IPVS: Creating netns size=2536 id=20 ===================================== [ BUG: bad unlock balance detected! ] 4.9.67-gf26d3c7 #106 Not tainted ------------------------------------- syz-executor7/14466 is trying to release lock ([ 104.740547] binder: BINDER_SET_CONTEXT_MGR already set binder: 14471:14472 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14471:14472 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14471:14472 ioctl 40046207 0 returned -16 mrt_lock) at: but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor7/14466: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:781 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 14466 Comm: syz-executor7 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1f878e8 ffffffff81d906e9 ffffffff849ae8f8 ffff8801d6cb3000 ffffffff834dec54 ffffffff849ae8f8 ffff8801d6cb3888 ffff8801d1f87918 ffffffff812353f4 dffffc0000000000 ffffffff849ae8f8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa83/0x1290 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 keychord: Insufficient bytes present for keycount 18 Tx-ring is not supported. keychord: Insufficient bytes present for keycount 18 Tx-ring is not supported. TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. sg_write: data in/out 901092476/192 bytes for SCSI command 0x1b-- guessing data in; program syz-executor7 not setting count and/or reply_len properly IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found binder: BINDER_SET_CONTEXT_MGR already set binder: 14697:14701 ioctl 40046207 0 returned -16 device gre0 entered promiscuous mode binder: 14760:14761 ioctl 40046205 0 returned -22 binder: 14760:14761 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 14773 20000000-20002000 already mapped failed -16 binder: 14760:14761 got transaction to invalid handle binder: 14760:14761 transaction failed 29201/-22, size 0-8 line 3007 binder: 14760:14761 ioctl c0306201 20005fd0 returned -14 binder: release 14760:14761 transaction 139 in, still active binder: send failed reply for transaction 139 to 14760:14777 binder: undelivered TRANSACTION_ERROR: 29201 binder: 14760:14761 BC_FREE_BUFFER u0000000000000000 no match binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 14760:14761 ioctl 40046205 6 returned -22 binder: 14760:14777 ioctl 40046205 0 returned -22 binder: 14760:14777 ERROR: BC_REGISTER_LOOPER called without request binder: 14760:14777 ioctl c0306201 20008fd0 returned -11 binder: 14760:14777 got transaction to invalid handle binder: 14760:14777 transaction failed 29201/-22, size 0-8 line 3007 binder: 14760:14761 BC_FREE_BUFFER u0000000000000000 no match binder: 14760:14761 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 14760:14761 got transaction to invalid handle binder: 14760:14761 transaction failed 29201/-22, size 72-8 line 3007 binder: 14760:14761 ioctl c0306201 20005fd0 returned -14 tmpfs: No value for mount option 'ij' device gre0 entered promiscuous mode binder: release 14760:14761 transaction 142 out, still active binder: undelivered TRANSACTION_COMPLETE tmpfs: No value for mount option 'ij' binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 142, target dead binder: 14808:14812 ERROR: BC_REGISTER_LOOPER called without request binder: 14808:14812 got transaction with invalid offsets ptr binder: 14808:14812 transaction failed 29201/-14, size 0-320 line 3158 device gre0 entered promiscuous mode binder: BINDER_SET_CONTEXT_MGR already set binder: 14808:14831 ioctl 40046207 0 returned -16 binder: 14808:14831 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 14808: binder_alloc_buf, no vma binder: 14808:14812 transaction failed 29189/-3, size 0-320 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=21 binder: 14951:14953 ioctl 40046205 d6 returned -22 binder_alloc: binder_alloc_mmap_handler: 14952 20000000-20002000 already mapped failed -16 binder: 14951:14953 ioctl c0306201 20001000 returned -14 binder: 14951:14953 got reply transaction with bad transaction stack, transaction 150 has target 14951:0 binder: 14951:14953 transaction failed 29201/-71, size 24-8 line 2938 binder: 14951:14953 ioctl c0306201 20005fd0 returned -14 binder: release 14951:14953 transaction 150 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: 14951:14953 BC_FREE_BUFFER u0000000000000000 no match binder: send failed reply for transaction 150, target dead binder: 14951:14969 ioctl 40046205 d6 returned -22 binder: 14951:14953 ioctl c0306201 20001000 returned -14 binder: 14951:14953 got reply transaction with no transaction stack binder: 14951:14953 transaction failed 29201/-71, size 24-8 line 2923 binder: 14951:14953 BC_FREE_BUFFER u0000000000000000 no match binder: release 14951:14969 transaction 153 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 14951:14953 got transaction with invalid offset (0, min 0 max 72) or object. binder: 14951:14953 transaction