BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/6336 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6336 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c73bf6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801d1ac3000 0000000000000003 ffff8801c73bf718 ffffffff81df7854 ffff8801c73bf730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 6425:6432 BC_INCREFS_DONE uffffffffffffffff no match binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: 6425: binder_alloc_buf, no vma binder: 6425:6455 transaction failed 29189/-3, size 0-0 line 3130 binder: 6425:6447 ioctl 40046207 0 returned -16 binder: 6425:6447 BC_INCREFS_DONE uffffffffffffffff no match binder_alloc: 6425: binder_alloc_buf, no vma binder: 6425:6468 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6425:6432 transaction 50 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 6425:6447 transaction 51 out, still active binder: undelivered TRANSACTION_COMPLETE audit: type=1400 audit(1513075525.704:37): avc: denied { setpcap } for pid=6504 comm="syz-executor5" capability=8 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 capability: warning: `syz-executor5' uses deprecated v2 capabilities in a way that may be insecure mmap: syz-executor4 (6503): VmData 18792448 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. binder: send failed reply for transaction 50, target dead binder: send failed reply for transaction 51, target dead binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. binder: 6578:6581 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 6578:6581 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 6578:6581 got reply transaction with bad transaction stack, transaction 55 has target 6578:0 binder: 6578:6581 transaction failed 29201/-71, size 48-56 line 2938 binder_alloc: binder_alloc_mmap_handler: 6578 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6578:6581 ioctl 40046207 0 returned -16 binder_alloc: 6578: binder_alloc_buf, no vma binder: 6578:6581 transaction failed 29189/-3, size 80-16 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6578:6581 transaction 55 out, still active binder: send failed reply for transaction 55, target dead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6586 comm=syz-executor1 binder: 6607:6608 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 6607:6608 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 6607:6608 got reply transaction with bad transaction stack, transaction 63 has target 6607:0 binder: 6607:6608 transaction failed 29201/-71, size 48-56 line 2938 binder: 6607:6608 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 6607:6608 BC_FREE_BUFFER u0000000000000000 no match binder: tried to use weak ref as strong ref binder: 6607:6608 got transaction to invalid handle binder: 6607:6608 transaction failed 29201/-22, size 0-32 line 3007 binder_alloc: binder_alloc_mmap_handler: 6607 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6607:6608 ioctl 40046207 0 returned -16 binder_alloc: 6607: binder_alloc_buf, no vma binder: 6607:6620 transaction failed 29189/-3, size 80-16 line 3130 binder: 6607:6608 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 6607:6608 BC_FREE_BUFFER u0000000000000000 no match binder: 6607:6608 got transaction to invalid handle binder: 6607:6608 transaction failed 29201/-22, size 0-32 line 3007 binder: release 6607:6608 transaction 63 out, still active binder: send failed reply for transaction 63, target dead audit: type=1400 audit(1513075526.234:38): avc: denied { create } for pid=6643 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 binder: 6668:6669 ioctl c0306201 202f7000 returned -14 binder_alloc: binder_alloc_mmap_handler: 6668 2011a000-2051a000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6668:6669 ioctl 40046207 0 returned -16 binder: 6668:6686 ioctl c0306201 202f7000 returned -14 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1513075526.684:39): avc: denied { write } for pid=6756 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode binder: 7116:7118 ioctl 40046205 0 returned -22 binder: 7116:7118 ERROR: BC_REGISTER_LOOPER called without request binder: 7116:7118 unknown command 1400526783 binder: 7116:7118 ioctl c0306201 20002fd0 returned -22 binder: 7116:7128 got reply transaction with bad transaction stack, transaction 74 has target 7116:7118 binder: 7116:7128 transaction failed 29201/-71, size 24-8 line 2938 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=33 sclass=netlink_tcpdiag_socket pig=7135 comm=syz-executor1 9pnet_virtio: no channels available for device ./file0 binder: 7116:7118 ioctl c018620b 20000fe8 returned -14 binder: release 7116:7118 transaction 74 in, still active binder: send failed reply for transaction 