BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor7/5824 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 5824 Comm: syz-executor7 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 45a139c0148bcd1d ffff8800aa6bf800 ffffffff81d028ed 0000000000000001 ffffffff839fe3a0 ffffffff83cef6a0 ffff8800bab897c0 0000000000000003 ffff8800aa6bf840 ffffffff81d62834 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] SYSC_sendto+0x2c8/0x340 net/socket.c:1665 [] SyS_sendto+0x40/0x50 net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x1c/0x98 netlink: 28 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517386204.976:8): avc: denied { create } for pid=5949 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517386204.996:9): avc: denied { create } for pid=5956 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1517386205.036:10): avc: denied { write } for pid=5949 comm="syz-executor5" path="socket:[12199]" dev="sockfs" ino=12199 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517386205.206:11): avc: denied { accept } for pid=5979 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517386205.216:12): avc: denied { create } for pid=5986 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 audit: type=1400 audit(1517386205.506:13): avc: denied { set_context_mgr } for pid=6033 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1517386205.576:14): avc: denied { call } for pid=6033 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 6033: binder_alloc_buf size 8679965255895708464 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) binder: 6033:6034 transaction failed 29201/-28, size 0-8679965255895708463 line 3128 binder: BINDER_SET_CONTEXT_MGR already set binder: 6033:6078 ioctl 40046207 0 returned -16 binder_alloc: 6033: binder_alloc_buf, no vma binder: 6033:6049 transaction failed 29189/-3, size 0-8679965255895708463 line 3128 vmalloc: allocation failure: 0 bytes syz-executor1: page allocation failure: order:0, mode:0x24000c2 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 CPU: 1 PID: 6092 Comm: syz-executor1 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 e9e7e43a5d5f90cf ffff8801d85af948 ffffffff81d028ed 1ffff1003b0b5f2c ffff8801d95b4740 00000000024000c2 0000000000000000 0000000000000001 ffff8801d85afa58 ffffffff814301e9 ffffffff838ac3a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527 [] __vfs_write+0x103/0x450 fs/read_write.c:489 [] vfs_write+0x18a/0x530 fs/read_write.c:538 [] SYSC_pwrite64 fs/read_write.c:627 [inline] [] SyS_pwrite64+0x13f/0x170 fs/read_write.c:614 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:45611 inactive_anon:43 isolated_anon:0 active_file:3591 inactive_file:8158 isolated_file:0 unevictable:0 dirty:93 writeback:0 unstable:0 slab_reclaimable:5002 slab_unreclaimable:60043 mapped:24068 shmem:51 pagetables:645 bounce:0 free:1482230 free_pcp:583 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411 DMA32 free:2696764kB min:30608kB low:38260kB high:45912kB active_anon:71068kB inactive_anon:96kB active_file:7460kB inactive_file:17848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982736kB mlocked:0kB dirty:288kB writeback:0kB mapped:47116kB shmem:116kB slab_reclaimable:9968kB slab_unreclaimable:107940kB kernel_stack:3136kB pagetables:1176kB unstable:0kB bounce:0kB free_pcp:1060kB local_pcp:396kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 3500 3500 Normal free:3222824kB min:36808kB low:46008kB high:55212kB active_anon:109100kB inactive_anon:84kB active_file:6916kB inactive_file:14784kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:96kB writeback:0kB mapped:48940kB shmem:88kB slab_reclaimable:10048kB slab_unreclaimable:132396kB kernel_stack:2752kB pagetables:1308kB unstable:0kB bounce:0kB free_pcp:1272kB local_pcp:620kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB DMA32: 379*4kB (UME) 147*8kB (UME) 90*16kB (UME) 68*32kB (UME) 53*64kB (UME) 14*128kB (UME) 10*256kB (UME) 14*512kB (UME) 33*1024kB (M) 4*2048kB (M) 643*4096kB (M) = 2696932kB Normal: 634*4kB (UME) 166*8kB (UME) 76*16kB (UM) 49*32kB (UME) 54*64kB (UME) 13*128kB (UME) 12*256kB (UME) 7*512kB (ME) 34*1024kB (M) 6*2048kB (M) 771*4096kB (M) = 3223544kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11805 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320144 pages reserved vmalloc: allocation failure: 0 bytes syz-executor1: page allocation failure: order:0, mode:0x24000c2 CPU: 0 PID: 6105 Comm: syz-executor1 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 0d1e4ad83cdb80bc ffff8800ab6e7948 ffffffff81d028ed 1ffff100156dcf2c ffff8801d8b797c0 00000000024000c2 0000000000000000 0000000000000001 ffff8800ab6e7a58 ffffffff814301e9 ffffffff838ac3a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527 [] __vfs_write+0x103/0x450 fs/read_write.c:489 [] vfs_write+0x18a/0x530 fs/read_write.c:538 [] SYSC_pwrite64 fs/read_write.c:627 [inline] [] SyS_pwrite64+0x13f/0x170 fs/read_write.c:614 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:45022 inactive_anon:45 isolated_anon:0 active_file:3594 inactive_file:8158 isolated_file:0 unevictable:0 