BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/6729 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 6729 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d5eef6d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801aed31800 0000000000000003 ffff8801d5eef718 ffffffff81df7854 ffff8801d5eef730 ffffffff83f42ec0[ 45.871305] tc_dump_action: action bad kind dffffc0000000000Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 tc_dump_action: action bad kind [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 nla_parse: 60 callbacks suppressed netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. mmap: syz-executor3 (7136): VmData 35430400 exceed data ulimit 127. Update limits or use boot option ignore_rlimit_data. audit: type=1400 audit(1513087834.774:33): avc: denied { create } for pid=7168 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode audit: type=1400 audit(1513087835.824:34): avc: denied { getattr } for pid=7409 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 devpts: called with bogus options devpts: called with bogus options SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57618 sclass=netlink_route_socket pig=7936 comm=syz-executor3 devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options devpts: called with bogus options audit: type=1400 audit(1513087838.054:35): avc: denied { create } for pid=8018 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode sock: process `syz-executor6' is using obsolete setsockopt SO_BSDCOMPAT sd 0:0:1:0: [sg0] tag#186 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#186 CDB: Test Unit Ready sd 0:0:1:0: [sg0] tag#186 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#186 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#186 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#186 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#245 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#245 CDB: Test Unit Ready sd 0:0:1:0: [sg0] tag#245 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#245 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#245 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#245 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pig=8456 comm=syz-executor5 nla_parse: 71 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pig=8456 comm=syz-executor5 netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8597 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8619 comm=syz-executor2 device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. binder: 9154:9157 ERROR: BC_REGISTER_LOOPER called without request binder: 9154:9168 BC_FREE_BUFFER u0000000000000000 no match audit: type=1400 audit(1513087842.594:36): avc: denied { setopt } for pid=9170 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 9154:9168 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 9154:9157 unknown command 0 binder: 9154:9168 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 9154:9168 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 9154:9187 got reply transaction with bad transaction stack, transaction 36 has target 9154:9157 binder: 9154:9187 transaction failed 29201/-71, size 32-8 line 2938 binder: 9154:9157 ioctl c0306201 2000a000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 9154:9168 ioctl 40046207 0 returned -16 binder: 9154:9168 ERROR: BC_REGISTER_LOOPER called without request binder: release 9154:9157 transaction 36 in, still active binder: send failed reply for transaction 36 to 9154:9187 binder: undelivered TRANSACTION_COMPLETE binder: 9154:9168 BC_FREE_BUFFER u0000000000000000 no match binder: 9154:9168 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 9154:9168 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 9154:9168 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 9154:9187 transaction failed 29189/-22, size 0-0 line 3007 binder: 9154:9157 ioctl c0306201 2000a000 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 device syz0 entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189