====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc3+ #219 Not tainted ------------------------------------------------------ syz-executor2/6312 is trying to acquire lock: (&tty->ldisc_sem){++++}, at: [<00000000f8a931ff>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [<000000000f049cfe>] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [<000000000f049cfe>] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #6 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #5 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] cache_grow_end.part.37+0x3a/0x180 mm/slab.c:2726 cache_grow_end mm/slab.c:2720 [inline] cache_alloc_refill mm/slab.c:3047 [inline] ____cache_alloc mm/slab.c:3120 [inline] __do_cache_alloc mm/slab.c:3342 [inline] slab_alloc mm/slab.c:3377 [inline] kmem_cache_alloc+0x433/0x760 mm/slab.c:3545 getname_kernel+0x54/0x340 fs/namei.c:218 kern_path_create+0x23/0x40 fs/namei.c:3666 handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203 -> #4 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_register+0x1d/0x20 drivers/base/core.c:1905 tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2956 tty_port_register_device_attr_serdev+0x100/0x140 drivers/tty/tty_port.c:166 uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2783 serial8250_register_8250_port+0xfac/0x1990 drivers/tty/serial/8250/8250_core.c:1045 serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:480 pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:109 really_probe drivers/base/dd.c:424 [inline] driver_probe_device+0x71b/0xae0 drivers/base/dd.c:566 __driver_attach+0x181/0x1c0 drivers/base/dd.c:800 bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313 driver_attach+0x3d/0x50 drivers/base/dd.c:819 bus_add_driver+0x466/0x620 drivers/base/bus.c:669 driver_register+0x1bf/0x3c0 drivers/base/driver.c:168 pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:272 serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:537 serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1122 do_one_initcall+0x9e/0x330 init/main.c:831 do_initcall_level init/main.c:897 [inline] do_initcalls init/main.c:905 [inline] do_basic_setup init/main.c:923 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1071 kernel_init+0x13/0x172 init/main.c:998 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441 -> #3 (&port->mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1416 tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:334 set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:414 tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:749 n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2435 tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2638 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #2 (&tty->termios_rwsem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_write+0x87/0x120 kernel/locking/rwsem.c:70 n_tty_flush_buffer+0x21/0x320 drivers/tty/n_tty.c:357 tty_buffer_flush+0x29a/0x390 drivers/tty/tty_buffer.c:233 tty_ldisc_flush+0x25/0x70 drivers/tty/tty_ldisc.c:418 tty_port_close_start.part.4+0x1cd/0x4e0 drivers/tty/tty_port.c:603 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x3f/0x80 drivers/tty/tty_port.c:640 uart_close+0x77/0x1d0 drivers/tty/serial/serial_core.c:1487 tty_release+0x446/0x14c0 drivers/tty/tty_io.c:1639 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 -> #1 (&buf->lock){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 tty_buffer_flush+0xbd/0x390 drivers/tty/tty_buffer.c:222 tty_ldisc_flush+0x25/0x70 drivers/tty/tty_ldisc.c:418 tty_port_close_start.part.4+0x1cd/0x4e0 drivers/tty/tty_port.c:603 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x3f/0x80 drivers/tty/tty_port.c:640 uart_close+0x77/0x1d0 drivers/tty/serial/serial_core.c:1487 tty_release+0x446/0x14c0 drivers/tty/tty_io.c:1639 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 -> #0 (&tty->ldisc_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &tty->ldisc_sem --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(&tty->ldisc_sem); *** DEADLOCK *** 1 lock held by syz-executor2/6312: #0: (&pipe->mutex/1){+.+.}, at: [<000000000f049cfe>] pipe_lock_nested fs/pipe.c:67 [inline] #0: (&pipe->mutex/1){+.+.}, at: [<000000000f049cfe>] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 1 PID: 6312 Comm: syz-executor2 Not tainted 4.15.0-rc3+ #219 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007faf704e5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452a39 RDX: 0000000000000014 RSI: 0000000000000000 RDI: 0000000000000015 RBP: 00000000000002dd R08: 0000000000000007 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2558 R13: 00000000ffffffff R14: 00007faf704e66d4 R15: 0000000000000000 device gre0 entered promiscuous mode devpts: called with bogus options devpts: called with bogus options QAT: Invalid ioctl QAT: Invalid ioctl netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'. RDS: rds_bind could not find a transport for 172.20.7.170, load rds_tcp or rds_rdma? netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. kauditd_printk_skb: 131 callbacks suppressed audit: type=1400 audit(1513166347.844:463): avc: denied { connect } for pid=6723 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1326 audit(1513166347.905:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6729 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 device gre0 entered promiscuous mode audit: type=1326 audit(1513166347.947:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6764 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0xffff0000 audit: type=1400 audit(1513166348.071:466): avc: denied { map } for pid=6764 comm="syz-executor3" path="/75/file0/bus" dev="ramfs" ino=23741 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ramfs_t:s0 tclass=file permissive=1 audit: type=1326 audit(1513166348.115:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6764 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0xffff0000 device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor2 (pid 6846) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor2 (pid 6878) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead device gre0 entered promiscuous mode device gre0 entered promiscuous mode audit: type=1400 audit(1513166348.734:468): avc: denied { map } for pid=6977 comm="syz-executor5" path=2F6D656D66643A24202864656C6574656429 dev="tmpfs" ino=24742 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 device gre0 entered promiscuous mode netlink: 'syz-executor1': attribute type 16 has an invalid length. netlink: 'syz-executor1': attribute type 16 has an invalid length. audit: type=1400 audit(1513166349.211:469): avc: denied { setattr } for pid=7081 comm="syz-executor6" name="NETLINK" dev="sockfs" ino=24923 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 kvm: vcpu 0: requested 68374 ns lapic timer period limited to 500000 ns nla_parse: 3 callbacks suppressed netlink: 14 bytes leftover after parsing attributes in process `syz-executor0'. binder: 7136:7138 Acquire 1 refcount change on invalid ref 0 ret -22 netlink: 14 bytes leftover after parsing attributes in process `syz-executor0'. binder: 7136:7138 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 7136:7138 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7138 RLIMIT_NICE not set binder: 7136:7153 IncRefs 0 refcount change on invalid ref 0 ret -22 binder: 7136:7153 Release 1 refcount change on invalid ref 0 ret -22 binder: 7136:7153 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 7136:7153 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 7136:7176 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 7136:7153 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7136:7176 IncRefs 0 refcount change on invalid ref 0 ret -22 binder: 7136:7176 Release 1 refcount change on invalid ref 0 ret -22 binder: 7136:7176 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 7176 RLIMIT_NICE not set netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. syz2: Invalid MTU 225897 requested, hw max 65535 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. syz2: Invalid MTU 225897 requested, hw max 65535 netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. audit: type=1400 audit(1513166349.661:470): avc: denied { read } for pid=7196 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=7250 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=30 sclass=netlink_audit_socket pig=7250 comm=syz-executor7 device lo entered promiscuous mode device lo left promiscuous mode xprt_adjust_timeout: rq_timeout = 0! device lo entered promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=7275 comm=syz-executor7 xprt_adjust_timeout: rq_timeout = 0! SELinux: unrecognized netlink message: protocol=9 nlmsg_type=30 sclass=netlink_audit_socket pig=7284 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7307 comm=syz-executor6 device syz0 entered promiscuous mode device syz0 left promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor7'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. device syz0 entered promiscuous mode device syz0 left promiscuous mode netlink: 9 bytes leftover after parsing attributes in process `syz-executor7'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1400 audit(1513166350.512:471): avc: denied { map } for pid=7425 comm="syz-executor3" path="socket:[25328]" dev="sockfs" ino=25328 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 audit: type=1400 audit(1513166350.777:472): avc: denied { create } for pid=7493 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 APIC base relocation is unsupported by KVM device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 'syz-executor6': attribute type 2 has an invalid length. device lo entered promiscuous mode device gre0 entered promiscuous mode netlink: 'syz-executor2': attribute type 4 has an invalid length. netlink: 'syz-executor2': attribute type 4 has an invalid length. sock: process `syz-executor5' is using obsolete setsockopt SO_BSDCOMPAT IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pig=7875 comm=syz-executor4 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pig=7868 comm=syz-executor4 device syz0 entered promiscuous mode device gre0 entered promiscuous mode kauditd_printk_skb: 1 callbacks suppressed audit: type=1326 audit(1513166352.983:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.015:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=283 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.015:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.015:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.016:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=32 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.016:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.017:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.018:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513166353.019:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40cd71 code=0x7ffc0000 audit: type=1326 audit(1513166353.019:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8098 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 netlink: 'syz-executor0': attribute type 27 has an invalid length. loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) netlink: 'syz-executor0': attribute type 27 has an invalid length. lo: Invalid MTU -1075701634 requested, hw min 0 print_req_error: I/O error, dev loop0, sector 0 print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, async page read Buffer I/O error on dev loop0, logical block 0, async page read lo: Invalid MTU -1075701634 requested, hw min 0 loop_reread_partitions: partition scan of loop0 () failed (rc=-13) device gre0 entered promiscuous mode binder: 8368:8371 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: 8371 RLIMIT_NICE not set binder: 8368:8371 ioctl c0306201 20007fd0 returned -11 binder: 8368:8371 got transaction to invalid handle binder: 8368:8371 transaction failed 29201/-22, size 32-32 line 2775 binder: 8368:8371 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder_alloc: 8368:8371 FREE_BUFFER u0000000020000000 user freed buffer twice binder: 8368:8371 BC_FREE_BUFFER u0000000020000000 no match binder: 8368:8371 got new transaction with bad transaction stack, transaction 9 has target 8368:0 binder: 8368:8371 transaction failed 29201/-71, size 0-0 line 2802 binder: 8368:8383 got reply transaction with no transaction stack binder: 8368:8383 transaction failed 29201/-71, size 48-8 line 2690 binder: 8368:8383 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 8368:8371 ioctl 40046207 0 returned -16 binder: 8368:8404 got transaction to invalid handle binder: 8368:8404 transaction failed 29201/-22, size 32-32 line 2775 binder_alloc: 8368: binder_alloc_buf, no vma binder: 8368:8383 transaction failed 29189/-3, size 0-0 line 2890 binder: 8368:8409 BC_FREE_BUFFER u0000000020000000 no match binder_alloc: 8368: binder_alloc_buf, no vma binder: 8368:8409 transaction failed 29189/-3, size 0-0 line 2890 nla_parse: 14 callbacks suppressed