BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor2/9175 vmalloc: allocation failure: 6806414744 bytes syz-executor7: page allocation failure: order:0, mode:0x24000c2 CPU: 0 PID: 9174 Comm: syz-executor7 Not tainted 4.4.114-ga81d322 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 a320bc57348a8dbc ffff8800af287880 ffffffff81d0394d 1ffff10015e50f13 ffff8800aecf9800 00000000024000c2 0000000000000000 0000000000000001 ffff8800af287990 ffffffff814311e9 ffffffff838ac420 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:721 [] translate_table+0x21a/0x1f40 net/ipv6/netfilter/ip6_tables.c:832 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1306 [inline] [] do_ip6t_set_ctl+0x2a3/0x450 net/ipv6/netfilter/ip6_tables.c:1859 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:910 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2635 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2659 [] SYSC_setsockopt net/socket.c:1767 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1746 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:52674 inactive_anon:45 isolated_anon:0 active_file:3590 inactive_file:8265 isolated_file:0 unevictable:0 dirty:134 writeback:0 unstable:0 slab_reclaimable:6198 slab_unreclaimable:60034 mapped:24134 shmem:51 pagetables:678 bounce:0 free:1473248 free_pcp:384 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411 DMA32 free:2664260kB min:30608kB low:38260kB high:45912kB active_anon:96748kB inactive_anon:76kB active_file:6052kB inactive_file:14656kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982736kB mlocked:0kB dirty:324kB writeback:0kB mapped:45444kB shmem:88kB slab_reclaimable:12384kB slab_unreclaimable:112532kB kernel_stack:2752kB pagetables:1328kB unstable:0kB bounce:0kB free_pcp:628kB local_pcp:136kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 3500 3500 Normal free:3212828kB min:36808kB low:46008kB high:55212kB active_anon:113948kB inactive_anon:104kB active_file:8308kB inactive_file:18404kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:212kB writeback:0kB mapped:51092kB shmem:116kB slab_reclaimable:12408kB slab_unreclaimable:127604kB kernel_stack:2752kB pagetables:1384kB unstable:0kB bounce:0kB free_pcp:908kB local_pcp:244kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB DMA32: 877*4kB (UME) 417*8kB (UME) 165*16kB (UME) 99*32kB (UME) 88*64kB (UME) 36*128kB (UM) 32*256kB (UM) 29*512kB (UME) 33*1024kB (ME) 4*2048kB (ME) 629*4096kB (M) = 2664300kB Normal: 1067*4kB (UME) 558*8kB (UME) 136*16kB (UME) 175*32kB (UME) 86*64kB (UME) 57*128kB (UME) 38*256kB (UME) 45*512kB (UM) 45*1024kB (ME) 4*2048kB (ME) 756*4096kB (M) = 3212924kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11905 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320144 pages reserved caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 9175 Comm: syz-executor2 Not tainted 4.4.114-ga81d322 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 d4f56b9ce56b7b5a ffff8800b5097800 ffffffff81d0394d 0000000000000001 ffffffff839fe3a0 ffffffff83cef720 ffff8800b65ae000 0000000000000003 ffff8800b5097840 ffffffff81d63894 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] SYSC_sendto+0x2c8/0x340 net/socket.c:1665 [] SyS_sendto+0x40/0x50 net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x1c/0x98 netlink: 156 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 156 bytes leftover after parsing attributes in process `syz-executor2'. audit: type=1326 audit(1517536923.565:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9364 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 audit: type=1326 audit(1517536923.595:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9364 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 audit: type=1400 audit(1517536923.905:33): avc: denied { getopt } for pid=9420 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 SELinux: Invalid class 86 TCP: request_sock_TCPv6: Possible SYN flooding on port 20026. Sending cookies. Check SNMP counters. binder: 9607:9609 BC_INCREFS_DONE uffffffffffffffff no match ALSA: seq fatal error: cannot create timer (-22) TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable audit: type=1400 audit(1517536926.465:34): avc: denied { create } for pid=9879 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517536926.505:35): avc: denied { write } for pid=9879 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517536926.895:36): avc: denied { create } for pid=10016 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517536926.965:37): avc: denied { write } for pid=10016 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket tmpfs: No value for mount option '.<' tmpfs: No value for mount option '.<' audit: type=1400 audit(1517536927.665:38): avc: denied { set_context_mgr } for pid=10244 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1517536927.755:39): avc: denied { execute } for pid=10265 comm="syz-executor2" dev="pipefs" ino=20628 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 audit: type=1400 audit(1517536927.755:40): avc: denied { call } for pid=10244 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 10256:10270 ioctl 40046207 0 returned -16 binder: 10244:10246 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: BINDER_SET_CONTEXT_MGR already set binder: 10244:10246 ioctl 40046207 0 returned -16 binder_alloc: 10244: binder_alloc_buf, no vma binder: 10256:10270 transaction failed 29189/-3, size 0-0 line 3128 binder_alloc: 10244: binder_alloc_buf, no vma binder: 10244:10258 transaction failed 29189/-3, size 0-0 line 3128 binder: 10244:10246 got reply transaction with no transaction stack binder: 10244:10246 transaction failed 29201/-71, size 0-0 line 2921 binder: BINDER_SET_CONTEXT_MGR already set binder: 10256:10286 ioctl 40046207 0 returned -16 binder_alloc: 10244: binder_alloc_buf, no vma binder: 10256:10286 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 10244:10246 transaction 57 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 10244:10258 transaction 55 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 55, target dead binder: send failed reply for transaction 57, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode audit: type=1400 audit(1517536928.075:41): avc: denied { create } for pid=10303 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device gre0 entered promiscuous mode device gre0 entered promiscuous mode audit: type=1400 audit(1517536928.735:42): avc: denied { write } for pid=10522 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode audit: type=1400 audit(1517536929.735:43): avc: denied { create } for pid=10748 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4095 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket device gre0 entered promiscuous mode binder: BINDER_SET_CONTEXT_MGR already set binder: 11018:11033 ioctl 40046207 0 returned -16 binder: undelivered death notification, 0000000000000000 binder: 11187:11196 ioctl c0306201 20007000 returned -14 binder: 11187:11206 unknown command 0 binder: 11187:11206 ioctl c0306201 20007000 returned -22 device gre0 entered promiscuous mode device gre0 entered promiscuous mode