BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/4867 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 4867 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a65bf6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801a65c3000 0000000000000003 ffff8801a65bf718 ffffffff81df7854 ffff8801a65bf730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode binder: 5001:5021 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 5001:5021 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 5001: binder_alloc_buf size 72057594037986512 failed, no address space binder_alloc: allocated: 32 (num: 1 largest: 32), free: 4194272 (num: 1 largest: 4194272) binder: 5001:5007 transaction failed 29201/-28, size 0-40 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 5001:5021 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 5001:5021 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 5001:5021 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 5001: binder_alloc_buf, no vma binder: 5001:5021 transaction failed 29189/-3, size 32-0 line 3130 binder_alloc: 5001: binder_alloc_buf, no vma binder: 5001:5007 transaction failed 29189/-3, size 0-40 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5001:5021 transaction 15 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 15, target dead binder: 5051:5069 ioctl 40046207 0 returned -16 binder: 5115:5118 ioctl 8918 20ad9000 returned -22 binder: 5115:5118 ioctl 8924 20002000 returned -22 binder: 5115:5118 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 5115 20000000-20002000 already mapped failed -16 binder: 5115:5149 ioctl 8918 20ad9000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 5115:5118 ioctl 8924 20002000 returned -22 binder: 5115:5118 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 5115: binder_alloc_buf, no vma binder: 5115:5174 transaction failed 29189/-3, size 0-0 line 3130 binder: 5115:5149 ioctl 40046207 0 returned -16 binder: release 5115:5149 transaction 21 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5115:5118 transaction 21 in, still active binder: send failed reply for transaction 21, target dead audit: type=1400 audit(1513074387.230:32): avc: denied { bind } for pid=5196 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 nla_parse: 9 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. binder: 5352:5355 BC_FREE_BUFFER u0000000000000000 no match netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. binder: 5346:5359 ERROR: BC_REGISTER_LOOPER called without request binder: 5346:5359 ioctl c0306201 20008fd0 returned -11 binder: BINDER_SET_CONTEXT_MGR already set binder: 5346:5359 ioctl 40046207 0 returned -16 binder: 5346:5359 ERROR: BC_REGISTER_LOOPER called without request binder: 5346:5359 ioctl c0306201 20008fd0 returned -11 binder_alloc: 5346: binder_alloc_buf, no vma binder: 5346:5370 transaction failed 29189/-3, size 0-0 line 3130 netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. binder: 5352:5371 BC_FREE_BUFFER u0000000000000000 no match device gre0 entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5346:5359 transaction 24 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 24, target dead FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5377 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7faf850 ffffffff81d90889 ffff8801c7fafb30 0000000000000000 ffff8801a30d2110 ffff8801c7fafa20 ffff8801a30d2000 ffff8801c7fafa48 ffffffff8165e497 0000000000005e64 ffff8801d08a50f0 ffff8801d08a50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:284 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5357 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c31378e0 ffffffff81d90889 ffff8801c3137bc0 0000000000000000 ffff8801a30d2110 ffff8801c3137ab0 ffff8801a30d2000 ffff8801c3137ad8 ffffffff8165e497 0000000000005e64 ffff8801c28e20f0 ffff8801c28e20a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_tgsigqueueinfo+0x2c/0x40 kernel/signal.c:3008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5387 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d84bf850 ffffffff81d90889 ffff8801d84bfb30 0000000000000000 ffff8801d8d98290 ffff8801d84bfa20 ffff8801d8d98180 ffff8801d84bfa48 ffffffff8165e497 0000000000005e64 