device lo entered promiscuous mode BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor2/7234 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 7234 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d6e1f6d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801cbbdb000 0000000000000003 ffff8801d6e1f718 ffffffff81df7854 ffff8801d6e1f730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075259.265:39): avc: denied { accept } for pid=7259 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7454 Comm: syz-executor3 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cafa76c0 ffffffff81d90889 ffff8801cafa79a0 0000000000000000 ffff8801a6d0a890 ffff8801cafa7890 ffff8801a6d0a780 ffff8801cafa78b8 ffffffff8165e497 0000000000005e64 ffff8801a692e8f0 ffff8801a692e8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] sock_do_ioctl+0x94/0xb0 net/socket.c:899 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 7506:7510 ioctl 400445a0 20006000 returned -22 binder: 7506:7510 ioctl 5423 20003000 returned -22 binder: 7506:7510 got transaction with invalid offsets ptr binder: 7506:7510 transaction failed 29201/-14, size 0-4095 line 3158 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 7506:7510 ioctl 40046207 0 returned -16 binder_alloc: 7506: binder_alloc_buf, no vma binder: 7506:7512 transaction failed 29189/-3, size 0-4095 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 FAULT_FLAG_ALLOW_RETRY missing 31 CPU: 0 PID: 7517 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a463f870 ffffffff81d90889 ffff8801a463fb50 0000000000000000 ffff8801a6d0a410 ffff8801a463fa40 ffff8801a6d0a300 ffff8801a463fa68 ffffffff8165e497 0000000000005e64 ffff8801d0f168f0 ffff8801d0f168a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2783 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1f82/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_getrandom drivers/char/random.c:1899 [inline] [] SyS_getrandom+0x165/0x2a0 drivers/char/random.c:1880 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 13 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor1'. FAULT_FLAG_ALLOW_RETRY missing 31 CPU: 1 PID: 7517 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a463f870 ffffffff81d90889 ffff8801a463fb50 0000000000000000 ffff8801cad86e90 ffff8801a463fa40 ffff8801cad86d80 ffff8801a463fa68 ffffffff8165e497 0000000000005e64 ffff8801d0f168f0 ffff8801d0f168a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2783 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1f82/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_getrandom drivers/char/random.c:1899 [inline] [] SyS_getrandom+0x165/0x2a0 drivers/char/random.c:1880 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. binder: 7704:7707 BC_DEAD_BINDER_DONE fffffffffffffffd not found binder: 7704:7707 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 7704:7721 BC_DEAD_BINDER_DONE fffffffffffffffd not found binder: 7704:7721 BC_ACQUIRE_DONE uffffffffffffffff no match binder: BINDER_SET_CONTEXT_MGR already set binder: 7704:7721 ioctl 40046207 0 returned -16 netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7745 comm=syz-executor1 sock: sock_set_timeout: `syz-executor4' (pid 7774) tries to set negative timeout sg_write: data in/out 327644/32 bytes for SCSI command 0x4-- guessing data in; program syz-executor0 not setting count and/or reply_len properly sock: sock_set_timeout: `syz-executor4' (pid 7774) tries to set negative timeout binder_alloc: 7870: binder_alloc_buf, no vma binder: 7870:7874 transaction failed 29189/-3, size 80-16 line 3130 device gre0 entered promiscuous mode binder_alloc: binder_alloc_mmap_handler: 7870 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 7870:7874 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29189 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7938 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a44079a0 ffffffff81d90889 ffff8801a4407c80 0000000000000000 ffff8801a54d4410 ffff8801a4407b70 ffff8801a54d4300 ffff8801a4407b98 ffffffff8165e497 0000000000005e64 ffff8801a40f88f0 ffff8801a40f88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=7949 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7949 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=7949 comm=syz-executor5 tty_warn_deprecated_flags: 'syz-executor7' is using deprecated serial flags (with no effect): 00008000 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=7949 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7959 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=7949 comm=syz-executor5 device gre0 entered promiscuous mode tty_warn_deprecated_flags: 'syz-executor7' is using deprecated serial flags (with no effect): 00008000 CPU: 1 PID: 7930 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c5a3f8a0 ffffffff81d90889 ffff8801c5a3fb80 0000000000000000 ffff8801a54d4410 ffff8801c5a3fa70 ffff8801a54d4300 ffff8801c5a3fa98 ffffffff8165e497 0000000000005e64 ffff8801c69a88f0 ffff8801c69a88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513075262.725:40): avc: denied { execute } for pid=8018 comm="syz-executor2" path="pipe:[19814]" dev="pipefs" ino=19814 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 binder: 8209:8215 got transaction with invalid parent offset binder: 8209:8215 transaction failed 29201/-22, size 80-32 line 3315 binder: BINDER_SET_CONTEXT_MGR already set binder: 8209:8229 ioctl 40046207 0 returned -16 binder_alloc: 8209: binder_alloc_buf, no vma binder: 8209:8215 transaction failed 29189/-3, size 80-32 line 3130 IPVS: Creating netns size=2536 id=14 device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=8291 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=8291 comm=syz-executor5 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/8318 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 8318 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c60cf6d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801d6c64800 0000000000000003 ffff8801c60cf718 ffffffff81df7854 ffff8801c60cf730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 sock: process `syz-executor1' is using obsolete setsockopt SO_BSDCOMPAT audit: type=1400 audit(1513075265.235:41): avc: denied { create } for pid=8493 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 binder: 8521:8524 ioctl 40046205 a returned -22 binder: 8521:8541 ioctl 40046205 0 returned -22 binder: 8521:8541 ERROR: BC_REGISTER_LOOPER called without request binder: 8521:8541 ioctl c0306201 20008fd0 returned -11 nla_parse: 6 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. binder: 8521:8541 unknown command 0 binder: 8521:8541 ioctl c0306201 20002fd0 returned -22 binder: 8521:8532 BC_FREE_BUFFER u0000000000000000 no match binder: 8521:8532 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: 8521:8532 got transaction to invalid handle binder: 8521:8532 transaction failed 29201/-22, size 72-8 line 3007 binder: 8521:8532 ioctl c0306201 20005fd0 returned -14 device lo entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route binder: release 8521:8532 transaction 88 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. binder: send failed reply for transaction 88, target dead netlink: 21 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1400 audit(1513075265.625:42): avc: denied { setattr } for pid=8598 comm="syz-executor1" name="loginuid" dev="proc" ino=20911 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1 devpts: called with bogus options netlink: 21 bytes leftover after parsing attributes in process `syz-executor5'. devpts: called with bogus options BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor1/8660 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 8660 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d85e76d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801d6264800 0000000000000003 ffff8801d85e7718 ffffffff81df7854 ffff8801d85e7730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8682 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cdf8f870 ffffffff81d90889 ffff8801cdf8fb50 0000000000000000 ffff8801a6d0bf10 ffff8801cdf8fa40 ffff8801a6d0be00 ffff8801cdf8fa68 ffffffff8165e497 0000000000005e64 ffff8801d80738f0 ffff8801d80738a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedsend ipc/mqueue.c:973 [inline] [] SyS_mq_timedsend+0xe6/0xa80 ipc/mqueue.c:956 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. CPU: 0 PID: 8690 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c5faf9a0 ffffffff81d90889 ffff8801c5fafc80 0000000000000000 ffff8801a6d0bf10 ffff8801c5fafb70 ffff8801a6d0be00 ffff8801c5fafb98 ffffffff8165e497 0000000000005e64 ffff8801c3ed68f0 ffff8801c3ed68a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8682 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cdf8f870 ffffffff81d90889 ffff8801cdf8fb50 0000000000000000 ffff8801a54d4a10 ffff8801cdf8fa40 ffff8801a54d4900 ffff8801cdf8fa68 ffffffff8165e497 0000000000005e64 ffff8801d80738f0 ffff8801d80738a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedsend ipc/mqueue.c:973 [inline] [] SyS_mq_timedsend+0xe6/0xa80 ipc/mqueue.c:956 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8682 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cdf8f840 ffffffff81d90889 ffff8801cdf8fb20 0000000000000000 ffff8801a54d4a10 ffff8801cdf8fa10 ffff8801a54d4900 ffff8801cdf8fa38 ffffffff8165e497 0000000000005e64 ffff8801d80738f0 ffff8801d80738a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] copy_from_user arch/x86/include/asm/uaccess.h:702 [inline] [] prepare_timeout+0x45/0x140 ipc/mqueue.c:669 [] SYSC_mq_timedsend ipc/mqueue.c:973 [inline] [] SyS_mq_timedsend+0xe6/0xa80 ipc/mqueue.c:956 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 8690 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c5faf9a0 ffffffff81d90889 ffff8801c5fafc80 0000000000000000 ffff8801a54d4a10 ffff8801c5fafb70 ffff8801a54d4900 ffff8801c5fafb98 ffffffff8165e497 0000000000005e64 ffff8801c3ed68f0 ffff8801c3ed68a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8886 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9b9f8e0 ffffffff81d90889 ffff8801d9b9fbc0 0000000000000000 ffff8801a6d0bd90 ffff8801d9b9fab0 ffff8801a6d0bc80 ffff8801d9b9fad8 ffffffff8165e497 0000000000005e64 ffff8801d22638f0 ffff8801d22638a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 device gre0 entered promiscuous mode [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo left promiscuous mode device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder: 9175:9176 ERROR: BC_REGISTER_LOOPER called without request binder: 9175:9176 got transaction with invalid fd, -1 binder: 9175:9176 transaction failed 29201/-9, size 24-8 line 3235 binder: send failed reply for transaction 92 to 9175:9190 PF_BRIDGE: RTM_SETLINK with unknown ifindex binder_alloc: binder_alloc_mmap_handler: 9175 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 9175:9190 ERROR: BC_REGISTER_LOOPER called without request binder: 9175:9203 got reply transaction with no transaction stack binder: 9175:9203 transaction failed 29201/-71, size 24-8 line 2923 binder: 9175:9176 ioctl 40046207 0 returned -16 binder_alloc: 9175: binder_alloc_buf, no vma binder: 9175:9190 transaction failed 29189/-3, size 0-0 line 3130 PF_BRIDGE: RTM_SETLINK with unknown ifindex binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29190 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201