syz-executor4: page allocation failure: order:0, mode:0x24000c2 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/6038 CPU: 0 PID: 6021 Comm: syz-executor4 Not tainted 4.4.120-gd63fdf6 #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 ad69544fb4828246 ffff8801c4377938 ffffffff81d0408d 1ffff1003886ef2a ffff8801c2081800 00000000024000c2 0000000000000000 0000000000000001 ffff8801c4377a48 ffffffff81431059 ffffffff838ac620 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527 [] __vfs_write+0x103/0x450 fs/read_write.c:489 [] vfs_write+0x18a/0x530 fs/read_write.c:538 [] SYSC_write fs/read_write.c:585 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:577 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:54397 inactive_anon:44 isolated_anon:0 active_file:3607 inactive_file:8407 isolated_file:0 unevictable:0 dirty:49 writeback:0 unstable:0 slab_reclaimable:5264 slab_unreclaimable:59747 mapped:24294 shmem:51 pagetables:685 bounce:0 free:1473457 free_pcp:532 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411 DMA32 free:2672532kB min:30608kB low:38260kB high:45912kB active_anon:96660kB inactive_anon:76kB active_file:6556kB inactive_file:13748kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982732kB mlocked:0kB dirty:112kB writeback:0kB mapped:48380kB shmem:96kB slab_reclaimable:9664kB slab_unreclaimable:108488kB kernel_stack:1408kB pagetables:1236kB unstable:0kB bounce:0kB free_pcp:1044kB local_pcp:340kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 3500 3500 Normal free:3205392kB min:36808kB low:46008kB high:55212kB active_anon:120928kB inactive_anon:100kB active_file:7872kB inactive_file:19880kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:84kB writeback:0kB mapped:48796kB shmem:108kB slab_reclaimable:11392kB slab_unreclaimable:130500kB kernel_stack:4160kB pagetables:1504kB unstable:0kB bounce:0kB free_pcp:1084kB local_pcp:460kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB DMA32: 215*4kB (UME) 91*8kB (UME) 131*16kB (UM) 24*32kB (UM) 12*64kB (UME) 6*128kB (UME) 4*256kB (ME) 2*512kB (UE) 26*1024kB (ME) 0*2048kB 644*4096kB (M) = 2672484kB Normal: 374*4kB (UME) 297*8kB (UME) 275*16kB (UM) 63*32kB (UM) 29*64kB (UME) 17*128kB (UME) 9*256kB (UME) 2*512kB (UM) 33*1024kB (UME) 2*2048kB (ME) 769*4096kB (M) = 3205360kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12064 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320145 pages reserved vmalloc: allocation failure: 0 bytes syz-executor4: page allocation failure: order:0, mode:0x24000c2 CPU: 0 PID: 6044 Comm: syz-executor4 Not tainted 4.4.120-gd63fdf6 #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 61a4f40d305a2c55 ffff8801d9567938 ffffffff81d0408d 1ffff1003b2acf2a ffff8801d7ac1800 00000000024000c2 0000000000000000 0000000000000001 ffff8801d9567a48 ffffffff81431059 ffffffff838ac620 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527 [] __vfs_write+0x103/0x450 fs/read_write.c:489 [] vfs_write+0x18a/0x530 fs/read_write.c:538 [] SYSC_write fs/read_write.c:585 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:577 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:54397 inactive_anon:44 isolated_anon:0 active_file:3607 inactive_file:8407 isolated_file:0 unevictable:0 dirty:49 writeback:0 unstable:0 slab_reclaimable:5264 slab_unreclaimable:59747 mapped:24294 shmem:51 pagetables:685 bounce:0 free:1473457 free_pcp:532 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411 DMA32 free:2672532kB min:30608kB low:38260kB high:45912kB active_anon:96660kB inactive_anon:76kB active_file:6556kB inactive_file:13748kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982732kB mlocked:0kB dirty:112kB writeback:0kB mapped:48380kB shmem:96kB slab_reclaimable:9664kB slab_unreclaimable:108488kB kernel_stack:1408kB pagetables:1236kB unstable:0kB bounce:0kB free_pcp:1044kB local_pcp:340kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 3500 3500 Normal free:3205392kB min:36808kB low:46008kB high:55212kB active_anon:120928kB inactive_anon:100kB active_file:7872kB inactive_file:19880kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:84kB writeback:0kB mapped:48796kB shmem:108kB slab_reclaimable:11392kB slab_unreclaimable:130500kB kernel_stack:4160kB pagetables:1504kB unstable:0kB bounce:0kB free_pcp:1084kB local_pcp:460kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB DMA32: 215*4kB (UME) 91*8kB (UME) 131*16kB (UM) 24*32kB (UM) 12*64kB (UME) 6*128kB (UME) 4*256kB (ME) 2*512kB (UE) 26*1024kB (ME) 0*2048kB 644*4096kB (M) = 2672484kB Normal: 374*4kB (UME) 297*8kB (UME) 275*16kB (UM) 63*32kB (UM) 29*64kB (UME) 17*128kB (UME) 9*256kB (UME) 2*512kB (UM) 33*1024kB (UME) 2*2048kB (ME) 769*4096kB (M) = 3205360kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12064 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320145 pages reserved caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 6038 Comm: syz-executor7 Not tainted 4.4.120-gd63fdf6 #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 b00a877dce4ea861 ffff8801d7f576b8 ffffffff81d0408d 0000000000000001 ffffffff839fe5a0 ffffffff83d0be20 ffff8801c2958000 0000000000000003 ffff8801d7f576f8 ffffffff81d63fe4 ffff8801d7f57710 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp6_init_state+0xb5/0x820 net/ipv6/ipcomp6.c:165 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state net/key/af_key.c:1289 [inline] [] pfkey_add+0x1fbb/0x3490 net/key/af_key.c:1506 [] pfkey_process+0x68b/0x750 net/key/af_key.c:2834 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3678 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962 [] __sys_sendmsg+0xd3/0x190 net/socket.c:1996 [] SYSC_sendmsg net/socket.c:2007 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2003 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1400 audit(1521013370.438:12): avc: denied { create } for pid=6071 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1521013370.578:13): avc: denied { ioctl } for pid=6129 comm="syz-executor5" path="socket:[14164]" dev="sockfs" ino=14164 ioctlcmd=8903 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1521013370.578:14): avc: denied { write } for pid=6134 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 6151:6163 unknown command 115 binder: 6151:6163 ioctl c0306201 2000dfd0 returned -22 binder: 6151:6178 unknown command 115 binder: 6175:6184 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 6151:6178 ioctl c0306201 2000dfd0 returned -22 binder: 6175:6194 BC_DEAD_BINDER_DONE 0000000000000003 not found netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1400 audit(1521013372.308:15): avc: denied { call } for pid=6375 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 6375: binder_alloc_buf, no vma binder: BINDER_SET_CONTEXT_MGR already set binder: 6375:6396 ioctl 40046207 0 returned -16 binder_alloc: 6375: binder_alloc_buf, no vma binder: 6375:6396 transaction failed 29189/-3, size 40-8 line 3128 binder: 6375:6379 transaction failed 29189/-3, size 40-8 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. audit: type=1326 audit(1521013372.738:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6481 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453e69 code=0x0 audit: type=1326 audit(1521013372.738:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6481 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453e69 code=0x0 audit: type=1326 audit(1521013372.738:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6481 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=35 compat=0 ip=0x47f591 code=0x0 device syz_tun entered promiscuous mode device syz_tun left promiscuous mode netlink: 28 bytes leftover after parsing attributes in process `syz-executor1'. binder_alloc: 6653: binder_alloc_buf, no vma binder: 6653:6673 transaction failed 29189/-3, size 0-0 line 3128 binder: 6653:6673 got reply transaction with no transaction stack binder: 6653:6673 transaction failed 29201/-71, size 0-0 line 2921 binder: BINDER_SET_CONTEXT_MGR already set binder: 6653:6706 ioctl 40046207 0 returned -16 binder_alloc: 6653: binder_alloc_buf, no vma binder: 6653:6673 transaction failed 29189/-3, size 0-0 line 3128 binder: 6653:6707 got reply transaction with no transaction stack binder: 6653:6707 transaction failed 29201/-71, size 0-0 line 2921 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1400 audit(1521013374.358:19): avc: denied { accept } for pid=6741 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1326 audit(1521013375.298:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6985 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453e69 code=0x0 audit: type=1326 audit(1521013375.298:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6985 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453e69 code=0x0 audit_printk_skb: 3 callbacks suppressed audit: type=1400 audit(1521013376.038:23): avc: denied { write } for pid=7097 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor2/7111 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 7111 Comm: syz-executor2 Not tainted 4.4.120-gd63fdf6 #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 24d662bcbdaf02f2 ffff8800b9ad76c8 ffffffff81d0408d 0000000000000000 ffffffff839fe5a0 ffffffff83d0be20 ffff8801c1a2c800 0000000000000003 ffff8800b9ad7708 ffffffff81d63fe4 ffff8800b9ad7720 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2084 [] pfkey_msg2xfrm_state net/key/af_key.c:1289 [inline] [] pfkey_add+0x1fbb/0x3490 net/key/af_key.c:1506 [] pfkey_process+0x68b/0x750 net/key/af_key.c:2834 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3678 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962 [] __sys_sendmsg+0xd3/0x190 net/socket.c:1996 [] SYSC_sendmsg net/socket.c:2007 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2003 [] entry_SYSCALL_64_fastpath+0x1c/0x98 binder: 7120:7129 got transaction with invalid offsets ptr binder: 7120:7129 transaction failed 29201/-14, size 56-8 line 3156 binder_alloc: binder_alloc_mmap_handler: 7120 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 7120:7145 ioctl 40046207 0 returned -16 audit: type=1400 audit(1521013376.608:24): avc: denied { getopt } for pid=7154 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1521013376.658:25): avc: denied { setopt } for pid=7154 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1521013376.678:26): avc: denied { read } for pid=7154 comm="syz-executor7" path="socket:[16317]" dev="sockfs" ino=16317 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. ALSA: seq fatal error: cannot create timer (-22) binder: 7477:7489 got transaction with invalid offsets ptr binder: 7477:7489 transaction failed 29201/-14, size 40-8 line 3156 binder: BINDER_SET_CONTEXT_MGR already set binder: 7477:7500 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1401 audit(1521013378.038:27): op=fscreate invalid_context=73797374656D5F753A6F626A6563745F723A616E6163726F6E5F657865635F743A733000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000[ 57.703798] audit: type=1400 audit(1521013378.588:28): avc: denied { ioctl } for pid=7636 comm="syz-executor6" path="socket:[17107]" dev="sockfs" ino=17107 ioctlcmd=8903 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1