BUG: Bad rss-counter state mm:000000003acce1a4 idx:0 val:10 QAT: Invalid ioctl QAT: Invalid ioctl BUG: Bad rss-counter state mm:00000000d04b32ac idx:0 val:10 binder: BINDER_SET_CONTEXT_MGR already set binder: 10961:10977 ioctl 40046207 0 returned -16 binder_alloc: 10961: binder_alloc_buf, no vma binder: 10961:10977 transaction failed 29189/-3, size 0-0 line 2947 binder: 10989:10996 unknown command 0 binder: 10989:10996 ioctl c0306201 2000a000 returned -22 binder: release 10961:10971 transaction 64 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 64, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder: BINDER_SET_CONTEXT_MGR already set binder: 10989:10996 ioctl 40046207 0 returned -16 binder: 10989:11003 unknown command 0 binder: 10989:11003 ioctl c0306201 2000a000 returned -22 kauditd_printk_skb: 144 callbacks suppressed audit: type=1326 audit(1513695554.366:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.366:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.373:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=115 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.374:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.374:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.423:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=283 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.423:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.423:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.424:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695554.424:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11066 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 netlink: 'syz-executor6': attribute type 3 has an invalid length. binder: 11264:11265 ERROR: BC_REGISTER_LOOPER called without request binder: 11265 RLIMIT_NICE not set binder: 11265 RLIMIT_NICE not set binder: 11265 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 11264:11269 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 71, process died. device gre0 entered promiscuous mode netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor1': attribute type 4 has an invalid length. netlink: 'syz-executor1': attribute type 4 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. : renamed from syz6 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable encrypted_key: insufficient parameters specified FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 12009 Comm: syz-executor3 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x1e5/0x220 lib/fault-inject.c:149 should_failslab+0x73/0x90 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3293 [inline] kmem_cache_alloc_node+0x56/0x730 mm/slab.c:3636 __alloc_skb+0x61/0x220 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline] netlink_sendmsg+0x37e/0x470 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0x51/0x70 net/socket.c:646 sock_write_iter+0xa4/0x100 net/socket.c:915 call_write_iter include/linux/fs.h:1776 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x15b/0x1e0 fs/read_write.c:482 vfs_write+0xf0/0x230 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0x57/0xd0 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f79f7ed6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f79f7ed6aa0 RCX: 0000000000452a09 RDX: 0000000000000026 RSI: 0000000020febfda RDI: 0000000000000013 RBP: 00007f79f7ed6a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb R13: 00007f79f7ed6bc8 R14: 00000000004b75bb R15: 0000000000000000 BUG: Bad rss-counter state mm:00000000789e80f4 idx:0 val:10 netlink: 11 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12169 comm=syz-executor4 netlink: 6 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor1'. device gre0 entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor1'. binder: 12342 RLIMIT_NICE not set binder: 12342 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 12340:12358 ioctl 40046207 0 returned -16 binder: 12358 RLIMIT_NICE not set binder_alloc: 12340: binder_alloc_buf, no vma binder: 12340:12342 transaction failed 29189/-3, size 0-0 line 2947 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12340:12342 transaction 73 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 12340:12342 transaction 74 out, still active binder: release 12340:12342 transaction 73 in, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 74, target dead binder: send failed reply for transaction 73, target dead netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 25 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 25 bytes leftover after parsing attributes in process `syz-executor7'. validate_nla: 26 callbacks suppressed netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. netlink: 'syz-executor3': attribute type 16 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=12773 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=12773 comm=syz-executor0 netlink: 6 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 'syz-executor3': attribute type 16 has an invalid length. device syz6 entered promiscuous mode sock: process `syz-executor6' is using obsolete getsockopt SO_BSDCOMPAT binder: BINDER_SET_CONTEXT_MGR already set binder: 13004:13016 ioctl 40046207 0 returned -16 binder: 13085:13089 ioctl 80404506 2095bf7c returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 13085:13100 ioctl 80404506 2095bf7c returned -22 binder: 13085:13089 ioctl 40046207 0 returned -16 kauditd_printk_skb: 125 callbacks suppressed audit: type=1400 audit(1513695559.542:1101): avc: denied { map } for pid=13114 comm="syz-executor1" path="/dev/sg0" dev="devtmpfs" ino=1051 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file permissive=1 device gre0 entered promiscuous mode audit: type=1326 audit(1513695560.387:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.422:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=319 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.425:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.425:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.427:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.427:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.427:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.428:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=251 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513695560.428:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13251 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 BUG: Bad rss-counter state mm:00000000303b8fa2 idx:1 val:3 binder: 13350:13377 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 13471:13480 got transaction to invalid handle binder: 13471:13480 transaction failed 29201/-22, size 24-16 line 2832 binder: 13471:13480 got reply transaction with bad transaction stack, transaction 84 has target 13471:0 binder: 13471:13480 transaction failed 29201/-71, size 24-8 line 2762 binder: 13500:13501 ioctl 40046205 3fffff returned -22 binder: 13500:13501 transaction failed 29189/-22, size 0-8 line 2832 binder: 13471:13498 BC_DEAD_BINDER_DONE 0000000000000001 not found binder: 13471:13498 BC_FREE_BUFFER u0000000020693000 matched unreturned buffer binder: 13471:13498 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 13471:13498 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: release 13471:13480 transaction 84 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 84, target dead binder: 13471:13480 got transaction to invalid handle binder: 13471:13480 transaction failed 29201/-22, size 24-16 line 2832 binder_alloc: 13471: binder_alloc_buf, no vma binder: 13471:13498 transaction failed 29189/-3, size 0-0 line 2947 binder: 13471:13480 BC_DEAD_BINDER_DONE 0000000000000001 not found binder: 13471:13480 BC_FREE_BUFFER u0000000020693000 no match binder: 13471:13480 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 13471:13480 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 13500:13528 transaction failed 29189/-22, size 0-8 line 2832 binder: 13500:13523 ioctl 40046205 3fffff returned -22 binder: undelivered TRANSACTION_ERROR: 29189 device lo left promiscuous mode A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. QAT: Device 0 not found QAT: Device 0 not found device eql entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=13778 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=13778 comm=syz-executor5 RDS: rds_bind could not find a transport for 172.20.1.187, load rds_tcp or rds_rdma? binder: 13966 RLIMIT_NICE not set binder: 13966 RLIMIT_NICE not set binder: 13966 RLIMIT_NICE not set binder_alloc: 13961: binder_alloc_buf size 527864 failed, no address space RDS: rds_bind could not find a transport for 172.20.1.187, load rds_tcp or rds_rdma? binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 2 largest: 4080) binder: 13961:13966 transaction failed 29201/-28, size 0-0 line 2947 binder: 13987 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 13961:13966 ioctl 40046207 0 returned -16 binder_alloc: 13961: binder_alloc_buf, no vma binder: 13961:13993 transaction failed 29189/-3, size 0-0 line 2947 binder: 13961:13966 got reply transaction with no transaction stack binder: 13961:13966 transaction failed 29201/-71, size 0-0 line 2747 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 93, process died. binder: 13998:14004 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 13998:14004 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 13998:14004 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 13998:14031 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 syz7: Invalid MTU 930773363 requested, hw max 65535 syz7: Invalid MTU 930773363 requested, hw max 65535 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=14249 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=14257 comm=syz-executor3