Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c219f870 ffffffff81d90889 ffff8801c219fb50 0000000000000000 ffff8801a6580590 ffff8801c219fa40[ 86.221671] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/12305 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 ffff8801a6580480 ffff8801c219fa68 ffffffff8165e497 0000000000005e64 ffff8801ced8d0f0 ffff8801ced8d0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2783 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1f82/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_getrandom drivers/char/random.c:1899 [inline] [] SyS_getrandom+0x165/0x2a0 drivers/char/random.c:1880 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 12305 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce4ff6d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801ce4b9800 0000000000000003 ffff8801ce4ff718 ffffffff81df7854 ffff8801ce4ff730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop4 (err=-5). binder: 12348:12351 unknown command 0 binder: 12348:12351 ioctl c0306201 2000a000 returned -22 binder: 12348:12351 BC_FREE_BUFFER u0000000000000000 no match binder: 12348:12351 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 12348:12360 ioctl 40046207 0 returned -16 binder: 12348:12351 unknown command 0 binder_alloc: 12348: binder_alloc_buf, no vma binder: 12348:12368 transaction failed 29189/-3, size 24-8 line 3130 binder: 12348:12351 ioctl c0306201 2000a000 returned -22 binder: undelivered transaction 143, process died. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready binder: 12424:12428 ioctl 8924 20002000 returned -22 binder: 12424:12428 ERROR: BC_REGISTER_LOOPER called without request binder: 12424:12428 ioctl 8924 20002000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 12424:12435 ioctl 40046207 0 returned -16 binder: 12424:12428 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 12424: binder_alloc_buf, no vma binder: 12424:12435 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12424:12428 transaction 147 in, still active binder: send failed reply for transaction 147 to 12424:12435 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=12443 comm=syz-executor7 binder: 12451:12452 ioctl 8924 20002000 returned -22 binder: 12451:12452 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 12451: binder_alloc_buf size 69515765096 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 12451:12460 transaction failed 29201/-28, size 69515765092-0 line 3130 binder: 12451:12470 ioctl 8924 20002000 returned -22 binder: 12451:12470 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 12451:12460 ioctl 40046207 0 returned -16 binder_alloc: 12451: binder_alloc_buf, no vma binder: 12451:12470 transaction failed 29189/-3, size 69515765092-0 line 3130 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=12468 comm=syz-executor7 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 qtaguid: iface_stat: create6(lo): no inet dev binder: 12524:12525 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12524:12525 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 12524: binder_alloc_buf size 72057594037986512 failed, no address space binder_alloc: allocated: 32 (num: 1 largest: 32), free: 4194272 (num: 1 largest: 4194272) binder: 12524:12525 transaction failed 29201/-28, size 0-40 line 3130 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=6 nlmsg_type=43381 sclass=netlink_xfrm_socket pig=12545 comm=syz-executor7 binder: BINDER_SET_CONTEXT_MGR already set binder: 12524:12547 ioctl 40046207 0 returned -16 binder_alloc: binder_alloc_mmap_handler: 12524 2011a000-2051a000 already mapped failed -16 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=43381 sclass=netlink_xfrm_socket pig=12545 comm=syz-executor7 binder: 12524:12547 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12524:12547 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 12524: binder_alloc_buf, no vma binder: 12524:12547 transaction failed 29189/-3, size 32-0 line 3130 binder_alloc: 12524: binder_alloc_buf, no vma binder: 12524:12547 transaction failed 29189/-3, size 0-40 line 3130 binder: release 12524:12525 transaction 153 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 153, target dead binder: 12600:12603 ioctl c0306201 20000fd0 returned -14 binder: 12600:12623 ioctl c0306201 20000fd0 returned -14 IPVS: Creating netns size=2536 id=19 device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads nla_parse: 9 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode keychord: invalid keycode count 0 device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready keychord: invalid keycode count 0 qtaguid: iface_stat: create6(lo): no inet dev netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode binder: 12913:12915 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 12913:12915 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 12913:12928 ioctl 40046207 0 returned -16 binder_alloc: 12913: binder_alloc_buf, no vma binder: 12913:12928 transaction failed 29189/-3, size 0-0 line 3130 binder: BINDER_SET_CONTEXT_MGR already set device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode binder: 12913:12928 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 12913:12928 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: 12913:12946 unknown command 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 12913:12928 ioctl 40046207 0 returned -16 binder_alloc: 12913: binder_alloc_buf, no vma binder: 12913:12954 transaction failed 29189/-3, size 0-0 line 3130 binder: 12913:12939 ioctl 40046207 0 returned -16 device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode binder: 12965:12967 got transaction with invalid number of fds (-4) binder: 12965:12967 transaction failed 29201/-22, size 72-32 line 3272 binder_alloc: binder_alloc_mmap_handler: 12965 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 12965:12967 ioctl 40046207 0 returned -16 binder_alloc: 12965: binder_alloc_buf, no vma binder: 12965:12967 transaction failed 29189/-3, size 72-32 line 3130 binder: 12913:12946 ioctl c0306201 20007000 returned -22 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 12982 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7fe7940 ffffffff81d90889 ffff8801c7fe7c20 0000000000000000 ffff8801a6581010 ffff8801c7fe7b10 