lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <001a11427588ccc4700563c78a58@google.com>
Date:   Sat, 27 Jan 2018 12:06:01 -0800
From:   syzbot <syzbot+a40f0d7f9436d6cbd874@...kaller.appspotmail.com>
To:     davem@...emloft.net, kuznet@....inr.ac.ru,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com, yoshfuji@...ux-ipv6.org
Subject: possible deadlock in do_ip_setsockopt

Hello,

syzbot hit the following crash on upstream commit
c4e0ca7fa24137e372d6135fe16e8df8e123f116 (Fri Jan 26 23:10:50 2018 +0000)
Merge tag 'riscv-for-linus-4.15-maintainers' of  
git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux

So far this crash happened 9 times on net-next, upstream.
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a40f0d7f9436d6cbd874@...kaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for  
details.
If you forward the report, please keep this part and the footer.

binder_alloc: binder_alloc_mmap_handler: 5119 205a9000-205ac000 already  
mapped failed -16

======================================================
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 19, process died.
WARNING: possible circular locking dependency detected
4.15.0-rc9+ #283 Not tainted
------------------------------------------------------
syz-executor3/5146 is trying to acquire lock:
  (sk_lock-AF_INET){+.+.}, at: [<00000000577bd96a>] lock_sock  
include/net/sock.h:1461 [inline]
  (sk_lock-AF_INET){+.+.}, at: [<00000000577bd96a>]  
do_ip_setsockopt.isra.12+0x1d9/0x32e0 net/ipv4/ip_sockglue.c:646

but task is already holding lock:
  (rtnl_mutex){+.+.}, at: [<00000000194bb793>] rtnl_lock+0x17/0x20  
net/core/rtnetlink.c:72

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (rtnl_mutex){+.+.}:
        __mutex_lock_common kernel/locking/mutex.c:756 [inline]
        __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
        mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
        rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
        register_netdevice_notifier+0xad/0x860 net/core/dev.c:1590
        clusterip_config_init net/ipv4/netfilter/ipt_CLUSTERIP.c:261 [inline]
        clusterip_tg_check+0xeb9/0x1570  
net/ipv4/netfilter/ipt_CLUSTERIP.c:478
        xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845
        check_target net/ipv4/netfilter/ip_tables.c:518 [inline]
        find_check_entry.isra.8+0x8c8/0xcb0  
net/ipv4/netfilter/ip_tables.c:559
        translate_table+0xed1/0x1610 net/ipv4/netfilter/ip_tables.c:730
        do_replace net/ipv4/netfilter/ip_tables.c:1148 [inline]
        do_ipt_set_ctl+0x370/0x5f0 net/ipv4/netfilter/ip_tables.c:1682
        nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
        nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
        ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
        raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:857
        sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
        SYSC_setsockopt net/socket.c:1831 [inline]
        SyS_setsockopt+0x189/0x360 net/socket.c:1810
        entry_SYSCALL_64_fastpath+0x29/0xa0

-> #0 (sk_lock-AF_INET){+.+.}:
        lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
        lock_sock_nested+0xc2/0x110 net/core/sock.c:2770
        lock_sock include/net/sock.h:1461 [inline]
        do_ip_setsockopt.isra.12+0x1d9/0x32e0 net/ipv4/ip_sockglue.c:646
        ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248
        udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2408
        sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
        SYSC_setsockopt net/socket.c:1831 [inline]
        SyS_setsockopt+0x189/0x360 net/socket.c:1810
        entry_SYSCALL_64_fastpath+0x29/0xa0

other info that might help us debug this:

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(rtnl_mutex);
                                lock(sk_lock-AF_INET);
                                lock(rtnl_mutex);
   lock(sk_lock-AF_INET);

