syz-executor6: page allocation failure: order:0, mode:0x24000c2
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor5/9872
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 9855 Comm: syz-executor6 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 ee4ddb66cf14c075 ffff8800ad5b78c0 ffffffff81d03d2d
 1ffff10015ab6f1b ffff8801c93fb000 00000000024000c2 0000000000000000
 0000000000000001 ffff8800ad5b79d0 ffffffff814311e9 ffffffff838ac420
Call Trace:
 [<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff814311e9>] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757
 [<ffffffff814c871d>] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692
 [<ffffffff814c89fb>] __vmalloc_node mm/vmalloc.c:1715 [inline]
 [<ffffffff814c89fb>] __vmalloc_node_flags mm/vmalloc.c:1729 [inline]
 [<ffffffff814c89fb>] vmalloc+0x5b/0x70 mm/vmalloc.c:1744
 [<ffffffff81b700b0>] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527
 [<ffffffff8151d403>] __vfs_write+0x103/0x450 fs/read_write.c:489
 [<ffffffff8151f26a>] vfs_write+0x18a/0x530 fs/read_write.c:538
 [<ffffffff81521959>] SYSC_write fs/read_write.c:585 [inline]
 [<ffffffff81521959>] SyS_write+0xd9/0x1b0 fs/read_write.c:577
 [<ffffffff81006d74>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff83775c6a>] sysenter_flags_fixed+0xd/0x17
Mem-Info:
active_anon:50519 inactive_anon:46 isolated_anon:0
 active_file:3579 inactive_file:8152 isolated_file:0
 unevictable:0 dirty:103 writeback:0 unstable:0
 slab_reclaimable:5408 slab_unreclaimable:60182
 mapped:23705 shmem:181 pagetables:658 bounce:0
 free:1477520 free_pcp:459 free_cma:0
DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
lowmem_reserve[]: 0 2911 6411 6411
DMA32 free:2676436kB min:30608kB low:38260kB high:45912kB active_anon:90784kB inactive_anon:72kB active_file:6200kB inactive_file:14708kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982736kB mlocked:0kB dirty:96kB writeback:0kB mapped:45792kB shmem:348kB slab_reclaimable:10216kB slab_unreclaimable:104492kB kernel_stack:2656kB pagetables:1396kB unstable:0kB bounce:0kB free_pcp:676kB local_pcp:276kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 3500 3500
Normal free:3217740kB min:36808kB low:46008kB high:55212kB active_anon:111292kB inactive_anon:112kB active_file:8116kB inactive_file:17900kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:316kB writeback:0kB mapped:49028kB shmem:376kB slab_reclaimable:11416kB slab_unreclaimable:136236kB kernel_stack:3072kB pagetables:1236kB unstable:0kB bounce:0kB free_pcp:1160kB local_pcp:664kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
DMA32: 669*4kB (UME) 272*8kB (UM) 108*16kB (UME) 72*32kB (UM) 48*64kB (UM) 34*128kB (ME) 29*256kB (ME) 33*512kB (UM) 34*1024kB (ME) 2*2048kB (M) 634*4096kB (M) = 2676404kB
Normal: 657*4kB (UME) 377*8kB (UME) 188*16kB (UME) 141*32kB (UME) 134*64kB (UM) 69*128kB (UME) 56*256kB (ME) 51*512kB (UM) 53*1024kB (M) 4*2048kB (M) 753*4096kB (M) = 3217772kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
11911 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
320144 pages reserved
CPU: 1 PID: 9872 Comm: syz-executor5 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 95ae9a1d4b9c2cf4 ffff8800ad617648 ffffffff81d03d2d
 0000000000000001 ffffffff839fe3a0 ffffffff83cef720 ffff8800ad4f9800
 0000000000000003 ffff8800ad617688 ffffffff81d63c74 ffffffff810002b8
Call Trace:
 [<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
 [<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
 [<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
 [<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
 [<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
 [<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82ed93fa>] C_SYSC_sendmsg net/compat.c:720 [inline]
 [<ffffffff82ed93fa>] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:718
 [<ffffffff81006d74>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff83775c6a>] sysenter_flags_fixed+0xd/0x17
device syz1 entered promiscuous mode
device syz1 left promiscuous mode
binder: 10108:10111 transaction failed 29189/-22, size 0-0 line 3005
binder: undelivered TRANSACTION_ERROR: 29189
binder: 10108:10111 transaction failed 29189/-22, size 0-0 line 3005
binder: undelivered TRANSACTION_ERROR: 29189
binder_alloc: binder_alloc_mmap_handler: 10165 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 10165:10178 ioctl 40046207 0 returned -16
binder_alloc: 10165: binder_alloc_buf, no vma
binder_alloc: 10165: binder_alloc_buf, no vma
binder: 10165:10184 transaction failed 29189/-3, size 0-0 line 3128
TCP: request_sock_TCP: Possible SYN flooding on port 20022. Sending cookies.  Check SNMP counters.
