Buffer I/O error on dev loop7, logical block 9, lost async page write SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18962 sclass=netlink_route_socket pig=9688 comm=syz-executor7 check_preemption_disabled: 10 callbacks suppressed BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/9694 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 9694 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cec576d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801ca576000 0000000000000003 ffff8801cec57718 ffffffff81df7854 ffff8801cec57730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/9695 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 9695 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c1c8f6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801ca571800 0000000000000003 ffff8801c1c8f718 ffffffff81df7854 ffff8801c1c8f730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18962 sclass=netlink_route_socket pig=9698 comm=syz-executor7 netlink: 4 bytes leftover after parsing attributes in process `syz-executor5'. tc_dump_action: action bad kind tc_dump_action: action bad kind binder: 9824:9826 ioctl 8924 20002000 returned -22 binder: 9824:9826 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 9824: binder_alloc_buf size 69515765096 failed, no address space binder: 9839:9841 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 9839:9841 BC_INCREFS_DONE u000000002011a000 no match binder: 9839:9841 got transaction with invalid parent offset or type binder: 9839:9841 transaction failed 29201/-22, size 32-24 line 3253 binder: 9839:9841 got transaction with unaligned buffers size, 58534 binder: 9839:9841 transaction failed 29201/-22, size 0-40 line 3175 binder: BINDER_SET_CONTEXT_MGR already set binder: 9839:9847 ioctl 40046207 0 returned -16 binder: 9824:9844 ioctl 8924 20002000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 9824:9840 ioctl 40046207 0 returned -16 binder: 9824:9844 ERROR: BC_REGISTER_LOOPER called without request binder: 9839:9841 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 9839:9841 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 9839: binder_alloc_buf, no vma binder: 9839:9841 transaction failed 29189/-3, size 32-24 line 3130 binder_alloc: 9839: binder_alloc_buf, no vma binder: 9839:9841 transaction failed 29189/-3, size 0-40 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder_alloc: 9824: binder_alloc_buf, no vma binder: 9824:9844 transaction failed 29189/-3, size 69515765092-0 line 3130 binder: 9824:9837 transaction failed 29201/-28, size 69515765092-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! device gre0 entered promiscuous mode device gre0 entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device syz0 entered promiscuous mode device syz2 entered promiscuous mode PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex IPVS: Creating netns size=2536 id=15 PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1536 sclass=netlink_route_socket pig=10279 comm=syz-executor2 loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1536 sclass=netlink_route_socket pig=10286 comm=syz-executor2 loop_reread_partitions: partition scan of loop0 () failed (rc=-13) pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10305 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d6157850 ffffffff81d90889 ffff8801d6157b30 0000000000000000 ffff8801c7569f10 ffff8801d6157a20 ffff8801c7569e00 ffff8801d6157a48 ffffffff8165e497 0000000000003af1 ffff8801c44938f0 ffff8801c44938a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 nla_parse: 8 callbacks suppressed netlink: 13 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode audit: type=1400 audit(1513076037.349:54): avc: denied { listen } for pid=10380 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 IPVS: Creating netns size=2536 id=16 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=10315 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=10401 comm=syz-executor2 CPU: 0 PID: 10312 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf67f8b0 ffffffff81d90889 ffff8801cf67fb90 0000000000000000 ffff8801c7569f10 ffff8801cf67fa80 ffff8801c7569e00 ffff8801cf67faa8 ffffffff8165e497 0000000000003af1 ffff8801cae720f0 ffff8801cae720a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=17 netlink: 6 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=10429 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=10429 comm=syz-executor2 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads audit: type=1400 audit(1513076039.609:55): avc: denied { write } for pid=10526 comm="syz-executor6" name="net" dev="proc" ino=23609 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1513076039.649:56): avc: denied { add_name } for pid=10526 comm="syz-executor6" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1400 audit(1513076039.709:57): avc: denied { create } for pid=10526 comm="syz-executor6" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10536 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a4a2f8b0 ffffffff81d90889 ffff8801a4a2fb90 0000000000000000 ffff8801c7569790 ffff8801a4a2fa80 ffff8801c7569680 ffff8801a4a2faa8 ffffffff8165e497 0000000000003af1 ffff8801a84150f0 ffff8801a84150a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10573 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c5107850 ffffffff81d90889 ffff8801c5107b30 0000000000000000 ffff8801c7569790 ffff8801c5107a20 ffff8801c7569680 ffff8801c5107a48 ffffffff8165e497 0000000000003af1 ffff8801a3d420f0 ffff8801a3d420a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10561 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c82af840 ffffffff81d90889 ffff8801c82afb20 0000000000000000 ffff8801c7569790 ffff8801c82afa10 ffff8801c7569680 ffff8801c82afa38 ffffffff8165e497 000000000000713f ffff8801cc605118 ffff8801cc6050a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_fsetxattr fs/xattr.c:504 [inline] [] SyS_fsetxattr+0x130/0x190 fs/xattr.c:493 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 10584 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a654f8b0 ffffffff81d90889 ffff8801a654fb90 0000000000000000 ffff8801c7569790 ffff8801a654fa80 ffff8801c7569680 ffff8801a654faa8 ffffffff8165e497 0000000000003af1 ffff8801cdb620f0 ffff8801cdb620a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513076040.659:58): avc: denied { bind } for pid=10608 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 audit: type=1400 audit(1513076040.689:59): avc: denied { setopt } for pid=10608 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 binder_alloc: 10610: binder_alloc_buf, no vma binder: 10610:10647 transaction failed 29189/-3, size 80-16 line 3130 binder_alloc: binder_alloc_mmap_handler: 10610 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10610:10647 ioctl 40046207 0 returned -16 device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=10669 comm=syz-executor1 device lo left promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=6 sclass=netlink_audit_socket pig=10673 comm=syz-executor1 binder_alloc: 10610: binder_alloc_buf, no vma binder: 10610:10678 transaction failed 29189/-3, size 80-16 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 IPVS: Creating netns size=2536 id=18 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=10673 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=6 sclass=netlink_audit_socket pig=10673 comm=syz-executor1 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=11131 comm=syz-executor5 device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=11131 comm=syz-executor5 device lo entered promiscuous mode device lo left promiscuous mode nla_parse: 1 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=11227 comm=syz-executor2 netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=11227 comm=syz-executor2