vmalloc: allocation failure: 0 bytes BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/4775 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 syz-executor.1: page allocation failure: order:0, mode:0x24000c2 CPU: 1 PID: 4773 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 797bccb6d9e943af ffff8801d2d67978 ffffffff81aad1a1 1ffff1003a5acf32 ffff8800b34d2f80 00000000024000c2 0000000000000000 ffffffff82895080 ffff8801d2d67a88 ffffffff8148c0cb ffffffff00000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __vmalloc_node_range mm/vmalloc.c:1693 [inline] [] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654 [] __vmalloc_node mm/vmalloc.c:1716 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1730 [inline] [] vmalloc+0x5c/0x70 mm/vmalloc.c:1745 [] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:98353 inactive_anon:6230 isolated_anon:0 active_file:4560 inactive_file:15196 isolated_file:0 unevictable:0 dirty:0 writeback:74 unstable:0 slab_reclaimable:4957 slab_unreclaimable:61871 mapped:58756 shmem:6306 pagetables:1898 bounce:0 free:1390912 free_pcp:350 free_cma:0 DMA32 free:2545388kB min:4696kB low:5868kB high:7044kB active_anon:178904kB inactive_anon:10520kB active_file:8160kB inactive_file:28256kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:0kB writeback:148kB mapped:107864kB shmem:10804kB slab_reclaimable:9116kB slab_unreclaimable:113448kB kernel_stack:1920kB pagetables:3240kB unstable:0kB bounce:0kB free_pcp:840kB local_pcp:284kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:3018260kB min:5580kB low:6972kB high:8368kB active_anon:214508kB inactive_anon:14400kB active_file:10080kB inactive_file:32528kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:0kB writeback:148kB mapped:127160kB shmem:14420kB slab_reclaimable:10712kB slab_unreclaimable:134036kB kernel_stack:3616kB pagetables:4352kB unstable:0kB bounce:0kB free_pcp:560kB local_pcp:68kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 227*4kB (UE) 1272*8kB (UM) 698*16kB (UME) 161*32kB (UME) 110*64kB (UME) 65*128kB (UM) 20*256kB (UME) 4*512kB (M) 1*1024kB (U) 2*2048kB (ME) 608*4096kB (M) = 2545420kB Normal: 533*4kB (UME) 1480*8kB (UME) 862*16kB (UME) 201*32kB (UME) 118*64kB (UME) 68*128kB (UM) 21*256kB (UM) 8*512kB (UME) 3*1024kB (UM) 1*2048kB (U) 721*4096kB (M) = 3018260kB 26062 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved vmalloc: allocation failure: 0 bytes syz-executor.1: page allocation failure: order:0, mode:0x24000c2 CPU: 1 PID: 4773 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 797bccb6d9e943af ffff8801d2d67978 ffffffff81aad1a1 1ffff1003a5acf32 ffff8800b34d2f80 00000000024000c2 0000000000000000 ffffffff82895080 ffff8801d2d67a88 ffffffff8148c0cb ffffffff00000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __vmalloc_node_range mm/vmalloc.c:1693 [inline] [] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654 [] __vmalloc_node mm/vmalloc.c:1716 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1730 [inline] [] vmalloc+0x5c/0x70 mm/vmalloc.c:1745 [] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:98553 inactive_anon:6230 isolated_anon:0 active_file:4560 inactive_file:15196 isolated_file:0 unevictable:0 dirty:0 writeback:74 unstable:0 slab_reclaimable:4957 slab_unreclaimable:61871 mapped:58756 shmem:6306 pagetables:1898 bounce:0 free:1390687 free_pcp:381 free_cma:0 DMA32 free:2544984kB min:4696kB low:5868kB high:7044kB active_anon:179204kB inactive_anon:10520kB active_file:8160kB inactive_file:28256kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:0kB writeback:148kB mapped:107864kB shmem:10804kB slab_reclaimable:9116kB slab_unreclaimable:113448kB kernel_stack:1920kB pagetables:3240kB unstable:0kB bounce:0kB free_pcp:948kB local_pcp:392kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:3017764kB min:5580kB low:6972kB high:8368kB active_anon:215008kB inactive_anon:14400kB active_file:10080kB inactive_file:32528kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:0kB writeback:148kB mapped:127160kB shmem:14420kB slab_reclaimable:10712kB slab_unreclaimable:134036kB kernel_stack:3616kB pagetables:4352kB unstable:0kB bounce:0kB free_pcp:576kB local_pcp:84kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 228*4kB (UME) 1225*8kB (UM) 698*16kB (UME) 159*32kB (UME) 110*64kB (UME) 65*128kB (UM) 20*256kB (UME) 4*512kB (M) 1*1024kB (U) 2*2048kB (ME) 608*4096kB (M) = 2544984kB Normal: 455*4kB (UE) 1457*8kB (UME) 862*16kB (UME) 200*32kB (UME) 118*64kB (UME) 68*128kB (UM) 21*256kB (UM) 8*512kB (UME) 3*1024kB (UM) 1*2048kB (U) 721*4096kB (M) = 3017732kB 26062 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved CPU: 0 PID: 4775 Comm: syz-executor.3 Not tainted 4.4.174+ #17 0000000000000000 7198eacd0eef5dca ffff8801bf01f6f8 ffffffff81aad1a1 ffff8800b34d5f00 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801bf01f738 ffffffff81b0ad83 ffff8801d1753180 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x769/0x890 net/socket.c:1975 [] __sys_sendmsg+0xc5/0x160 net/socket.c:2009 [] C_SYSC_sendmsg net/compat.c:725 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:723 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/4814 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 1 PID: 4814 Comm: syz-executor.3 Not tainted 4.4.174+ #17 0000000000000000 1cff4ed63e3a6f48 ffff8800b31ef6f8 ffffffff81aad1a1 ffff8801d1e417c0 0000000000000001 ffffffff82a861e0 ffffffff8292c040 0000000000000001 ffff8800b31ef738 ffffffff81b0ad83 ffff8800b37e5400 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x769/0x890 net/socket.c:1975 [] __sys_sendmsg+0xc5/0x160 net/socket.c:2009 [] C_SYSC_sendmsg net/compat.c:725 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:723 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a binder: 4847:4850 ioctl c0046686 20000500 returned -22 binder: 4847:4850 transaction failed 29189/-22, size 0-0 line 3014 binder: 4847:4850 ioctl c0046686 20000500 returned -22 binder: 4847:4863 transaction failed 29189/-22, size 0-0 line 3014 capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure audit: type=1400 audit(1561813229.695:17): avc: denied { write } for pid=4934 comm="syz-executor.3" name="map_files" dev="proc" ino=15958 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1561813229.875:18): avc: denied { setattr } for pid=4934 comm="syz-executor.3" name="map_files" dev="proc" ino=15958 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1561813233.135:19): avc: denied { getopt } for pid=5083 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1561813234.905:20): avc: denied { ioctl } for pid=5128 comm="syz-executor.0" path="socket:[16182]" dev="sockfs" ino=16182 ioctlcmd=8933 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 5168:5170 transaction failed 29189/-22, size 0-0 line 3014