ffff8801a6580f00 ffff8801c7fe7b38 ffffffff8165e497 0000000000005e64 ffff8801d92ee8f0 ffff8801d92ee8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. CPU: 1 PID: 12987 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a46f75d0 ffffffff81d90889 ffff8801a46f78b0 0000000000000000 ffff8801a6581010 ffff8801a46f77a0 ffff8801a6580f00 ffff8801a46f77c8 ffffffff8165e497 0000000000005e64 ffff8801a8af38f0 ffff8801a8af38a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. binder: 13330:13331 tried to acquire reference to desc 0, got 1 instead binder: BINDER_SET_CONTEXT_MGR already set binder: 13330:13331 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 13330:13335 ioctl 40046207 0 returned -16 keychord: unsupported version 0 keychord: unsupported version 0 keychord: Insufficient bytes present for keycount 30 keychord: Insufficient bytes present for keycount 30 binder: 13513:13518 ioctl 40046205 8 returned -22 binder: 13513:13525 transaction failed 29189/-22, size 80-16 line 3007 binder: binder_mmap: 13513 20476000-20479000 bad vm_flags failed -1 binder: 13513:13532 ioctl 40046205 8 returned -22 binder: 13513:13525 transaction failed 29189/-22, size 80-16 line 3007 device lo entered promiscuous mode binder: binder_mmap: 13513 20476000-20479000 bad vm_flags failed -1 device gre0 entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 device lo left promiscuous mode device lo entered promiscuous mode binder: 13703:13708 ioctl 54a2 0 returned -22 device gre0 entered promiscuous mode binder: 13703:13724 ioctl 400445a0 20006000 returned -22 binder: 13703:13724 ioctl 5423 20003000 returned -22 binder: release 13703:13724 transaction 173 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 13703:13724 ioctl 54a2 0 returned -22 binder: 13752:13754 ioctl 8924 20002000 returned -22 binder: 13752:13754 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 13752: binder_alloc_buf size 69515765096 failed, no address space binder_alloc: 13703: binder_alloc_buf, no vma binder: 13703:13753 transaction failed 29189/-3, size 0-0 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 13703:13744 ioctl 40046207 0 returned -16 binder: send failed reply for transaction 173, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 13752:13761 transaction failed 29201/-28, size 69515765092-0 line 3130 binder: 13752:13765 ioctl 8924 20002000 returned -22 binder: 13752:13765 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 13752:13761 ioctl 40046207 0 returned -16 binder: 13779:13781 transaction failed 29189/-22, size 80-16 line 3007 binder_alloc: 13752: binder_alloc_buf, no vma binder: 13752:13787 transaction failed 29189/-3, size 69515765092-0 line 3130 IPv6: Can't replace route, no match found binder: 13779:13781 transaction failed 29189/-22, size 80-16 line 3007 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 IPv6: Can't replace route, no match found binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 nla_parse: 8 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 13981 Comm: syz-executor4 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. ffff8801c4327940 ffffffff81d90889 ffff8801c4327c20 0000000000000000 ffff8801a6581c10 ffff8801c4327b10 ffff8801a6581b00 ffff8801c4327b38 ffffffff8165e497 0000000000005e64 ffff8801a64f88f0 ffff8801a64f88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 13981 Comm: syz-executor4 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c4327940 ffffffff81d90889 ffff8801c4327c20 0000000000000000 ffff8801a6581790 ffff8801c4327b10 ffff8801a6581680 ffff8801c4327b38 ffffffff8165e497 0000000000005e64 ffff8801a64f88f0 ffff8801a64f88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075670.730:54): avc: denied { connect } for pid=14057 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1513075670.770:55): avc: denied { getattr } for pid=14064 comm="syz-executor4" path="socket:[31357]" dev="sockfs" ino=31357 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 device gre0 entered promiscuous mode 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H binder: 14156:14162 ioctl 40046205 6 returned -22 binder: 14156:14162 ioctl 40046205 0 returned -22 binder: 14156:14162 ERROR: BC_REGISTER_LOOPER called without request binder: 14156:14162 ioctl c0306201 20008fd0 returned -14 binder: 14156:14162 unknown command 1400526783 binder: 14156:14162 ioctl c0306201 20002fd0 returned -22 binder: 14156:14162 got reply transaction with bad transaction stack, transaction 185 has target 14156:0 binder: 14156:14162 transaction failed 29201/-71, size 24-8 line 2938 binder: 14156:14185 BC_FREE_BUFFER u0000000000000000 no match binder: 14156:14185 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 14156:14185 got transaction to invalid handle binder: 14156:14185 transaction failed 29201/-22, size 72-8 line 3007 binder: 14156:14185 ioctl c0306201 20005fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: 14156:14193 ioctl 40046205 6 returned -22 binder: 14156:14193 ioctl 40046205 0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 14156:14185 ioctl 40046207 0 returned -16 binder: 14156:14185 ERROR: BC_REGISTER_LOOPER called without request binder: 14156:14185 Release 1 refcount change on invalid ref 4 ret -22 binder: 14156:14185 got transaction to invalid handle binder: 14156:14185 transaction failed 29201/-22, size 0-16 line 3007 binder_alloc: 14156: binder_alloc_buf, no vma binder: 14156:14193 transaction failed 29189/-3, size 0-0 line 3130 binder: 14156:14193 unknown command 0 binder: 14156:14193 ioctl c0306201 20002fd0 returned -22 binder: 14156:14185 BC_FREE_BUFFER u0000000000000000 no match binder: 14156:14185 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 14156:14185 got transaction to invalid handle binder: 14156:14185 transaction failed 29201/-22, size 72-8 line 3007 binder: 14156:14185 ioctl c0306201 20005fd0 returned -14 IPVS: Creating netns size=2536 id=20 netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'. binder: undelivered TRANSACTION_ERROR: 29201 binder: release 14156:14162 transaction 185 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 device gre0 entered promiscuous mode binder: send failed reply for transaction 185, target dead binder: undelivered TRANSACTION_ERROR: 29189 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=21