failed 29201/-22, size 72-8 line 3193 binder: 14951:14953 ioctl c0306201 20005fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 153, target dead netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 15015 Comm: syz-executor3 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a95ef850 ffffffff81d906e9 ffff8801a95efb30 0000000000000000 ffff8801a7597190 ffff8801a95efa20 ffff8801a7597080 ffff8801a95efa48 ffffffff8165e307 ffffffff838a9178 ffff8801a95ef9a0 00000001d9095067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. devpts: called with bogus options netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. devpts: called with bogus options CPU: 1 PID: 15032 Comm: syz-executor3 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb647670 ffffffff81d906e9 ffff8801cb647950 0000000000000000 ffff8801a7597190 ffff8801cb647840 ffff8801a7597080 ffff8801cb647868 ffffffff8165e307 ffff8801db3214a0 ffff8801cb6477c0 00000001d9095067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_pselect fs/select.c:688 [inline] [] SYSC_pselect6 fs/select.c:729 [inline] [] SyS_pselect6+0x2ae/0x550 fs/select.c:714 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. keychord: keycode 25638 out of range keychord: keycode 25638 out of range SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=15260 comm=syz-executor7 IPv6: Can't replace route, no match found SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=15282 comm=syz-executor7 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 15298 Comm: syz-executor6 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ca197830 ffffffff81d906e9 ffff8801ca197b10 0000000000000000 ffff8801a7596e90 ffff8801ca197a00 ffff8801a7596d80 ffff8801ca197a28 ffffffff8165e307 ffff8801db321400 ffff8801ca197980 00000001c63ad067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedreceive ipc/mqueue.c:1092 [inline] [] SyS_mq_timedreceive+0xcd/0xdb0 ipc/mqueue.c:1077 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Option ' Option ' 9pnet_virtio: no channels available for device ./file0 binder: 15425:15426 BC_REQUEST_DEATH_NOTIFICATION invalid ref 4 binder: 15425:15426 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 15425:15426 got reply transaction with bad transaction stack, transaction 158 has target 15425:0 binder: 15425:15426 transaction failed 29201/-71, size 48-56 line 2938 binder: 15425:15439 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 15425:15439 BC_FREE_BUFFER u0000000000000000 no match binder: tried to use weak ref as strong ref binder: 15425:15439 got transaction to invalid handle binder: 15425:15439 transaction failed 29201/-22, size 0-32 line 3007 binder_alloc: binder_alloc_mmap_handler: 15425 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 15425:15426 ioctl 40046207 0 returned -16 binder_alloc: 15425: binder_alloc_buf, no vma binder: 15425:15439 transaction failed 29189/-3, size 80-16 line 3130 binder: 15425:15426 BC_DEAD_BINDER_DONE 0000000000000002 not found binder: 15425:15426 BC_FREE_BUFFER u0000000000000000 no match binder: 15425:15426 got transaction to invalid handle binder: 15425:15426 transaction failed 29201/-22, size 0-32 line 3007 binder: release 15425:15426 transaction 158 out, still active netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. tc_ctl_action: received NO action attribs tc_ctl_action: received NO action attribs device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. binder: 15695:15699 ioctl 40046205 0 returned -22 binder: 15695:15699 ERROR: BC_REGISTER_LOOPER called without request binder: 15699 RLIMIT_NICE not set binder: 15695:15699 got transaction to invalid handle binder: 15695:15699 transaction failed 29201/-22, size 0-8 line 3007 binder: 15695:15699 ioctl c0306201 20005fd0 returned -14 binder: release 15695:15699 transaction 168 in, still active binder: send failed reply for transaction 168 to 15695:15718 binder: undelivered TRANSACTION_ERROR: 29201 binder: 15695:15699 BC_FREE_BUFFER u0000000000000000 no match binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 15695:15699 ioctl 40046205 6 returned -22 binder: 15695:15718 ioctl 40046205 0 returned -22 binder: 15695:15718 ERROR: BC_REGISTER_LOOPER called without request binder: 15695:15718 ioctl c0306201 20008fd0 returned -11 binder: 15695:15718 unknown command 0 binder: 15695:15718 ioctl c0306201 20002fd0 returned -22 binder: 15695:15718 got reply transaction with no transaction stack binder: 15695:15718 transaction failed 29201/-71, size 24-8 line 2923 binder: 15695:15699 BC_FREE_BUFFER u0000000000000000 no match binder: 15695:15699 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 15695:15699 got transaction to invalid handle binder: 15695:15699 transaction failed 29201/-22, size 72-8 line 3007 binder: 15695:15699 ioctl c0306201 20005fd0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 171 to 15695:15699 