74 to 7116:7128 binder: 7116:7118 BC_FREE_BUFFER u0000000000000000 no match binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: 7116:7118 ioctl 40046205 6 returned -22 binder: 7116:7118 ioctl 40046205 0 returned -22 PF_BRIDGE: RTM_SETLINK with unknown ifindex device gre0 entered promiscuous mode binder: 7116:7118 ERROR: BC_REGISTER_LOOPER called without request binder: 7116:7128 unknown command 1400526783 binder: 7116:7128 ioctl c0306201 20002fd0 returned -22 binder: 7116:7128 got reply transaction with bad transaction stack, transaction 77 has target 7116:0 binder: 7116:7128 transaction failed 29201/-71, size 24-8 line 2938 binder: 7116:7128 ioctl c018620b 20000fe8 returned -14 binder: release 7116:7128 transaction 77 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 9pnet_virtio: no channels available for device ./file0 binder: send failed reply for transaction 77, target dead PF_BRIDGE: RTM_SETLINK with unknown ifindex FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7158 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c367f850 ffffffff81d90889 ffff8801c367fb30 0000000000000000 ffff8801a4cd0890 ffff8801c367fa20 ffff8801a4cd0780 ffff8801c367fa48 ffffffff8165e497 00000000000051b9 ffff8801d56a50f0 ffff8801d56a50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=33 sclass=netlink_tcpdiag_socket pig=7167 comm=syz-executor1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7158 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c367f850 ffffffff81d90889 ffff8801c367fb30 0000000000000000 ffff8801a6293310 ffff8801c367fa20 ffff8801a6293200 ffff8801c367fa48 ffffffff8165e497 00000000000051b9 ffff8801d56a50f0 ffff8801d56a50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Option ' SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65302 sclass=netlink_route_socket pig=7189 comm=syz-executor2 Option ' SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65302 sclass=netlink_route_socket pig=7189 comm=syz-executor2 TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder: 7326:7327 BC_ACQUIRE_DONE node 79 has no pending acquire request binder: 7326:7327 got reply transaction with no transaction stack binder: 7326:7327 transaction failed 29201/-71, size 48-40 line 2923 binder: BINDER_SET_CONTEXT_MGR already set nla_parse: 3 callbacks suppressed netlink: 17 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly device lo left promiscuous mode binder: 7326:7327 BC_ACQUIRE_DONE u0000000000000000 no match binder: 7326:7327 got reply transaction with no transaction stack binder: 7326:7327 transaction failed 29201/-71, size 48-40 line 2923 binder: 7326:7335 ioctl 40046207 0 returned -16 device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7492 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c4b278c0 ffffffff81d90889 ffff8801c4b27ba0 0000000000000000 ffff8801a4cd0410 ffff8801c4b27a90 ffff8801a4cd0300 ffff8801c4b27ab8 ffffffff8165e497 00000000000051b9 ffff8801d67f50f0 ffff8801d67f50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7478 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d659f830 ffffffff81d90889 ffff8801d659fb10 0000000000000000 ffff8801a4cd0410 ffff8801d659fa00 ffff8801a4cd0300 ffff8801d659fa28 ffffffff8165e497 00000000000051b9 ffff8801c953a0f0 ffff8801c953a0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedreceive ipc/mqueue.c:1092 [inline] [] SyS_mq_timedreceive+0xcd/0xdb0 ipc/mqueue.c:1077 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7469 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1e178c0 ffffffff81d90889 ffff8801d1e17ba0 0000000000000000 ffff8801a4cd0410 ffff8801d1e17a90 ffff8801a4cd0300 ffff8801d1e17ab8 ffffffff8165e497 00000000000051b9 ffff8801a90688f0 ffff8801a90688a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode CPU: 1 PID: 7455 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a60a7710 ffffffff81d90889 ffff8801a60a79f0 0000000000000000 ffff8801a4cd0410 ffff8801a60a78e0 ffff8801a4cd0300 ffff8801a60a7908 ffffffff8165e497 00000000000051b9 ffff8801d8cb68f0 ffff8801d8cb68a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075531.204:40): avc: denied { shutdown } for pid=7627 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. binder: 7682:7686 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 7682:7686 BC_INCREFS_DONE u000000002011a000 no match binder: 7682:7686 got transaction with invalid parent offset or type binder: 7682:7686 transaction failed 29201/-22, size 32-24 line 3253 binder: 7682:7701 got transaction with unaligned buffers size, 58534 binder: 7682:7701 transaction failed 29201/-22, size 0-40 line 3175 binder: BINDER_SET_CONTEXT_MGR already set audit: type=1400 audit(1513075531.424:41): avc: denied { getopt } for pid=7712 