BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor5/5358
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 5346 Comm: syz-executor0 Not tainted 4.4.114-gfe09418 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 cdd665a96807108b ffff8801ca967830 ffffffff81d02e6d
 ffff8800b5912480 1ffff1003952cf13 ffff8801ca9679b8 0000000000000000
 0000000000000000 ffff8801ca9679e0 ffffffff81606425 ffffffff81236920
Call Trace:
 [<ffffffff81d02e6d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d02e6d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81606425>] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316
 [<ffffffff814a2338>] do_anonymous_page mm/memory.c:2731 [inline]
 [<ffffffff814a2338>] handle_pte_fault mm/memory.c:3295 [inline]
 [<ffffffff814a2338>] __handle_mm_fault mm/memory.c:3426 [inline]
 [<ffffffff814a2338>] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455
 [<ffffffff810dc6cb>] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245
 [<ffffffff810dcd97>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308
 [<ffffffff83774848>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033
 [<ffffffff82d29dd1>] snd_seq_do_ioctl+0x171/0x1a0 sound/core/seq/seq_clientmgr.c:2212
 [<ffffffff82d29fad>] snd_seq_ioctl+0x5d/0x80 sound/core/seq/seq_clientmgr.c:2227
 [<ffffffff81558f8a>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff81558f8a>] do_vfs_ioctl+0x7aa/0xee0 fs/ioctl.c:607
 [<ffffffff8155974f>] SYSC_ioctl fs/ioctl.c:622 [inline]
 [<ffffffff8155974f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
 [<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 5346 Comm: syz-executor0 Not tainted 4.4.114-gfe09418 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 cdd665a96807108b ffff8801ca967800 ffffffff81d02e6d
 ffff8800b5912480 1ffff1003952cf0d ffff8801ca967988 0000000000000000
 0000000000000000 ffff8801ca9679b0 ffffffff81606425 ffffffff81236920
Call Trace:
 [<ffffffff81d02e6d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d02e6d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81606425>] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316
 [<ffffffff814a2338>] do_anonymous_page mm/memory.c:2731 [inline]
 [<ffffffff814a2338>] handle_pte_fault mm/memory.c:3295 [inline]
 [<ffffffff814a2338>] __handle_mm_fault mm/memory.c:3426 [inline]
 [<ffffffff814a2338>] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455
 [<ffffffff810dc6cb>] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245
 [<ffffffff810dcd97>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308
 [<ffffffff83774848>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033
 [<ffffffff82d25c32>] copy_from_user arch/x86/include/asm/uaccess.h:746 [inline]
 [<ffffffff82d25c32>] snd_seq_ioctl_set_queue_tempo+0x92/0x120 sound/core/seq/seq_clientmgr.c:1741
 [<ffffffff82d29dd1>] snd_seq_do_ioctl+0x171/0x1a0 sound/core/seq/seq_clientmgr.c:2212
 [<ffffffff82d29fad>] snd_seq_ioctl+0x5d/0x80 sound/core/seq/seq_clientmgr.c:2227
 [<ffffffff81558f8a>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff81558f8a>] do_vfs_ioctl+0x7aa/0xee0 fs/ioctl.c:607
 [<ffffffff8155974f>] SYSC_ioctl fs/ioctl.c:622 [inline]
 [<ffffffff8155974f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
 [<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
CPU: 0 PID: 5358 Comm: syz-executor5 Not tainted 4.4.114-gfe09418 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 759197865ec4c0a6 ffff8800aad3f800 ffffffff81d02e6d
 0000000000000000 ffffffff839fe3a0 ffffffff83cef720 ffff8800ab87c740
 0000000000000003 ffff8800aad3f840 ffffffff81d62db4 ffffffff810002b8
Call Trace:
 [<ffffffff81d02e6d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d02e6d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d62db4>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff81d62e1c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff83129749>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
 [<ffffffff831318c7>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
 [<ffffffff8314919b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
 [<ffffffff831203ff>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
 [<ffffffff831d612c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
 [<ffffffff82dea8da>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea8da>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82deb828>] SYSC_sendto+0x2c8/0x340 net/socket.c:1665
 [<ffffffff82dedd20>] SyS_sendto+0x40/0x50 net/socket.c:1633
 [<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
binder: 5421:5433 BC_DEAD_BINDER_DONE 0000000000000002 not found
binder: 5421:5442 BC_INCREFS_DONE node 4 has no pending increfs request
binder: 5421:5433 BC_ACQUIRE_DONE node 4 has no pending acquire request
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 5436 Comm: syz-executor3 Not tainted 4.4.114-gfe09418 #3
binder: 5421:5433 unknown command 0
binder: 5421:5433 ioctl c0306201 20a53fd0 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5421:5442 ioctl 40046207 0 returned -16
binder: 5421:5433 BC_DEAD_BINDER_DONE 0000000000000002 not found
binder: 5421:5433 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 5421:5433 BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