binder: 10165:10194 transaction failed 29189/-3, size 0-0 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 54, process died.
binder: undelivered transaction 53, process died.
binder: 10385:10386 unknown command 0
binder: 10385:10386 ioctl c0306201 2000a000 returned -22
audit: type=1400 audit(1517666640.013:27): avc:  denied  { transfer } for  pid=10385 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder_alloc: binder_alloc_mmap_handler: 10385 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 10385:10386 ioctl 40046207 0 returned -16
binder: 10385:10391 unknown command 0
binder_alloc: 10385: binder_alloc_buf, no vma
binder: 10385:10391 ioctl c0306201 2000a000 returned -22
binder: 10385:10386 transaction failed 29189/-3, size 56-8 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 10385:10386 transaction 59 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 59, target dead
netlink: 192 bytes leftover after parsing attributes in process `syz-executor2'.
device lo entered promiscuous mode
device lo left promiscuous mode
netlink: 192 bytes leftover after parsing attributes in process `syz-executor2'.
device lo entered promiscuous mode
device lo left promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20030. Sending cookies.  Check SNMP counters.
audit: type=1400 audit(1517666641.303:28): avc:  denied  { set_context_mgr } for  pid=10641 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 10641:10657 got reply transaction with no transaction stack
binder: 10641:10657 transaction failed 29201/-71, size 0-8 line 2921
audit: type=1400 audit(1517666641.373:29): avc:  denied  { call } for  pid=10641 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 10641:10665 ERROR: BC_REGISTER_LOOPER called without request
binder: 10641:10657 ioctl 5405 2013b000 returned -22
binder_alloc: binder_alloc_mmap_handler: 10641 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 10641:10686 ioctl 40046207 0 returned -16
binder: 10641:10683 got reply transaction with no transaction stack
binder: 10641:10683 transaction failed 29201/-71, size 0-8 line 2921
binder_alloc: 10641: binder_alloc_buf, no vma
binder: 10641:10683 transaction failed 29189/-3, size 0-0 line 3128
binder: 10641:10683 ioctl 5405 2013b000 returned -22
binder: undelivered transaction 64, process died.
audit: type=1400 audit(1517666643.003:30): avc:  denied  { ioctl } for  pid=11012 comm="syz-executor4" path="socket:[18986]" dev="sockfs" ino=18986 ioctlcmd=6403 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
binder: 11223:11236 ioctl 2405 ffffffff returned -22
binder: 11223:11247 ioctl 2405 ffffffff returned -22
netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 11622:11634 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
keychord: unsupported version 33795
keychord: unsupported version 33795
binder: 11848:11852 got new transaction with bad transaction stack, transaction 70 has target 11848:0
binder: 11848:11852 transaction failed 29201/-71, size 0-0 line 3032
binder_alloc: binder_alloc_mmap_handler: 11848 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 11848:11852 ioctl 40046207 0 returned -16
binder_alloc: 11848: binder_alloc_buf, no vma
binder: 11848:11860 transaction failed 29189/-3, size 0-0 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 11848:11852 transaction 70 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 70, target dead
binder: binder_mmap: 11900 20381000-20384000 bad vm_flags failed -1
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
binder: binder_mmap: 11900 20381000-20384000 bad vm_flags failed -1
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
audit: type=1326 audit(1517666647.173:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12035 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf77bdba9 code=0x0
audit: type=1326 audit(1517666647.253:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12035 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf77bdba9 code=0x0