BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/19889 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 19889 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 binder: 19901:19906 got transaction with fd, -1, but target does not allow fds binder: 19901:19906 transaction failed 29201/-1, size 24-8 line 3236 binder_alloc: binder_alloc_mmap_handler: 19901 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 19901:19906 ioctl 40046207 0 returned -16 binder_alloc: 19901: binder_alloc_buf, no vma binder: 19901:19909 transaction failed 29189/-3, size 24-8 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 0000000000000000 9a20cc359e8ed4d1 ffff8800b5d076b8 ffffffff81cc9b4f 0000000000000001 ffffffff839fd4a0 ffff8800b5d076f8 ffffffff81d28d58 ffffffff83d093a0 ffff8801d2bb0f90 dffffc0000000000 ffffffff83cff4e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline] [] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498 [] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826 [] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: 19920:19924 got transaction with fd, -1, but target does not allow fds binder: 19920:19924 transaction failed 29201/-1, size 24-8 line 3236 binder: BINDER_SET_CONTEXT_MGR already set binder: 19920:19924 ioctl 40046207 0 returned -16 binder_alloc: 19920: binder_alloc_buf, no vma binder: 19920:19939 transaction failed 29189/-3, size 24-8 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=18878 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket device syz3 entered promiscuous mode binder: 21098:21105 got transaction with fd, -1, but target does not allow fds binder: 21098:21105 transaction failed 29201/-1, size 24-8 line 3236 binder_alloc: binder_alloc_mmap_handler: 21098 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 21098:21118 ioctl 40046207 0 returned -16 binder_alloc: 21098: binder_alloc_buf, no vma binder: 21098:21105 transaction failed 29189/-3, size 24-8 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21148:21157 got transaction with fd, -1, but target does not allow fds binder: 21148:21157 transaction failed 29201/-1, size 24-8 line 3236 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket binder_alloc: binder_alloc_mmap_handler: 21148 20000000-20002000 already mapped failed -16 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket binder: BINDER_SET_CONTEXT_MGR already set binder: 21148:21200 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket audit: type=1400 audit(1513079415.185:16): avc: denied { write } for pid=21436 comm="syz-executor0" path="socket:[21251]" dev="sockfs" ino=21251 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket binder: 21817:21822 got transaction with fd, -1, but target does not allow fds binder: 21817:21822 transaction failed 29201/-1, size 24-8 line 3236 binder_alloc: binder_alloc_mmap_handler: 21817 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 21817:21822 ioctl 40046207 0 returned -16 binder_alloc: 21817: binder_alloc_buf, no vma binder: 21817:21831 transaction failed 29189/-3, size 24-8 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket device syz0 entered promiscuous mode BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/21982 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 21982 Comm: syz-executor7 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 device syz2 entered promiscuous mode 0000000000000000 6ba27f2290f31b31 ffff8800b5d0f6b8 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8800b5d0f6f8 ffffffff81d28d58 ffffffff83d093a0 ffff8801d4132eb0 dffffc0000000000 ffffffff83cff4e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline] [] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498 [] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826 [] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. device syz5 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly audit: type=1400 audit(1513079417.935:17): avc: denied { create } for pid=22124 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 device syz6 entered promiscuous mode device syz4 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/22299 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 22299 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 7a2c10af0fd54251 ffff8801d53cf6b8 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8801d53cf6f8 ffffffff81d28d58 ffffffff83d093a0 ffff8801d2bb1f20 dffffc0000000000 ffffffff83cff4e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline] [] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498 [] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826 [] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/22299 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 22299 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 7a2c10af0fd54251 ffff8801d53cf6b8 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8801d53cf6f8 ffffffff81d28d58 ffffffff83d093a0 ffff8801d2b8d4c0 dffffc0000000000 ffffffff83cff4e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline] [] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498 [] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826 [] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/22560 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 22560 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 feb6169523965646 ffff8801d60bf6b8 ffffffff81cc9b4f 0000000000000001 ffffffff839fd4a0 ffff8801d60bf6f8 ffffffff81d28d58 ffffffff83d093a0 ffff8801da764f90 dffffc0000000000 ffffffff83cff4e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket [] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket [] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline] [] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket [] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826 [] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/22560 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 22560 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 feb6169523965646 ffff8801d60bf6b8 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8801d60bf6f8 ffffffff81d28d58 ffffffff83d093a0 ffff8801d4131f20 dffffc0000000000 ffffffff83cff4e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline] [] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498 [] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826 [] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: 22623:22626 got transaction with fd, -1, but target does not allow fds binder: 22623:22626 transaction failed 29201/-1, size 24-8 line 3236 binder_alloc: binder_alloc_mmap_handler: 22623 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 22623:22626 ioctl 40046207 0 returned -16 binder_alloc: 22623: binder_alloc_buf, no vma binder: 22623:22638 transaction failed 29189/-3, size 24-8 line 3131 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201