binder: 5421:5433 got reply transaction with no transaction stack
binder: 5421:5433 transaction failed 29201/-71, size 80-24 line 2921
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 61f032cc97e5f504 ffff8801c542f760 ffffffff81d02e6d
 ffff8800b5912900 1ffff10038a85ef9 ffff8801c542f8e8 0000000000000000
 0000000000000000 ffff8801c542f910 ffffffff81606425 ffffffff81236920
Call Trace:
 [<ffffffff81d02e6d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d02e6d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81606425>] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316
 [<ffffffff814a2338>] do_anonymous_page mm/memory.c:2731 [inline]
 [<ffffffff814a2338>] handle_pte_fault mm/memory.c:3295 [inline]
 [<ffffffff814a2338>] __handle_mm_fault mm/memory.c:3426 [inline]
 [<ffffffff814a2338>] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455
 [<ffffffff810dc6cb>] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245
 [<ffffffff810dcd97>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308
 [<ffffffff83774848>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033
 [<ffffffff81558f8a>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff81558f8a>] do_vfs_ioctl+0x7aa/0xee0 fs/ioctl.c:607
 [<ffffffff8155974f>] SYSC_ioctl fs/ioctl.c:622 [inline]
 [<ffffffff8155974f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
 [<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
audit: type=1400 audit(1517447645.021:7): avc:  denied  { create } for  pid=5575 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32111 sclass=netlink_route_socket
audit: type=1400 audit(1517447645.101:8): avc:  denied  { write } for  pid=5575 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32111 sclass=netlink_route_socket
audit: type=1400 audit(1517447645.161:9): avc:  denied  { getopt } for  pid=5575 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
binder: 5676:5678 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 5676:5678 Release 1 refcount change on invalid ref 0 ret -22
binder: 5676:5699 Acquire 1 refcount change on invalid ref 0 ret -22
binder: 5676:5678 Release 1 refcount change on invalid ref 0 ret -22
capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use)
binder: 5784:5795 got transaction with invalid offset (0, min 0 max 0) or object.
binder: 5784:5795 transaction failed 29201/-22, size 0-8 line 3191
binder_alloc: binder_alloc_mmap_handler: 5784 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5784:5818 ioctl 40046207 0 returned -16
binder: undelivered TRANSACTION_ERROR: 29201
binder_alloc: binder_alloc_mmap_handler: 5949 20000000-20002000 already mapped failed -16
binder_alloc: 5949: binder_alloc_buf, no vma
binder: 5949:5969 transaction failed 29189/-3, size 0-0 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 5949:5951 transaction 11 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 11, target dead
l2tp_core: tunl 2: fd 20 wrong protocol, got 1, expected 17
l2tp_core: tunl 2: fd 22 wrong protocol, got 1, expected 17
PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex
PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex
audit_printk_skb: 21 callbacks suppressed
audit: type=1400 audit(1517447648.121:17): avc:  denied  { setopt } for  pid=6250 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1517447648.831:18): avc:  denied  { setattr } for  pid=6437 comm="syz-executor6" name="oom_score_adj" dev="proc" ino=13403 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1
audit: type=1400 audit(1517447649.561:19): avc:  denied  { create } for  pid=6662 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
binder: 6694:6696 transaction failed 29201/-22, size -430-538 line 3128
binder_alloc: binder_alloc_mmap_handler: 6694 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6694:6696 ioctl 40046207 0 returned -16
binder_alloc: 6694: binder_alloc_buf, no vma
binder: 6694:6711 transaction failed 29189/-3, size -430-538 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
binder: 6726:6729 transaction failed 29201/-22, size -430-538 line 3128
binder: undelivered TRANSACTION_ERROR: 29201
syz-executor2 uses obsolete (PF_INET,SOCK_PACKET)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25875 sclass=netlink_route_socket
TCP: request_sock_TCPv6: Possible SYN flooding on port 20026. Sending cookies.  Check SNMP counters.
binder: 7485:7493 ERROR: BC_REGISTER_LOOPER called without request
binder: 7485:7493 ioctl c0306201 20005fd0 returned -14
binder: 7485:7493 got reply transaction with no transaction stack
binder: 7485:7493 transaction failed 29201/-71, size 32-8 line 2921
binder: BINDER_SET_CONTEXT_MGR already set
binder_alloc: 7485: binder_alloc_buf, no vma
binder: 7485:7504 transaction failed 29189/-3, size 0-0 line 3128
binder: 7485:7527 ioctl 40046207 0 returned -16
binder: 7485:7504 ioctl c0306201 20005fd0 returned -14
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
binder: release 7485:7504 transaction 20 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: release 7485:7493 transaction 20 in, still active
binder: send failed reply for transaction 20, target dead
netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
tmpfs: No value for mount option '.<'