dirty:102 writeback:0 unstable:0 slab_reclaimable:5006 slab_unreclaimable:59842 mapped:24035 shmem:51 pagetables:613 bounce:0 free:1484272 free_pcp:605 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411 DMA32 free:2697576kB min:30608kB low:38260kB high:45912kB active_anon:71068kB inactive_anon:96kB active_file:7460kB inactive_file:17848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982736kB mlocked:0kB dirty:312kB writeback:0kB mapped:47132kB shmem:116kB slab_reclaimable:9968kB slab_unreclaimable:107396kB kernel_stack:2944kB pagetables:1196kB unstable:0kB bounce:0kB free_pcp:1100kB local_pcp:716kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 3500 3500 Normal free:3223608kB min:36808kB low:46008kB high:55212kB active_anon:109020kB inactive_anon:84kB active_file:6916kB inactive_file:14784kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:96kB writeback:0kB mapped:49008kB shmem:88kB slab_reclaimable:10056kB slab_unreclaimable:131972kB kernel_stack:2528kB pagetables:1256kB unstable:0kB bounce:0kB free_pcp:1320kB local_pcp:700kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB DMA32: 444*4kB (UME) 155*8kB (UME) 106*16kB (UME) 70*32kB (UME) 53*64kB (UME) 14*128kB (UME) 10*256kB (UME) 14*512kB (UME) 33*1024kB (M) 4*2048kB (M) 643*4096kB (M) = 2697576kB Normal: 634*4kB (UME) 166*8kB (UME) 76*16kB (UM) 53*32kB (UME) 54*64kB (UME) 13*128kB (UME) 12*256kB (UME) 7*512kB (ME) 34*1024kB (M) 6*2048kB (M) 771*4096kB (M) = 3223672kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11810 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320144 pages reserved audit: type=1400 audit(1517386206.766:15): avc: denied { accept } for pid=6112 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 syz-executor3 (6162) used greatest stack depth: 23560 bytes left PF_BRIDGE: RTM_SETLINK with unknown ifindex PF_BRIDGE: RTM_SETLINK with unknown ifindex device lo entered promiscuous mode device lo left promiscuous mode binder: 6345:6350 got transaction with invalid offsets size, 6 binder: 6345:6350 transaction failed 29201/-22, size 40-6 line 3164 binder: BINDER_SET_CONTEXT_MGR already set binder: 6345:6350 ioctl 40046207 0 returned -16 binder_alloc: 6345: binder_alloc_buf, no vma binder: 6345:6363 transaction failed 29189/-3, size 40-6 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1517386208.046:16): avc: denied { setopt } for pid=6365 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. audit: type=1400 audit(1517386208.496:17): avc: denied { bind } for pid=6508 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517386208.716:18): avc: denied { getattr } for pid=6568 comm="syz-executor3" path="socket:[13601]" dev="sockfs" ino=13601 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 6860:6862 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 6860: binder_alloc_buf, no vma binder: 6858:6877 BC_INCREFS_DONE u0000000000000000 no match binder: 6860:6881 transaction failed 29189/-3, size 0-0 line 3128 binder_alloc: 6860: binder_alloc_buf, no vma binder: 6860:6862 transaction failed 29189/-3, size 0-0 line 3128 binder: 6858:6877 BC_INCREFS_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 6860:6881 ioctl 40046207 0 returned -16 binder_alloc: 6860: binder_alloc_buf, no vma binder_alloc: 6860: binder_alloc_buf, no vma binder: 6860:6862 transaction failed 29189/-3, size 0-0 line 3128 binder: 6860:6910 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: BINDER_SET_CONTEXT_MGR already set binder: undelivered TRANSACTION_ERROR: 29189 binder: 6929:6932 ioctl 40046207 0 returned -16 binder: 6929:6945 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered TRANSACTION_ERROR: 29189 binder: 6929:6952 transaction failed 29189/-22, size 0-0 line 3005 binder: 6929:6945 transaction failed 29189/-22, size 0-0 line 3005 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 sock: sock_set_timeout: `syz-executor2' (pid 7205) tries to set negative timeout syz-executor4 (7191) used greatest stack depth: 22664 bytes left sock: sock_set_timeout: `syz-executor2' (pid 7205) tries to set negative timeout audit: type=1400 audit(1517386211.686:19): avc: denied { ioctl } for pid=7206 comm="syz-executor1" path="socket:[13986]" dev="sockfs" ino=13986 ioctlcmd=660b scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517386211.886:20): avc: denied { attach_queue } for pid=7267 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tun_socket permissive=1 netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517386212.046:21): avc: denied { read } for pid=7294 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517386212.106:22): avc: denied { setopt } for pid=7294 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517386212.836:23): avc: denied { ioctl } for pid=7534 comm="syz-executor4" path="socket:[14899]" dev="sockfs" ino=14899 ioctlcmd=8916 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 mmap: syz-executor1 (7552) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. audit: type=1400 audit(1517386212.886:24): avc: denied { getopt } for pid=7534 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.