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable binder: 16013:16014 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 16013:16014 BC_INCREFS_DONE u000000002011a000 no match binder: 16013:16014 got transaction with invalid parent offset or type binder: 16013:16014 transaction failed 29201/-22, size 32-24 line 3253 binder: 16013:16014 got transaction with unaligned buffers size, 58534 binder: 16013:16014 transaction failed 29201/-22, size 0-40 line 3175 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable binder: 16013:16014 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 16013:16014 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 16013: binder_alloc_buf, no vma binder: 16013:16014 transaction failed 29189/-3, size 32-24 line 3130 binder_alloc: 16013: binder_alloc_buf, no vma binder: 16013:16029 transaction failed 29189/-3, size 0-40 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 16013:16018 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 16053 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a746f6c0[ 112.636432] FAULT_FLAG_ALLOW_RETRY missing 30 ffffffff81d906e9 ffff8801a746f9a0 0000000000000000 ffff8801d8521190 ffff8801a746f890 ffff8801d8521080 ffff8801a746f8b8 ffffffff8165e307 1ffff10034e8dedc ffff8801a746f810 000000019e1c0067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] process_vm_rw+0x1bf/0x210 mm/process_vm_access.c:280 [] SYSC_process_vm_writev mm/process_vm_access.c:307 [inline] [] SyS_process_vm_writev+0x47/0x60 mm/process_vm_access.c:302 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 16039 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf68f6b0 ffffffff81d906e9 ffff8801cf68f990 0000000000000000 ffff8801d8521190 ffff8801cf68f880 ffff8801d8521080 ffff8801cf68f8a8 ffffffff8165e307 0000000000000046 ffff8801cf68f800 000000019e1c0067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] inet_ioctl+0x117/0x1c0 net/ipv4/af_inet.c:908 [] sock_do_ioctl+0x65/0xb0 net/socket.c:892 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 16053 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a746f6c0 ffffffff81d906e9 ffff8801a746f9a0 0000000000000000 ffff8801a7596a10 ffff8801a746f890 ffff8801a7596900 ffff8801a746f8b8 ffffffff8165e307 1ffff10034e8dedc ffff8801a746f810 00000001a2529067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] process_vm_rw+0x1bf/0x210 mm/process_vm_access.c:280 [] SYSC_process_vm_writev mm/process_vm_access.c:307 [inline] [] SyS_process_vm_writev+0x47/0x60 mm/process_vm_access.c:302 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 16039 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf68f6b0 ffffffff81d906e9 ffff8801cf68f990 0000000000000000 ffff8801a7596a10 ffff8801cf68f880 ffff8801a7596900 ffff8801cf68f8a8 ffffffff8165e307 0000000000000046 ffff8801cf68f800 00000001a2529067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] inet_ioctl+0x117/0x1c0 net/ipv4/af_inet.c:908 [] sock_do_ioctl+0x65/0xb0 net/socket.c:892 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: length: 9 != 8 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 16132 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d5d278b0 ffffffff81d906e9 ffff8801d5d27b90 0000000000000000 ffff8801d8520d10 ffff8801d5d27a80 ffff8801d8520c00 ffff8801d5d27aa8 ffffffff8165e307 ffffffff815358fb ffff8801d5d27a00 00000001a40d6067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] seccomp_prepare_filter kernel/seccomp.c:373 [inline] [] seccomp_prepare_user_filter kernel/seccomp.c:408 [inline] [] seccomp_set_mode_filter kernel/seccomp.c:750 [inline] [] do_seccomp+0x632/0x1860 kernel/seccomp.c:800 [] SYSC_seccomp kernel/seccomp.c:809 [inline] [] SyS_seccomp+0x24/0x30 kernel/seccomp.c:806 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo left promiscuous mode rfkill: input handler disabled device lo entered promiscuous mode device lo left promiscuous mode rfkill: input handler enabled CPU: 0 PID: 16121 Comm: syz-executor1 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801da0ff9a0 ffffffff81d906e9 ffff8801da0ffc80 0000000000000000 ffff8801d8520d10 ffff8801da0ffb70 ffff8801d8520c00 ffff8801da0ffb98 ffffffff8165e307 0000000000000000 ffff8801da0ffaf0 00000001a40d6067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder: 16268:16269 ERROR: BC_REGISTER_LOOPER called without request binder: 16269 RLIMIT_NICE not set binder: 16268:16269 got transaction with invalid fd, -1 binder: 16268:16269 transaction failed 29201/-9, size 24-8 line 3235 binder: send failed reply for transaction 181 to 16268:16285 binder: BINDER_SET_CONTEXT_MGR already set binder: 16268:16285 ERROR: BC_REGISTER_LOOPER called without request binder: 16268:16269 ioctl 40046207 0 returned -16 binder_alloc: 16268: binder_alloc_buf, no vma binder: 16268:16285 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29190 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201