check_preemption_disabled: 33 callbacks suppressed BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor6/7384 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 7384 Comm: syz-executor6 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 95a9efa86b9e53b0 ffff8800b63ef800 ffffffff81d028ed 0000000000000000 ffffffff839fe3a0 ffffffff83cef6a0 ffff8801d3bfaf80 0000000000000003 ffff8800b63ef840 ffffffff81d62834 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] SYSC_sendto+0x2c8/0x340 net/socket.c:1665 [] SyS_sendto+0x40/0x50 net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x1c/0x98 TCP: request_sock_TCP: Possible SYN flooding on port 20024. Sending cookies. Check SNMP counters. binder: 7582:7593 BC_INCREFS_DONE u0000000000000000 no match binder: 7582:7600 BC_INCREFS_DONE u0000000000000000 no match binder: 7636:7639 transaction failed 29201/-28, size -227-0 line 3128 binder_alloc: binder_alloc_mmap_handler: 7636 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 7636:7639 ioctl 40046207 0 returned -16 binder_alloc: 7636: binder_alloc_buf, no vma binder: 7636:7651 transaction failed 29189/-3, size -227-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. binder: 7876:7889 ioctl 8954 20814000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 7876:7911 ioctl 40046207 0 returned -16 binder_alloc: 7876: binder_alloc_buf, no vma binder: 7876:7921 ioctl 8954 20814000 returned -22 binder: 7876:7921 got reply transaction with no transaction stack binder: 7876:7900 transaction failed 29189/-3, size 0-0 line 3128 binder: 7876:7921 transaction failed 29201/-71, size 0-0 line 2921 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 43, process died. binder: undelivered TRANSACTION_COMPLETE FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8019 Comm: syz-executor2 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 83179a434ed9c3b3 ffff8801d01bf6d0 ffffffff81d028ed ffff8800b68bdb00 1ffff1003a037ee7 ffff8801d01bf858 0000000000000000 0000000000000000 ffff8801d01bf880 ffffffff81605ec5 ffffffff81236530 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316 [] do_anonymous_page mm/memory.c:2731 [inline] [] handle_pte_fault mm/memory.c:3295 [inline] [] __handle_mm_fault mm/memory.c:3426 [inline] [] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455 [] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x7aa/0xee0 fs/ioctl.c:607 [] SYSC_ioctl fs/ioctl.c:622 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613 [] entry_SYSCALL_64_fastpath+0x1c/0x98 binder_alloc: binder_alloc_mmap_handler: 8070 20fc3000-20fc7000 already mapped failed -16 audit: type=1400 audit(1517388772.651:25): avc: denied { execute } for pid=8085 comm="syz-executor7" path="pipe:[15752]" dev="pipefs" ino=15752 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 binder: 8102:8107 BC_INCREFS_DONE uffffffffffffffff no match binder: 8102:8121 BC_INCREFS_DONE uffffffffffffffff no match netlink: 24 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor3'. tc_dump_action: action bad kind tc_dump_action: action bad kind binder: 8564:8567 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 8564:8567 BC_FREE_BUFFER uffffffffffffffff no match binder: 8564:8567 BC_ACQUIRE_DONE uffffffffffffffff no match binder: 8564:8567 BC_FREE_BUFFER uffffffffffffffff no match audit: type=1400 audit(1517388774.911:26): avc: denied { read } for pid=8657 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517388776.561:27): avc: denied { getattr } for pid=9054 comm="syz-executor6" path="socket:[18073]" dev="sockfs" ino=18073 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517388776.961:28): avc: denied { create } for pid=9131 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1517388777.011:29): avc: denied { write } for pid=9131 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 binder: 9175:9177 BC_INCREFS_DONE u0000000000000000 no match binder: 9175:9177 BC_INCREFS_DONE u0000000000000000 no match netlink: 40 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 40 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. binder: 9405:9412 transaction failed 29189/-22, size 0-8 line 3005 binder: 9405:9421 transaction failed 29189/-22, size 0-8 line 3005 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: 9491: binder_alloc_buf, no vma binder: 9491:9514 transaction failed 29189/-3, size 0-0 line 3128 binder: 9491:9508 got reply transaction with no transaction stack binder: 9491:9508 transaction failed 29201/-71, size 0-0 line 2921 binder: 9491:9518 BC_FREE_BUFFER u0000000020000000 no match binder_alloc: 9491: binder_alloc_buf, no vma binder: 9491:9518 transaction failed 29189/-3, size 0-0 line 3128 binder: 9491:9497 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 9491:9497 transaction 51 out, still active binder: undelivered TRANSACTION_COMPLETE IPv4: Oversized IP packet from 127.0.0.1 netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly binder: undelivered transaction 50, process died. binder: send failed reply for transaction 51, target dead