ffff8801d569e8f0 ffff8801d569e8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:284 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5377 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7faf8e0 ffffffff81d90889 ffff8801c7fafbc0 0000000000000000 ffff8801d8d98290 ffff8801c7fafab0 ffff8801d8d98180 ffff8801c7fafad8 ffffffff8165e497 0000000000005e64 ffff8801d08a50f0 ffff8801d08a50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_tgsigqueueinfo+0x2c/0x40 kernel/signal.c:3008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513074388.710:33): avc: denied { create } for pid=5422 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 binder: 5421:5439 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 5421:5439 got transaction to invalid handle binder: 5421:5439 transaction failed 29201/-22, size 24-16 line 3007 binder: 5421:5443 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 5421:5439 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 5421:5443 Release 1 refcount change on invalid ref 0 ret -22 binder: 5421:5443 got transaction to invalid handle keychord: invalid keycode count 0 binder: 5421:5443 transaction failed 29201/-22, size 24-16 line 3007 keychord: invalid keycode count 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 5475:5480 ioctl 40046207 0 returned -16 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder: 5564:5569 IncRefs 0 refcount change on invalid ref 2 ret -22 binder: 5564:5569 Acquire 1 refcount change on invalid ref 4 ret -22 binder: 5564:5569 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 5564:5569 unknown command 0 binder: 5564:5569 ioctl c0306201 20000fd0 returned -22 device lo entered promiscuous mode device lo left promiscuous mode binder: 5564:5579 unknown command 0 binder: 5564:5579 ioctl c0306201 20000fd0 returned -22 device syz0 entered promiscuous mode device ±BÞÓ*mqÐx”o‡3{© entered promiscuous mode device ±BÞÓ*mqÐx”o‡3{© left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pig=5896 comm=syz-executor6 binder_alloc: binder_alloc_mmap_handler: 5881 2011a000-2051a000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 5881:5883 ioctl 40046207 0 returned -16 device ±BÞÓ*mqÐx”o‡3{© entered promiscuous mode device ±BÞÓ*mqÐx”o‡3{© left promiscuous mode device gre0 entered promiscuous mode binder: 5936:5941 ioctl 40046205 6 returned -22 binder: 5936:5941 ioctl 40046205 0 returned -22 binder: 5936:5941 ERROR: BC_REGISTER_LOOPER called without request binder: 5936:5941 ioctl c0306201 20008fd0 returned -14 binder: 5936:5941 unknown command 1400526783 binder: 5936:5941 ioctl c0306201 20002fd0 returned -22 binder: 5936:5941 got reply transaction with bad transaction stack, transaction 37 has target 5936:0 binder: 5936:5941 transaction failed 29201/-71, size 24-8 line 2938 binder: 5936:5941 BC_FREE_BUFFER u0000000000000000 no match binder: 5936:5941 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 5936:5941 got transaction to invalid handle binder: 5936:5941 transaction failed 29201/-22, size 72-8 line 3007 binder: 5936:5941 ioctl c0306201 20005fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: release 5936:5941 transaction 37 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pig=5878 comm=syz-executor6 binder: 5936:5943 ioctl 40046205 6 returned -22 binder: 5936:5943 ioctl 40046205 0 returned -22 binder_alloc: binder_alloc_mmap_handler: 5936 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 5936:5941 ioctl 40046207 0 returned -16 binder: 5936:5941 ERROR: BC_REGISTER_LOOPER called without request binder: 5936:5941 Release 1 refcount change on invalid ref 4 ret -22 binder: 5936:5941 got transaction to invalid handle binder: 5936:5941 transaction failed 29201/-22, size 0-16 line 3007 binder_alloc: 5936: binder_alloc_buf, no vma binder: 5936:5943 transaction failed 29189/-3, size 0-0 line 3130 binder: 5936:5943 unknown command 0 binder: 5936:5943 ioctl c0306201 20002fd0 returned -22 binder: 5936:5941 BC_FREE_BUFFER u0000000000000000 no match binder: 5936:5941 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 5936:5941 got transaction to invalid handle binder: 5936:5941 transaction failed 29201/-22, size 72-8 line 3007 binder: 5936:5941 ioctl c0306201 