  *** DEADLOCK ***

1 lock held by syz-executor3/5146:
  #0:  (rtnl_mutex){+.+.}, at: [<00000000194bb793>] rtnl_lock+0x17/0x20  
net/core/rtnetlink.c:72

stack backtrace:
CPU: 0 PID: 5146 Comm: syz-executor3 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  print_circular_bug.isra.37+0x2cd/0x2dc kernel/locking/lockdep.c:1218
  check_prev_add kernel/locking/lockdep.c:1858 [inline]
  check_prevs_add kernel/locking/lockdep.c:1971 [inline]
  validate_chain kernel/locking/lockdep.c:2412 [inline]
  __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3426
  lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
  lock_sock_nested+0xc2/0x110 net/core/sock.c:2770
  lock_sock include/net/sock.h:1461 [inline]
  do_ip_setsockopt.isra.12+0x1d9/0x32e0 net/ipv4/ip_sockglue.c:646
  ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248
  udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2408
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
  SYSC_setsockopt net/socket.c:1831 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1810
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f432c8f4c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000023 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 00000000000005c4 R08: 000000000000000c R09: 0000000000000000
R10: 0000000020acc000 R11: 0000000000000212 R12: 00000000006f7b00
R13: 00000000ffffffff R14: 00007f432c8f56d4 R15: 0000000000000000
binder_alloc: binder_alloc_mmap_handler: 5151 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 21, process died.
binder: 5163 RLIMIT_NICE not set
binder_alloc: binder_alloc_mmap_handler: 5161 205a9000-205ac000 already  
mapped failed -16
binder_alloc: binder_alloc_mmap_handler: 5173 205a9000-205ac000 already  
mapped failed -16
binder: 5158:5178 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: 5158:5178 BC_INCREFS_DONE u000000002000c000 no match
binder: 5158:5178 got transaction to invalid handle
binder: 5158:5178 transaction failed 29201/-22, size 96-32 line 2788
binder_alloc: binder_alloc_mmap_handler: 5179 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 27, process died.
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5158:5186 ioctl 40046207 0 returned -16
binder_alloc: 5158: binder_alloc_buf, no vma
binder: 5158:5186 transaction failed 29189/-3, size 0-0 line 2903
binder: 5158:5178 BC_FREE_BUFFER u000000002000c000 no match
binder_alloc: binder_alloc_mmap_handler: 5202 205a9000-205ac000 already  
mapped failed -16
binder_alloc: binder_alloc_mmap_handler: 5199 205a9000-205ac000 already  
mapped failed -16
binder: 5213 RLIMIT_NICE not set
binder: 5206:5213 BC_INCREFS_DONE u000000002000c000 no match
binder: 5220 RLIMIT_NICE not set
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 30, process died.
binder_alloc: binder_alloc_mmap_handler: 5228 205a9000-205ac000 already  
mapped failed -16
binder_alloc: binder_alloc_mmap_handler: 5232 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 35, process died.
binder: 5219:5220 BC_INCREFS_DONE u000000002000c000 no match
binder: 5219:5220 got transaction to invalid handle
binder: 5219:5220 transaction failed 29201/-22, size 96-32 line 2788
binder: undelivered TRANSACTION_COMPLETE
binder_alloc: 5241: binder_alloc_buf, no vma
binder: 5241:5245 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5206:5213 got transaction to invalid handle
binder: 5206:5213 transaction failed 29201/-22, size 96-32 line 2788
binder: undelivered TRANSACTION_COMPLETE
binder_alloc: 5249: binder_alloc_buf, no vma
binder: 5249:5255 transaction failed 29189/-3, size 0-0 line 2903
binder: 5262 RLIMIT_NICE not set
binder_alloc: binder_alloc_mmap_handler: 5248 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 45, process died.
binder: 5253:5262 BC_INCREFS_DONE u000000002000c000 no match
binder: 5253:5262 got transaction to invalid handle
binder: 5253:5262 transaction failed 29201/-22, size 96-32 line 2788
binder: undelivered TRANSACTION_COMPLETE
binder_alloc: binder_alloc_mmap_handler: 5268 205a9000-205ac000 already  
mapped failed -16
binder_alloc: 5271: binder_alloc_buf, no vma
binder: 5271:5277 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5275: binder_alloc_buf, no vma
binder: 5275:5281 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 5286: binder_alloc_buf, no vma
binder: 5286:5287 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 57, process died.
binder_alloc: 5292: binder_alloc_buf, no vma
binder: 5292:5294 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5296:5297 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
bpf: check failed: parse error
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 50, process died.
binder: 5305:5317 transaction failed 29189/-22, size 0-0 line 2788
bpf: check failed: parse error
binder_alloc: 5308: binder_alloc_buf, no vma
binder: 5308:5318 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: binder_alloc_mmap_handler: 5307 205a9000-205ac000 already  
mapped failed -16
binder: 5322:5323 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5325:5327 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5325:5327 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5330: binder_alloc_buf, no vma
binder: 5330:5333 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5329:5332 ioctl 40046207 0 returned -16
binder_alloc: 5308: binder_alloc_buf, no vma
binder: 5329:5332 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5334:5337 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5334:5337 transaction failed 29189/-3, size 0-0 line 2903
bpf: check failed: parse error
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 5347: binder_alloc_buf, no vma
binder: 5347:5350 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5340:5345 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5340:5345 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5344: binder_alloc_buf, no vma
binder: 5344:5352 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5308: binder_alloc_buf, no vma
binder: 5342:5353 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5355:5357 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5355:5357 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5359:5364 ioctl 40046207 0 returned -16
binder_alloc: 5347: binder_alloc_buf, no vma
binder: 5359:5364 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5308: binder_alloc_buf, no vma
binder: 5361:5368 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5365:5366 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5365:5366 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5360:5369 ioctl 40046207 0 returned -16
binder_alloc: 5344: binder_alloc_buf, no vma
binder: 5360:5369 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5372:5378 ioctl 40046207 0 returned -16
binder_alloc: 5347: binder_alloc_buf, no vma
binder: 5372:5378 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5374:5376 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5374:5376 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5382:5393 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5381:5389 ioctl 40046207 0 returned -16
binder_alloc: 5347: binder_alloc_buf, no vma
binder: 5381:5389 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5344: binder_alloc_buf, no vma
binder: 5382:5393 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5386:5395 ioctl 40046207 0 returned -16
binder_alloc: binder_alloc_mmap_handler: 5386 205a9000-205ac000 already  
mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5399:5404 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5397:5405 ioctl 40046207 0 returned -16
binder_alloc: 5347: binder_alloc_buf, no vma
binder: 5397:5405 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: binder_alloc_mmap_handler: 5399 205a9000-205ac000 already  
mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5401:5407 ioctl 40046207 0 returned -16
binder_alloc: 5344: binder_alloc_buf, no vma
binder: 5401:5407 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: binder_alloc_mmap_handler: 5400 205a9000-205ac000 already  
mapped failed -16
binder_alloc: 5344: binder_alloc_buf, no vma
binder: 5412:5414 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5344: binder_alloc_buf, no vma
binder: 5421:5425 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5418:5420 ioctl 40046207 0 returned -16
binder_alloc: binder_alloc_mmap_handler: 5418 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5430:5433 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5430:5433 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5443:5444 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5443:5444 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5451:5457 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5451:5457 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5472:5480 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5472:5480 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: binder_alloc_mmap_handler: 5472 205a9000-205ac000 already  
mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5492:5495 ioctl 40046207 0 returned -16
binder_alloc: 5307: binder_alloc_buf, no vma
binder: 5492:5495 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: binder_alloc_mmap_handler: 5492 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 65, process died.
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: binder_alloc_mmap_handler: 5499 205a9000-205ac000 already  
mapped failed -16
binder_alloc: binder_alloc_mmap_handler: 5502 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 97, process died.
binder: 5552:5555 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5573:5581 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 101, process died.
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_COMPLETE
binder: 5621:5628 transaction failed 29189/-22, size 0-0 line 2788
binder_alloc: 5627: binder_alloc_buf, no vma
binder: 5627:5636 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5627: binder_alloc_buf, no vma
binder: 5635:5638 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5648:5655 ioctl 40046207 0 returned -16
binder_alloc: 5627: binder_alloc_buf, no vma
binder: 5648:5655 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered transaction 104, process died.
binder: undelivered transaction 103, process died.
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 5661: binder_alloc_buf, no vma
binder: 5661:5671 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5678:5681 ioctl 40046207 0 returned -16
binder_alloc: 5661: binder_alloc_buf, no vma
binder: 5678:5681 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: binder_alloc_mmap_handler: 5678 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: binder_alloc_mmap_handler: 5685 205a9000-205ac000 already  
mapped failed -16
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 114, process died.
binder_alloc: 5696: binder_alloc_buf, no vma
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5697:5702 ioctl 40046207 0 returned -16
binder_alloc: 5696: binder_alloc_buf, no vma
binder: 5696:5699 transaction failed 29189/-3, size 0-0 line 2903
binder: 5697:5702 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5696: binder_alloc_buf, no vma
binder: 5704:5707 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 5724: binder_alloc_buf, no vma
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5717:5728 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5722:5729 ioctl 40046207 0 returned -16
binder: 5724:5730 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered transaction 122, process died.
binder: undelivered transaction 121, process died.
binder: 5743:5744 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder_alloc: 5751: binder_alloc_buf, no vma
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5747:5755 ioctl 40046207 0 returned -16
binder_alloc: 5751: binder_alloc_buf, no vma
binder: 5751:5753 transaction failed 29189/-3, size 0-0 line 2903
binder: 5750:5760 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 5751: binder_alloc_buf, no vma
binder: 5747:5755 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 5779 Comm: syz-executor2 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:32
  slab_pre_alloc_hook mm/slab.h:421 [inline]
  slab_alloc mm/slab.c:3368 [inline]
  kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
  kmalloc include/linux/slab.h:499 [inline]
  kzalloc include/linux/slab.h:688 [inline]
  binder_get_thread+0x1cf/0x870 drivers/android/binder.c:4219
  binder_ioctl+0x20c/0x1417 drivers/android/binder.c:4494
  vfs_ioctl fs/ioctl.c:46 [inline]
  do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
  SYSC_ioctl fs/ioctl.c:701 [inline]
  SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f4c3e5dcc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4c3e5dcaa0 RCX: 0000000000453299
RDX: 0000000020007fd0 RSI: 00000000c0306201 RDI: 0000000000000013
RBP: 00007f4c3e5dca90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f4c3e5dcbc8 R14: 00000000004b8096 R15: 0000000000000000
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5772:5779 ioctl c0306201 20007fd0 returned -12
binder: 5773:5775 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5786:5787 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5785:5789 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5798:5801 transaction failed 29189/-22, size 0-0 line 2788
binder: 5793:5796 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5794:5809 transaction failed 29189/-22, size 0-0 line 2788
binder: 5812:5813 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5821:5822 transaction failed 29189/-22, size 0-0 line 2788
binder: 5821:5825 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 5827: binder_alloc_buf, no vma
binder: 5830:5834 transaction failed 29189/-3, size 0-0 line 2903
binder: 5855:5861 transaction failed 29189/-22, size 0-0 line 2788
binder: 5855:5862 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5878:5884 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5899:5902 ioctl 40046207 0 returned -16
binder: 5878:5884 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5916:5923 ioctl 40046207 0 returned -16
binder: send failed reply for transaction 149 to 5918:5926
binder: 5918:5934 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5936:5944 ioctl 40046207 0 returned -16
binder: 5956:5960 transaction failed 29189/-22, size 0-0 line 2788
binder: 5948:5954 transaction failed 29189/-22, size 0-0 line 2788
binder_alloc: 5957: binder_alloc_buf failed to map pages in userspace, no  
vma
binder: 5948:5965 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5975:5978 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5970:5980 ioctl 40046207 0 returned -16
binder: undelivered TRANSACTION_ERROR: 29189
binder: 5990:5997 transaction failed 29189/-22, size 0-0 line 2788
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 5992 Comm: syz-executor6 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:32
  slab_pre_alloc_hook mm/slab.h:421 [inline]
  slab_alloc mm/slab.c:3368 [inline]
  kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
  kmalloc include/linux/slab.h:499 [inline]
  kzalloc include/linux/slab.h:688 [inline]
  fl_create+0x115/0xab0 net/ipv6/ip6_flowlabel.c:369
  ipv6_flowlabel_opt+0x62c/0x2c90 net/ipv6/ip6_flowlabel.c:605
  do_ipv6_setsockopt.isra.8+0x7f8/0x39d0 net/ipv6/ipv6_sockglue.c:803
  ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
  rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
  SYSC_setsockopt net/socket.c:1831 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1810
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f19ba0d0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f19ba0d0aa0 RCX: 0000000000453299
RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013
RBP: 00007f19ba0d0a90 R08: 0000000000000020 R09: 0000000000000000
R10: 0000000020f68000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f19ba0d0bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: release 5996:6000 transaction 161 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 161, target dead
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 6005 Comm: syz-executor6 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:32
  slab_pre_alloc_hook mm/slab.h:421 [inline]
  slab_alloc mm/slab.c:3368 [inline]
  kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
  kmalloc include/linux/slab.h:499 [inline]
  ipv6_flowlabel_opt+0x679/0x2c90 net/ipv6/ip6_flowlabel.c:608
  do_ipv6_setsockopt.isra.8+0x7f8/0x39d0 net/ipv6/ipv6_sockglue.c:803
  ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
  rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
  SYSC_setsockopt net/socket.c:1831 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1810
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f19ba0d0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f19ba0d0aa0 RCX: 0000000000453299
RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013
RBP: 00007f19ba0d0a90 R08: 0000000000000020 R09: 0000000000000000
R10: 0000000020f68000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f19ba0d0bc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 6007 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:32
  slab_pre_alloc_hook mm/slab.h:421 [inline]
  slab_alloc mm/slab.c:3368 [inline]
  kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
  kmalloc include/linux/slab.h:499 [inline]
  kzalloc include/linux/slab.h:688 [inline]
  binder_transaction+0x13ee/0x8200 drivers/android/binder.c:2840
  binder_thread_write+0xc57/0x3820 drivers/android/binder.c:3459
  binder_ioctl_write_read.isra.38+0x261/0xcb0 drivers/android/binder.c:4362
  binder_ioctl+0xb72/0x1417 drivers/android/binder.c:4502
  vfs_ioctl fs/ioctl.c:46 [inline]
  do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
  SYSC_ioctl fs/ioctl.c:701 [inline]
  SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fe80c726c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe80c726aa0 RCX: 0000000000453299
RDX: 0000000020007fd0 RSI: 00000000c0306201 RDI: 0000000000000013
RBP: 00007fe80c726a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007fe80c726bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 6004:6007 transaction failed 29201/-12, size 0-0 line 2844
binder: undelivered TRANSACTION_ERROR: 29201
binder: 5990:6025 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 6035 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:32
  slab_pre_alloc_hook mm/slab.h:421 [inline]
  slab_alloc mm/slab.c:3368 [inline]
  kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
  kmalloc include/linux/slab.h:499 [inline]
  kzalloc include/linux/slab.h:688 [inline]
  binder_transaction+0x1460/0x8200 drivers/android/binder.c:2850
  binder_thread_write+0xc57/0x3820 drivers/android/binder.c:3459
  binder_ioctl_write_read.isra.38+0x261/0xcb0 drivers/android/binder.c:4362
  binder_ioctl+0xb72/0x1417 drivers/android/binder.c:4502
  vfs_ioctl fs/ioctl.c:46 [inline]
  do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
  SYSC_ioctl fs/ioctl.c:701 [inline]
  SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fe80c726c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe80c726aa0 RCX: 0000000000453299
RDX: 0000000020007fd0 RSI: 00000000c0306201 RDI: 0000000000000013
RBP: 00007fe80c726a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007fe80c726bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 6031:6035 transaction failed 29201/-12, size 0-0 line 2854
binder: undelivered TRANSACTION_ERROR: 29201
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 6066 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:53
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:32
  slab_pre_alloc_hook mm/slab.h:421 [inline]
  slab_alloc mm/slab.c:3368 [inline]
  kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
  kmalloc include/linux/slab.h:499 [inline]
  kzalloc include/linux/slab.h:688 [inline]
  binder_alloc_new_buf_locked+0x5ce/0x1700 drivers/android/binder_alloc.c:447
  binder_alloc_new_buf+0x43/0x60 drivers/android/binder_alloc.c:509
  binder_transaction+0x1a6e/0x8200 drivers/android/binder.c:2893
  binder_thread_write+0xc57/0x3820 drivers/android/binder.c:3459
  binder_ioctl_write_read.isra.38+0x261/0xcb0 drivers/android/binder.c:4362
  binder_ioctl+0xb72/0x1417 drivers/android/binder.c:4502
  vfs_ioctl fs/ioctl.c:46 [inline]
  do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
  SYSC_ioctl fs/ioctl.c:701 [inline]
  SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
  entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fe80c726c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe80c726aa0 RCX: 0000000000453299
RDX: 0000000020007fd0 RSI: 00000000c0306201 RDI: 0000000000000013
RBP: 00007fe80c726a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007fe80c726bc8 R14: 00000000004b8096 R15: 0000000000000000
binder_alloc: binder_alloc_new_buf_locked: 6054 failed to alloc new buffer  
struct
binder: 6054:6066 transaction failed 29201/-12, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 169 to 6056:6068
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6090:6096 transaction 171 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 171, target dead
binder: 6099:6104 transaction failed 29189/-22, size 0-0 line 2788
binder: 6099:6104 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6138:6142 ioctl 401845e0 20ced000 returned -22
binder: 6138:6165 ioctl 4b36 0 returned -22
binder_alloc: binder_alloc_mmap_handler: 6129 20000000-20002000 already  
mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6129:6162 ioctl 40046207 0 returned -16
binder_alloc: 6129: binder_alloc_buf, no vma
binder: 6138:6165 transaction failed 29189/-3, size 0-0 line 2903
binder: 6138:6165 ioctl 401845e0 20ced000 returned -22
binder: 6138:6169 ioctl 4b36 0 returned -22
binder: send failed reply for transaction 175 to 6138:6142
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6175:6185 ioctl 40046207 0 returned -16
binder_alloc: 6175: binder_alloc_buf, no vma
binder: 6175:6187 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6200:6204 ioctl 40046207 0 returned -16
binder_alloc: 6175: binder_alloc_buf, no vma
binder: 6200:6204 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6200:6212 ioctl 40046207 0 returned -16
binder_alloc: 6175: binder_alloc_buf, no vma
binder: 6200:6204 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6233:6244 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6233:6252 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6266:6267 ioctl 40046207 0 returned -16
binder_alloc: 6175: binder_alloc_buf, no vma
binder: 6266:6267 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6266:6271 ioctl 40046207 0 returned -16
binder_alloc: 6175: binder_alloc_buf, no vma
binder: 6266:6267 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6175:6185 transaction 178 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 178, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder_alloc: 6290: binder_alloc_buf, no vma
binder: 6290:6303 ioctl 40046207 0 returned -16
binder: release 6290:6294 transaction 185 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 185, target dead
binder: 6312:6332 transaction failed 29189/-22, size 0-0 line 2788
binder: 6312:6315 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6336:6350 ioctl 40046207 0 returned -16
binder_alloc: 6336: binder_alloc_buf, no vma
binder: 6339:6347 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6336: binder_alloc_buf, no vma
binder: 6340:6348 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: 6336: binder_alloc_buf, no vma
binder: 6336:6343 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6336:6343 transaction 189 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 189, target dead
binder: 6364:6369 transaction failed 29189/-22, size 0-0 line 2788
binder: 6364:6378 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6370:6382 ioctl 40046207 0 returned -16
binder_alloc: 6370: binder_alloc_buf, no vma
binder: 6381:6384 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6370: binder_alloc_buf, no vma
binder: 6370:6387 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6370:6377 transaction 196 out, still active
binder: undelivered TRANSACTION_COMPLETE
kauditd_printk_skb: 2 callbacks suppressed
audit: type=1400 audit(1517070169.395:29): avc:  denied  { ipc_owner } for   
pid=6401 comm="syz-executor6" capability=15   
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023  
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns  
permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6399:6414 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6422:6426 ioctl 40046207 0 returned -16
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6422:6427 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6437:6439 ioctl 40046207 0 returned -16
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6437:6439 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6437:6439 ioctl 40046207 0 returned -16
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6437:6439 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6448:6453 ioctl 40046207 0 returned -16
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6448:6453 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6447:6457 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6448:6459 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6469:6474 ioctl 40046207 0 returned -16
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6469:6474 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6447:6467 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6469:6481 ioctl 40046207 0 returned -16
binder_alloc: 6422: binder_alloc_buf, no vma
binder: 6469:6474 transaction failed 29189/-3, size 0-0 line 2903
binder: 6482:6484 transaction failed 29189/-22, size 0-0 line 2788
binder: send failed reply for transaction 196, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6422:6426 transaction 202 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: 6496:6507 transaction failed 29189/-22, size 0-0 line 2788
binder: 6496:6510 transaction failed 29189/-22, size 0-0 line 2788
binder: send failed reply for transaction 202, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6399:6405 transaction 200 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 200, target dead
binder_alloc: 6519: binder_alloc_buf, no vma
binder: 6517:6527 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6519: binder_alloc_buf, no vma
binder: 6517:6529 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6519:6523 ioctl 40046207 0 returned -16
binder_alloc: 6519: binder_alloc_buf, no vma
binder: 6519:6523 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6519:6521 transaction 215 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 215, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6542:6547 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6540:6553 ioctl 40046207 0 returned -16
binder: release 6540:6551 transaction 221 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 221, target dead
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6559:6565 ioctl 40046207 0 returned -16
binder_alloc: 6559: binder_alloc_buf, no vma
binder: 6559:6572 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6559: binder_alloc_buf, no vma
binder: 6542:6571 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6559:6565 transaction 223 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 223, target dead
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6589:6591 ioctl 40046207 0 returned -16
binder_alloc: 6589: binder_alloc_buf, no vma
binder: 6589:6590 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6589:6590 transaction 227 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 227, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6600:6604 transaction failed 29189/-22, size 0-0 line 2788
netlink: 10 bytes leftover after parsing attributes in process  
`syz-executor3'.
binder_alloc: 6593: binder_alloc_buf, no vma
binder: 6600:6618 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6593: binder_alloc_buf, no vma
binder: 6593:6610 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6593:6605 ioctl 40046207 0 returned -16
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6593:6605 transaction 231 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 231, target dead
binder: 6625:6626 transaction failed 29189/-22, size 0-0 line 2788
binder: 6625:6627 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 10 bytes leftover after parsing attributes in process  
`syz-executor3'.
binder: 6634:6641 transaction failed 29189/-22, size 0-0 line 2788
binder_alloc: binder_alloc_mmap_handler: 6632 20000000-20002000 already  
mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6632:6655 ioctl 40046207 0 returned -16
binder: 6634:6641 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6675:6676 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6632:6646 transaction 238 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 238, target dead
binder: 6683:6686 transaction failed 29189/-22, size 0-0 line 2788
binder_alloc: 6680: binder_alloc_buf, no vma
binder: 6680:6687 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6680:6696 ioctl 40046207 0 returned -16
binder_alloc: 6680: binder_alloc_buf, no vma
binder: 6680:6687 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6706:6712 ioctl 40046207 0 returned -16
binder_alloc: 6706: binder_alloc_buf, no vma
binder: 6706:6716 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6706:6712 transaction 246 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 246, target dead
kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6728:6733 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6723:6730 ioctl 40046207 0 returned -16
binder_alloc: 6723: binder_alloc_buf, no vma
binder: 6723:6739 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6723: binder_alloc_buf, no vma
binder: 6728:6746 transaction failed 29189/-3, size 0-0 line 2903
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6756:6760 transaction failed 29189/-22, size 0-0 line 2788
binder: 6756:6769 transaction failed 29189/-22, size 0-0 line 2788
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6723:6730 transaction 250 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder_alloc: 6778: binder_alloc_buf, no vma
binder: 6775:6786 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6778:6787 ioctl 40046207 0 returned -16
binder_alloc: 6778: binder_alloc_buf, no vma
binder: 6778:6782 transaction failed 29189/-3, size 0-0 line 2903
binder_alloc: 6778: binder_alloc_buf, no vma
binder: 6775:6788 transaction failed 29189/-3, size 0-0 line 2903
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6802:6804 ioctl 40046207 0 returned -16
binder: send failed reply for transaction 250, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6778:6782 transaction 256 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 256, target dead
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6812:6816 transaction failed 29189/-22, size 0-0 line 2788
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6821:6831 ioctl 40046207 0 returned -16
binder_alloc: 6821: binder_alloc_buf, no vma
binder: 6812:6832 transaction failed 29189/-3, size 0-0 line 2903
binder: release 6821:6827 transaction 263 out, still active


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkaller@...glegroups.com.

syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is  
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug  
report.
Note: all commands must start from beginning of the line in the email body.

View attachment "raw.log.txt" of type "text/plain" (508438 bytes)

View attachment "config.txt" of type "text/plain" (135962 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