binder: 11602:11603 ioctl c0306201 20007fd0 returned -14 ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.79-g71f1469 #25 Not tainted ------------------------------------------------------- syz-executor5/11621 is trying to acquire lock: (&sb->s_type->i_mutex_key#10 but task is already holding lock: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:343 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (ashmem_mutex){+.+.+.}: __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xbb/0x870 kernel/locking/mutex.c:621 ashmem_mmap+0x53/0x400 drivers/staging/android/ashmem.c:379 mmap_region+0x7dd/0xfd0 mm/mmap.c:1694 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2019 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0x33f/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x29/0xe8 -> #1 (&mm->mmap_sem){++++++}: __might_fault+0x14a/0x1d0 mm/memory.c:3994 copy_to_user arch/x86/include/asm/uaccess.h:718 [inline] filldir+0x1aa/0x340 fs/readdir.c:195 dir_emit_dot include/linux/fs.h:3203 [inline] dir_emit_dots include/linux/fs.h:3214 [inline] dcache_readdir+0x12d/0x5e0 fs/libfs.c:191 iterate_dir+0x4a6/0x5d0 fs/readdir.c:50 SYSC_getdents fs/readdir.c:230 [inline] SyS_getdents+0x14a/0x2a0 fs/readdir.c:211 entry_SYSCALL_64_fastpath+0x29/0xe8 -> #0 (&sb->s_type->i_mutex_key#10){++++++}: lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 inode_lock include/linux/fs.h:746 [inline] shmem_file_llseek+0xef/0x240 mm/shmem.c:2403 vfs_llseek+0xa2/0xd0 fs/read_write.c:301 ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:355 vfs_llseek fs/read_write.c:301 [inline] SYSC_lseek fs/read_write.c:314 [inline] SyS_lseek+0xeb/0x170 fs/read_write.c:305 entry_SYSCALL_64_fastpath+0x29/0xe8 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex CPU0 CPU1 ---- ---- lock( ashmem_mutex); &mm->mmap_sem); ashmem_mutex); &sb->s_type->i_mutex_key#10); *** DEADLOCK *** 1 lock held by syz-executor5/11621: #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:343 stack backtrace: CPU: 0 PID: 11621 Comm: syz-executor5 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b3837b98 ffffffff81d94829 ffffffff853a1e30 ffffffff853ab2b0 ffffffff853c1870 ffff8801d698b8d8 ffff8801d698b000 ffff8801b3837be0 ffffffff81238631 ffff8801d698b8d8 00000000d698b8b0 ffff8801d698b8d8Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_circular_bug+0x271/0x310 kernel/locking/lockdep.c:1202 [] check_prev_add kernel/locking/lockdep.c:1828 [inline] [] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [] validate_chain kernel/locking/lockdep.c:2265 [inline] [] __lock_acquire+0x2bf9/0x3640 kernel/locking/lockdep.c:3345 [] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 [] down_write+0x41/0xa0 kernel/locking/rwsem.c:52 [] inode_lock include/linux/fs.h:746 [inline] [] shmem_file_llseek+0xef/0x240 mm/shmem.c:2403 [] vfs_llseek+0xa2/0xd0 fs/read_write.c:301 [] ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:355 [] vfs_llseek fs/read_write.c:301 [inline] [] SYSC_lseek fs/read_write.c:314 [inline] [] SyS_lseek+0xeb/0x170 fs/read_write.c:305 [] entry_SYSCALL_64_fastpath+0x29/0xe8 loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11632 Comm: syz-executor0 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d821f6c0 ffffffff81d94829 ffff8801d821f9a0 0000000000000000 ffff8801c23b2110 ffff8801d821f890 ffff8801c23b2000 ffff8801d821f8b8 ffffffff816621ca 1ffff1003b043edc ffff8801d821f810 00000001ccbc6067Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] sock_do_ioctl+0x94/0xb0 net/socket.c:899 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x29/0xe8 binder: 11630:11632 ioctl c0306201 20007fd0 returned -14 loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11731 Comm: syz-executor3 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b3a1f850 ffffffff81d94829 ffff8801b3a1fb30 0000000000000000 ffff8801d7ca5790 ffff8801b3a1fa20 ffff8801d7ca5680 ffff8801b3a1fa48 ffffffff816621ca ffffffff838b2c38 ffff8801b3a1f9a0 00000001b69bf067Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] entry_SYSCALL_64_fastpath+0x29/0xe8 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). SELinux: unrecognized netlink message: protocol=9 nlmsg_type=18 sclass=netlink_audit_socket pig=11943 comm=syz-executor0 VFS: Dirty inode writeback failed for block device loop0 (err=-5). SELinux: unrecognized netlink message: protocol=9 nlmsg_type=18 sclass=netlink_audit_socket pig=11978 comm=syz-executor0 VFS: Dirty inode writeback failed for block device loop0 (err=-5). context_struct_compute_av: 4 callbacks suppressed SELinux: Invalid class 85 binder: 12138:12148 BC_INCREFS_DONE u0000000000000000 no match FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 12157 Comm: syz-executor6 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c582f8b0 ffffffff81d94829 ffff8801c582fb90 0000000000000000 ffff8801c23b3190 ffff8801c582fa80 ffff8801c23b3080 ffff8801c582faa8 ffffffff816621ca ffffffff815393cb ffff8801c582fa00 00000001bf74f067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] seccomp_prepare_filter kernel/seccomp.c:373 [inline] [] seccomp_prepare_user_filter kernel/seccomp.c:408 [inline] [] seccomp_set_mode_filter kernel/seccomp.c:750 [inline] [] do_seccomp+0x632/0x1860 kernel/seccomp.c:800 [] SYSC_seccomp kernel/seccomp.c:809 [inline] [] SyS_seccomp+0x24/0x30 kernel/seccomp.c:806 [] entry_SYSCALL_64_fastpath+0x29/0xe8 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 12157 Comm: syz-executor6 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c582f8b0 ffffffff81d94829 ffff8801c582fb90 0000000000000000 ffff8801c072b190 ffff8801c582fa80 ffff8801c072b080 ffff8801c582faa8 ffffffff816621ca ffff8801afa18000 0000000000000000 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] seccomp_prepare_filter kernel/seccomp.c:373 [inline] [] seccomp_prepare_user_filter kernel/seccomp.c:408 [inline] [] seccomp_set_mode_filter kernel/seccomp.c:750 [inline] [] do_seccomp+0x632/0x1860 kernel/seccomp.c:800 [] SYSC_seccomp kernel/seccomp.c:809 [inline] [] SyS_seccomp+0x24/0x30 kernel/seccomp.c:806 [] entry_SYSCALL_64_fastpath+0x29/0xe8 keychord: keycode 5120 out of range audit: type=1400 audit(1517602530.714:50): avc: denied { net_admin } for pid=4127 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517602530.714:51): avc: denied { create } for pid=12261 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1517602530.794:52): avc: denied { net_admin } for pid=4138 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517602530.854:53): avc: denied { dac_override } for pid=12269 comm="syz-executor5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517602530.884:54): avc: denied { create } for pid=12274 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 12331 Comm: syz-executor0 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d56a75d0 ffffffff81d94829 ffff8801d56a78b0 0000000000000000 ffff8801c23b3490 ffff8801d56a77a0 ffff8801c23b3380 ffff8801d56a77c8 ffffffff816621ca 0000000000000000 ffff8801d56a7720 00000001b89bd067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x29/0xe8 audit: type=1400 audit(1517602531.294:55): avc: denied { net_raw } for pid=12352 comm="syz-executor7" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12394 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12422 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12437 comm=syz-executor2 lo_write_bvec: 10 callbacks suppressed loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: 10 callbacks suppressed blk_update_request: I/O error, dev loop0, sector 0 buffer_io_error: 10 callbacks suppressed Buffer I/O error on dev loop0, logical block 0, lost async page write bdev_write_inode: 8 callbacks suppressed VFS: Dirty inode writeback failed for block device loop0 (err=-5). binder: BINDER_SET_CONTEXT_MGR already set binder: 12684:12685 ioctl 40046207 0 returned -16 binder: 12684:12685 ioctl 4c05 20fc2000 returned -22 binder: 12684:12685 ERROR: BC_REGISTER_LOOPER called without request binder: 12684:12685 ioctl 4b63 2087e000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 12684:12722 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 12684:12685 ioctl 40046207 0 returned -16 binder: 12684:12722 ioctl 4c05 20fc2000 returned -22 binder_alloc: 12684: binder_alloc_buf, no vma binder: 12684:12722 ioctl 4b63 2087e000 returned -22 binder: 12684:12685 transaction failed 29189/-3, size 0-0 line 3127 binder: 12749:12752 BC_FREE_BUFFER u0000000000000000 no match binder: 12749:12752 ERROR: BC_REGISTER_LOOPER called without request binder: 12749:12752 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). binder: BINDER_SET_CONTEXT_MGR already set binder: 12749:12764 ioctl 40046207 0 returned -16 binder: 12749:12752 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 12749:12752 BC_ACQUIRE_DONE u0000000000000000 node 81 cookie mismatch 0000000000000004 != 0000000000000000 binder: 12790:12797 transaction failed 29189/-22, size 0-0 line 3004 device syz5 entered promiscuous mode binder: 12790:12797 ioctl c0306201 20000fd0 returned -14 binder: 12790:12808 transaction failed 29189/-22, size 0-0 line 3004 binder: undelivered TRANSACTION_ERROR: 29189 loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 device syz5 left promiscuous mode Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). binder: release 13120:13121 transaction 87 out, still active binder: release 13120:13121 transaction 86 in, still active binder: undelivered TRANSACTION_COMPLETE binder: BINDER_SET_CONTEXT_MGR already set binder: 13120:13121 ioctl 40046207 0 returned -16 binder: release 13120:13128 transaction 86 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 87, target dead binder: send failed reply for transaction 86, target dead loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop: Write error at byte offset 18446744073709551613, length 4096. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop0 (err=-5). loop_reread_partitions: partition scan of loop0 () failed (rc=-13) device lo entered promiscuous mode device lo left promiscuous mode TCP: request_sock_TCP: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device lo entered promiscuous mode device lo left promiscuous mode audit_printk_skb: 104 callbacks suppressed audit: type=1400 audit(1517602535.584:88): avc: denied { create } for pid=13628 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 13629:13632 transaction failed 29201/-22, size 0-0 line 3127 binder_alloc: binder_alloc_mmap_handler: 13629 2011a000-2051a000 already mapped failed -16 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 13633 Comm: syz-executor5 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cc2ef850 ffffffff81d94829 ffff8801cc2efb30 0000000000000000 ffff8801b69d8590 ffff8801cc2efa20 ffff8801b69d8480 ffff8801cc2efa48 ffffffff816621ca ffffffff838b2c38 ffff8801cc2ef9a0 00000001c59f9067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] entry_SYSCALL_64_fastpath+0x29/0xe8 binder: BINDER_SET_CONTEXT_MGR already set binder: 13629:13632 ioctl 40046207 0 returned -16 binder_alloc: 13629: binder_alloc_buf, no vma binder: 13629:13643 transaction failed 29189/-3, size 0-0 line 3127 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 13633 Comm: syz-executor5 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cc2ef850 ffffffff81d94829 ffff8801cc2efb30 0000000000000000 ffff8801b69d8710 ffff8801cc2efa20 ffff8801b69d8600 ffff8801cc2efa48 ffffffff816621ca ffff8801cc2ef8b8 ffff8801cc2ef9a0 00000001cd36b067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] entry_SYSCALL_64_fastpath+0x29/0xe8 audit: type=1400 audit(1517602535.674:89): avc: denied { ioctl } for pid=13628 comm="syz-executor2" path="socket:[27440]" dev="sockfs" ino=27440 ioctlcmd=0x0 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517602536.154:90): avc: denied { create } for pid=13664 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 keychord: keycode 5120 out of range keychord: keycode 5120 out of range audit: type=1400 audit(1517602536.184:91): avc: denied { accept } for pid=13668 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1517602536.244:92): avc: denied { write } for pid=13664 comm="syz-executor3" path="socket:[28011]" dev="sockfs" ino=28011 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 binder: 13715:13721 got transaction with invalid handle, 0 binder: 13715:13721 transaction failed 29201/-22, size 56-8 line 3219 binder_alloc: binder_alloc_mmap_handler: 13715 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 13715:13721 ioctl 40046207 0 returned -16 binder_alloc: 13715: binder_alloc_buf, no vma binder: 13715:13721 transaction failed 29189/-3, size 56-8 line 3127 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1517602536.834:93): avc: denied { create } for pid=13915 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 binder: release 13998:14002 transaction 95 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 13998:14002 transaction failed 29189/0, size -166-0 line 2944 binder: send failed reply for transaction 95, target dead binder: BINDER_SET_CONTEXT_MGR already set binder: 13998:14014 ioctl 40046207 0 returned -16 binder_alloc: 13998: binder_alloc_buf, no vma binder: 13998:14002 transaction failed 29189/-3, size 0-0 line 3127 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29190 audit: type=1400 audit(1517602537.174:94): avc: denied { write } for pid=14025 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 14031:14035 BC_FREE_BUFFER uffffffffffffffff no match binder: 14031:14060 got reply transaction with no transaction stack binder: 14031:14060 transaction failed 29201/-71, size 0-0 line 2920 binder: release 14031:14045 transaction 99 out, still active binder: 14031:14035 BC_FREE_BUFFER uffffffffffffffff no match binder: 14031:14045 got reply transaction with no transaction stack binder: 14031:14045 transaction failed 29201/-71, size 0-0 line 2920 binder_alloc: 14031: binder_alloc_buf, no vma binder: 14031:14035 transaction failed 29189/-3, size 0-0 line 3127 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 99, target dead binder: undelivered TRANSACTION_ERROR: 29201 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 14102 Comm: syz-executor6 Not tainted 4.9.79-g71f1469 #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8387930 ffffffff81d94829 ffff8801c8387c10 0000000000000000 ffff8801cb1b8d10 ffff8801c8387b00 ffff8801cb1b8c00 ffff8801c8387b28 ffffffff816621ca 0000000000000001 ffff8801c8387a80 00000001ccae0067 Call Trace: