BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/19889
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 1 PID: 19889 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
binder: 19901:19906 got transaction with fd, -1, but target does not allow fds
binder: 19901:19906 transaction failed 29201/-1, size 24-8 line 3236
binder_alloc: binder_alloc_mmap_handler: 19901 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 19901:19906 ioctl 40046207 0 returned -16
binder_alloc: 19901: binder_alloc_buf, no vma
binder: 19901:19909 transaction failed 29189/-3, size 24-8 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
 0000000000000000 9a20cc359e8ed4d1 ffff8800b5d076b8 ffffffff81cc9b4f
 0000000000000001 ffffffff839fd4a0 ffff8800b5d076f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d2bb0f90 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
binder: 19920:19924 got transaction with fd, -1, but target does not allow fds
binder: 19920:19924 transaction failed 29201/-1, size 24-8 line 3236
binder: BINDER_SET_CONTEXT_MGR already set
binder: 19920:19924 ioctl 40046207 0 returned -16
binder_alloc: 19920: binder_alloc_buf, no vma
binder: 19920:19939 transaction failed 29189/-3, size 24-8 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
binder: undelivered TRANSACTION_ERROR: 29201
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=18878 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
device syz3 entered promiscuous mode
binder: 21098:21105 got transaction with fd, -1, but target does not allow fds
binder: 21098:21105 transaction failed 29201/-1, size 24-8 line 3236
binder_alloc: binder_alloc_mmap_handler: 21098 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 21098:21118 ioctl 40046207 0 returned -16
binder_alloc: 21098: binder_alloc_buf, no vma
binder: 21098:21105 transaction failed 29189/-3, size 24-8 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
binder: 21148:21157 got transaction with fd, -1, but target does not allow fds
binder: 21148:21157 transaction failed 29201/-1, size 24-8 line 3236
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
binder_alloc: binder_alloc_mmap_handler: 21148 20000000-20002000 already mapped failed -16
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
binder: BINDER_SET_CONTEXT_MGR already set
binder: 21148:21200 ioctl 40046207 0 returned -16
binder: undelivered TRANSACTION_ERROR: 29201
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
audit: type=1400 audit(1513079415.185:16): avc:  denied  { write } for  pid=21436 comm="syz-executor0" path="socket:[21251]" dev="sockfs" ino=21251 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
binder: 21817:21822 got transaction with fd, -1, but target does not allow fds
binder: 21817:21822 transaction failed 29201/-1, size 24-8 line 3236
binder_alloc: binder_alloc_mmap_handler: 21817 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 21817:21822 ioctl 40046207 0 returned -16
binder_alloc: 21817: binder_alloc_buf, no vma
binder: 21817:21831 transaction failed 29189/-3, size 24-8 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
device syz0 entered promiscuous mode
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/21982
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 21982 Comm: syz-executor7 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
device syz2 entered promiscuous mode
 0000000000000000 6ba27f2290f31b31 ffff8800b5d0f6b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8800b5d0f6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d4132eb0 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
device syz5 entered promiscuous mode
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly
audit: type=1400 audit(1513079417.935:17): avc:  denied  { create } for  pid=22124 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1
device syz6 entered promiscuous mode
device syz4 entered promiscuous mode
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/22299
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 22299 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 7a2c10af0fd54251 ffff8801d53cf6b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d53cf6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d2bb1f20 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/22299
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 22299 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 7a2c10af0fd54251 ffff8801d53cf6b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d53cf6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d2b8d4c0 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/22560
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 1 PID: 22560 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 feb6169523965646 ffff8801d60bf6b8 ffffffff81cc9b4f
 0000000000000001 ffffffff839fd4a0 ffff8801d60bf6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801da764f90 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/22560
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 22560 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 feb6169523965646 ffff8801d60bf6b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d60bf6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d4131f20 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
binder: 22623:22626 got transaction with fd, -1, but target does not allow fds
binder: 22623:22626 transaction failed 29201/-1, size 24-8 line 3236
binder_alloc: binder_alloc_mmap_handler: 22623 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 22623:22626 ioctl 40046207 0 returned -16
binder_alloc: 22623: binder_alloc_buf, no vma
binder: 22623:22638 transaction failed 29189/-3, size 24-8 line 3131
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201