20005fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 37, target dead netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. device gre0 left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode IPv6: Can't replace route, no match found device gre0 entered promiscuous mode device gre0 left promiscuous mode capability: warning: `syz-executor6' uses deprecated v2 capabilities in a way that may be insecure audit_printk_skb: 3 callbacks suppressed audit: type=1400 audit(1513074392.290:35): avc: denied { dyntransition } for pid=6268 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 devpts: called with bogus options device gre0 entered promiscuous mode devpts: called with bogus options SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=6351 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6365 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=6365 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=6351 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6389 comm=syz-executor0 nla_parse: 5 callbacks suppressed netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=6365 comm=syz-executor0 netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. binder: 6423:6426 ERROR: BC_REGISTER_LOOPER called without request binder: 6423:6433 ERROR: BC_REGISTER_LOOPER called without request binder: 6452:6453 ERROR: BC_REGISTER_LOOPER called without request binder: 6452:6469 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 6452:6453 ioctl c0306201 20008fd0 returned -11 audit: type=1401 audit(1513074392.920:36): op=fscreate invalid_context=4BFD47B101D80F8868521C006880B4B40193D11A2C285A8CD74C4C6B29ED4660402EE07ED439DD00EAE20E31FC3533E433A5882E1ACAF06072AFFD8139431562275249A8F926E06CFC9D57E80AC57CEA2C44AFAA486E022F6D17FC9BE5568184CE722E7767FACA5524E9A57EC8254BCC2852766D6F47C18285090C96B2EE1D8837F3531BE71641F6AD2F71FC02376D79CD9BE20523060A083F2907A8FBD7D8310128330BD16C37F810736A9CC26F8E898CC5897BC673BCB3A7B37E99C9ACBA22D63C8A03B6C1E1AF80654EC948B4B484964CF79BBA86FAB7A48B4318DBAE3E0F05EEA5CC76D48EE1A9644BBFA8B6AC1114C243DAD6428CED8B83423E66CBC0F44FFE6611105F6AFD6BDB157D85E9C73164CA53D9DFC34720131DEDF5C3181BE27CCF733E821D288E4B265085B80AA74062F6D37AAF04F2FDC0C58E556B3CC3C9743B58172B095D6DA4AC0076D8FBF83FE41D8EF5ACCD72520B542A618848B515E6F35009CF16779BA1B4580DD347BB8D2A4E15116805788B649EF834E24BF9A5A8C9DFB1778324167FDD8AEABDD0D00548D9D18B5BC634AA46A6A28F3374BDE31152A85100F5046216F5CCF51E3124D0885DD257EF1078DF20553F414181FC44F5D97B3D53CE95B5FF908F binder: 6452:6469 got reply transaction with no transaction stack binder: 6452:6469 transaction failed 29201/-71, size 48-16 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 6452:6453 ioctl 40046207 0 returned -16 binder: 6452:6469 ERROR: BC_REGISTER_LOOPER called without request binder: 6452:6469 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 6452:6469 got reply transaction with no transaction stack binder: 6452:6469 transaction failed 29201/-71, size 48-16 line 2923 audit: type=1400 audit(1513074393.180:37): avc: denied { read } for pid=6495 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device lo entered promiscuous mode IPv6: Can't replace route, no match found device gre0 entered promiscuous mode BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/6798 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6798 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf5076d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801a70bc800 0000000000000003 ffff8801cf507718 ffffffff81df7854 ffff8801cf507730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1400 audit(1513074394.480:38): avc: denied { create } for pid=6869 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. TCP: request_sock_TCPv6: Possible SYN flooding on port 20026. Sending cookies. Check SNMP counters. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode tc_ctl_action: received NO action attribs tc_ctl_action: received NO action attribs audit: type=1400 audit(1513074395.020:39): avc: denied { setpcap } for pid=7029 comm="syz-executor6" capability=8 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1513074395.090:40): avc: denied { getattr } for pid=7032 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode