BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor6/5239 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 5239 Comm: syz-executor6 Not tainted 4.4.113-g962d1f3 #2 audit: type=1400 audit(1517245879.416:6): avc: denied { setattr } for pid=5242 comm="syz-executor7" name="oom_score_adj" dev="proc" ino=12477 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 8a0d64f881422cec ffff8800aac876c8 ffffffff81d028ed 0000000000000000 ffffffff839fe3a0 ffffffff83cef6a0 ffff8800aacbaf80 0000000000000003 ffff8800aac87708 ffffffff81d62834 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962 [] __sys_sendmsg+0xd3/0x190 net/socket.c:1996 [] SYSC_sendmsg net/socket.c:2007 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2003 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1400 audit(1517245879.926:7): avc: denied { write } for pid=5328 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 syz-executor6 uses obsolete (PF_INET,SOCK_PACKET) audit: type=1400 audit(1517245880.306:8): avc: denied { read } for pid=5391 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 device gre0 entered promiscuous mode capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use) audit: type=1400 audit(1517245881.056:9): avc: denied { set_context_mgr } for pid=5537 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 5537:5573 ioctl 40046207 0 returned -16 mip6: mip6_destopt_init_state: spi is not 0: 3942907904 mip6: mip6_destopt_init_state: spi is not 0: 3942907904 audit: type=1326 audit(1517245881.676:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5724 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 audit: type=1326 audit(1517245881.726:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5724 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 audit: type=1400 audit(1517245882.216:12): avc: denied { call } for pid=5750 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: binder_alloc_mmap_handler: 5750 20000000-20002000 already mapped failed -16 binder_alloc: 5750: binder_alloc_buf, no vma binder: BINDER_SET_CONTEXT_MGR already set binder: 5750:5791 ioctl 40046207 0 returned -16 binder: 5750:5761 transaction failed 29189/-3, size 24-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 device gre0 entered promiscuous mode netlink: 17 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517245884.576:13): avc: denied { create } for pid=6252 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 IPv4: Oversized IP packet from 127.0.0.1 binder: 6352 invalid dec weak, ref 5 desc 0 s 1 w 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 6352:6356 ioctl 40046207 0 returned -16 binder: 6352 invalid dec weak, ref 6 desc 0 s 1 w 0 binder: 6402:6403 ERROR: BC_REGISTER_LOOPER called without request binder: 6402:6403 got reply with fd, -1, but target does not allow fds binder: 6402:6403 transaction failed 29201/-1, size 24-8 line 3233 binder: send failed reply for transaction 8 to 6402:6411 binder: undelivered TRANSACTION_ERROR: 29190 binder_alloc: 6402: binder_alloc_buf, no vma binder: 6402:6411 transaction failed 29189/-3, size 0-0 line 3128 binder: 6402:6403 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: BINDER_SET_CONTEXT_MGR already set binder: 6552:6563 ioctl 40046207 0 returned -16 audit: type=1400 audit(1517245886.096:14): avc: denied { create } for pid=6591 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable mmap: syz-executor1 (6755) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. binder: 6841:6853 ioctl 8905 20730ffc returned -22 binder: 6841:6853 transaction failed 29189/-22, size 0-8 line 3005 binder: 6841:6853 ioctl 4010641a 20e11000 returned -22 binder_alloc: binder_alloc_mmap_handler: 6841 20000000-20002000 already mapped failed -16 binder: 6841:6881 ioctl 8905 20730ffc returned -22 binder: 6841:6881 transaction failed 29189/-22, size 0-8 line 3005 binder: 6841:6889 ioctl 4010641a 20e11000 returned -22 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: BINDER_SET_CONTEXT_MGR already set binder: 6940:6945 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: 6999: binder_alloc_buf, no vma binder: 6999:7000 ioctl 40046207 0 returned -16 binder: 6999:7022 BC_FREE_BUFFER u0000000020000000 no match binder: 6999:7021 transaction failed 29189/-3, size 0-0 line 3128 binder_alloc: 6999: binder_alloc_buf, no vma binder: 6999:7022 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6999:7000 transaction 21 out, still active binder: release 6999:7000 transaction 20 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 6999:7009 transaction 20 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 21, target dead binder: send failed reply for transaction 20, target dead binder: binder_mmap: 7025 20381000-20384000 bad vm_flags failed -1 binder: binder_mmap: 7025 20381000-20384000 bad vm_flags failed -1 IPVS: length: 371 != 24 IPVS: length: 371 != 24 binder: 7135:7152 tried to acquire reference to desc 0, got 1 instead binder: 7135:7155 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7240:7243 ioctl c0306201 20680fd0 returned -11 binder: BINDER_SET_CONTEXT_MGR already set binder: 7240:7266 ioctl 40046207 0 returned -16