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder_alloc: binder_alloc_mmap_handler: 7682 2011a000-2051a000 already mapped failed -16 binder: 7682:7701 ioctl 40046207 0 returned -16 binder_alloc: 7682: binder_alloc_buf, no vma binder: 7682:7686 transaction failed 29189/-3, size 0-40 line 3130 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. device gre0 entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29201 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. IPVS: Creating netns size=2536 id=13 device lo entered promiscuous mode device lo left promiscuous mode pktgen: kernel_thread() failed for cpu 0 device lo entered promiscuous mode pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 device lo left promiscuous mode pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7972 comm=syz-executor5 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder: 8090:8093 ioctl 4b60 2000af3d returned -22 binder: 8090:8093 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 8090 20000000-20002000 already mapped failed -16 binder: 8090:8093 ioctl 4b60 2000af3d returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 8090:8100 ioctl 40046207 0 returned -16 binder: 8090:8100 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 8090: binder_alloc_buf, no vma binder: 8090:8112 transaction failed 29189/-3, size 0-0 line 3130 binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 88, process died. binder: undelivered TRANSACTION_ERROR: 29189 binder: 8146:8148 ERROR: BC_REGISTER_LOOPER called without request audit: type=1400 audit(1513075532.884:42): avc: denied { read } for pid=8125 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder_alloc: binder_alloc_mmap_handler: 8146 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 8146:8159 ioctl 40046207 0 returned -16 binder: 8146:8148 ERROR: BC_REGISTER_LOOPER called without request blk_update_request: I/O error, dev loop7, sector 0 Buffer I/O error on dev loop7, logical block 0, lost async page write blk_update_request: I/O error, dev loop7, sector 8 Buffer I/O error on dev loop7, logical block 1, lost async page write binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 94, process died. netlink: 18 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 18 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1513075533.134:43): avc: denied { getattr } for pid=8240 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. syz-executor0 (8285) used greatest stack depth: 24224 bytes left binder: 8321:8324 ioctl 40046205 0 returned -22 binder: 8321:8324 ERROR: BC_REGISTER_LOOPER called without request binder: 8321:8324 unknown command 1400526783 binder: 8321:8324 ioctl c0306201 20002fd0 returned -22 binder: 8321:8324 BC_FREE_BUFFER u0000000000000000 no match binder: 8321:8324 sending u0000000000000000 node 97, cookie mismatch 0000000000000004 != 0000000000000000 binder: 8321:8324 transaction failed 29201/-22, size 72-8 line 3209 binder: 8321:8324 ioctl c0306201 20005fd0 returned -14 binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: 8321:8324 BC_FREE_BUFFER u00000000ffffffff no match binder: undelivered TRANSACTION_COMPLETE binder: 8321:8324 ioctl 40046205 6 returned -22 binder: 8321:8335 ioctl 40046205 0 returned -22 binder: 8321:8335 ERROR: BC_REGISTER_LOOPER called without request binder: 8321:8335 ioctl c0306201 20008fd0 returned -11 binder_alloc: 8321: binder_alloc_buf, no vma binder: 8321:8324 transaction failed 29189/-3, size 0-0 line 3130 binder: 8321:8324 unknown command 1400526783 binder: 8321:8324 ioctl c0306201 20002fd0 returned -22 binder: 8321:8324 BC_FREE_BUFFER u0000000000000000 no match binder: 8321:8324 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 8321:8324 got transaction to invalid handle binder: 8321:8324 transaction failed 29201/-22, size 72-8 line 3007 binder: 8321:8324 ioctl c0306201 20005fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29189 binder: 8321:8335 BC_FREE_BUFFER u0000000000000000 no match loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) binder: undelivered transaction 99, process died. binder: undelivered TRANSACTION_ERROR: 29201 loop_reread_partitions: partition scan of loop0 () failed (rc=-13) syz-executor2 (8470): /proc/8467/oom_adj is deprecated, please use /proc/8467/oom_score_adj instead. audit: type=1400 audit(1513075534.624:44): avc: denied { execute } for pid=8546 comm="syz-executor5" path="pipe:[20303]" dev="pipefs" ino=20303 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 nla_parse: 1 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8591 comm=syz-executor7 device gre0 entered promiscuous mode audit: type=1400 audit(1513075534.874:45): avc: denied { create } for pid=8619 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=key permissive=1