig=9788 comm=syz-executor1 binder: 9742:9748 transaction failed 29189/-3, size 80-48 line 3130 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32785 sclass=netlink_route_socket pig=9804 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=9823 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=9824 comm=syz-executor3 device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. binder: 9937:9939 BC_CLEAR_DEATH_NOTIFICATION death notification not active binder: 9937:9939 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 9937:9939 got transaction to invalid handle binder: 9937:9939 transaction failed 29201/-22, size 24-16 line 3007 binder: 9937:9945 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 9937:9939 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 9937:9945 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 9937:9939 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 9937:9939 Release 1 refcount change on invalid ref 0 ret -22 binder: 9937:9939 got transaction to invalid handle binder: 9937:9939 transaction failed 29201/-22, size 24-16 line 3007 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10049 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c98ef710 ffffffff81d90889 ffff8801c98ef9f0 0000000000000000 ffff8801a88fe590 ffff8801c98ef8e0 ffff8801a88fe480 ffff8801c98ef908 ffffffff8165e497 0000000000005e64 ffff8801cec368f0 ffff8801cec368a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 10033 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6c17710 ffffffff81d90889 ffff8801c6c179f0 0000000000000000 ffff8801a3396b90 ffff8801c6c178e0 ffff8801a3396a80 ffff8801c6c17908 ffffffff8165e497 0000000000005e64 ffff8801d5ec20f0 ffff8801d5ec20a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 10062 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c448f8c0 ffffffff81d90889 ffff8801c448fba0 0000000000000000 ffff8801a3396b90 ffff8801c448fa90 ffff8801a3396a80 ffff8801c448fab8 ffffffff8165e497 0000000000005e64 ffff8801d83ea0f0 ffff8801d83ea0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 FAULT_FLAG_ALLOW_RETRY missing 30 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 10055 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 FAULT_FLAG_ALLOW_RETRY missing 30 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ca49f710 ffffffff81d90889 ffff8801ca49f9f0 0000000000000000 ffff8801a3396b90 ffff8801ca49f8e0 ffff8801a3396a80 ffff8801ca49f908 ffffffff8165e497 0000000000005e64 ffff8801cec338f0 ffff8801cec338a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 10058 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c47a7710 ffffffff81d90889 ffff8801c47a79f0 0000000000000000 ffff8801a3396110 ffff8801c47a78e0 ffff8801a3396000 ffff8801c47a7908 ffffffff8165e497 0000000000005e64 ffff8801cec350f0 ffff8801cec350a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 10043 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cab078e0 ffffffff81d90889 ffff8801cab07bc0 0000000000000000 ffff8801a3396b90 ffff8801cab07ab0 ffff8801a3396a80 ffff8801cab07ad8 ffffffff8165e497 0000000000005e64 ffff8801d56b38f0 ffff8801d56b38a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_syscall_64+0x197/0x490 arch/x86/entry/common.c:280 [] entry_SYSCALL64_slow_path+0x25/0x25 IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found binder: 10187:10190 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 10187: binder_alloc_buf, no vma binder: 10187:10199 transaction failed 29189/-3, size 0-0 line 3130 binder: 10187:10199 ioctl 8904 20004ffc returned -22 binder: 10187:10199 ioctl c0306201 2000ffd0 returned -14 binder_alloc: 10187: binder_alloc_buf, no vma binder: 10187:10190 transaction failed 29189/-3, size 0-0 line 3130 binder: 10187:10223 got reply transaction with no transaction stack binder: 10187:10223 transaction failed 29201/-71, size 32-8 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201