BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/3857
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 3857 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 1339c78e1608d7c1 ffff8801ad04f7d8 ffffffff81aad1a1
 ffff8800b6a12f80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801ad04f818 ffffffff81b0ad83 1ffff10035a09f00
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff82412741>] tcp_prune_queue net/ipv4/tcp_input.c:4978 [inline]
 [<ffffffff82412741>] tcp_try_rmem_schedule+0x1a1/0x1280 net/ipv4/tcp_input.c:4386
 [<ffffffff82424747>] tcp_send_rcvq+0x1d7/0x4a0 net/ipv4/tcp_input.c:4574
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821da269>] ___sys_sendmsg+0x769/0x890 net/socket.c:1975
 [<ffffffff821dd0c5>] __sys_sendmsg+0xc5/0x160 net/socket.c:2009
 [<ffffffff821dd18d>] SYSC_sendmsg net/socket.c:2020 [inline]
 [<ffffffff821dd18d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2016
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/3857
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 3857 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 1339c78e1608d7c1 ffff8801ad04f640 ffffffff81aad1a1
 ffff8800b6a12f80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801ad04f680 ffffffff81b0ad83 ffff88014c99dc40
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240f589>] tcp_collapse_one+0x119/0x1e0 net/ipv4/tcp_input.c:4736
 [<ffffffff8241204f>] tcp_collapse+0x84f/0xda0 net/ipv4/tcp_input.c:4849
 [<ffffffff82412c5a>] tcp_prune_queue net/ipv4/tcp_input.c:4990 [inline]
 [<ffffffff82412c5a>] tcp_try_rmem_schedule+0x6ba/0x1280 net/ipv4/tcp_input.c:4386
 [<ffffffff82424747>] tcp_send_rcvq+0x1d7/0x4a0 net/ipv4/tcp_input.c:4574
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821da269>] ___sys_sendmsg+0x769/0x890 net/socket.c:1975
 [<ffffffff821dd0c5>] __sys_sendmsg+0xc5/0x160 net/socket.c:2009
 [<ffffffff821dd18d>] SYSC_sendmsg net/socket.c:2020 [inline]
 [<ffffffff821dd18d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2016
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/3857
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 3857 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 1339c78e1608d7c1 ffff8801ad04f7d8 ffffffff81aad1a1
 ffff8800b6a12f80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801ad04f818 ffffffff81b0ad83 1ffff10035a09f00
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff824134d5>] tcp_prune_queue net/ipv4/tcp_input.c:5011 [inline]
 [<ffffffff824134d5>] tcp_try_rmem_schedule+0xf35/0x1280 net/ipv4/tcp_input.c:4386
 [<ffffffff82424747>] tcp_send_rcvq+0x1d7/0x4a0 net/ipv4/tcp_input.c:4574
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821da269>] ___sys_sendmsg+0x769/0x890 net/socket.c:1975
 [<ffffffff821dd0c5>] __sys_sendmsg+0xc5/0x160 net/socket.c:2009
 [<ffffffff821dd18d>] SYSC_sendmsg net/socket.c:2020 [inline]
 [<ffffffff821dd18d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2016
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor.3'.
audit: type=1400 audit(1573070298.541:513): avc:  denied  { write } for  pid=4170 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
vmalloc: allocation failure: 17179869180 bytes
syz-executor.2: page allocation failure: order:0, mode:0x24000c2
CPU: 1 PID: 4288 Comm: syz-executor.2 Not tainted 4.4.174+ #4
 0000000000000000 a854a2be7e25fc55 ffff8800995f77a8 ffffffff81aad1a1
 1ffff100132beef8 ffff8801b8cf97c0 00000000024000c2 0000000000000000
 ffffffff82895080 ffff8800995f78b8 ffffffff8148c0cb ffff880100000001
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff8148c0cb>] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757
 [<ffffffff8145fb65>] __vmalloc_node_range mm/vmalloc.c:1693 [inline]
 [<ffffffff8145fb65>] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654
 [<ffffffff8146031c>] __vmalloc_node mm/vmalloc.c:1716 [inline]
 [<ffffffff8146031c>] __vmalloc_node_flags mm/vmalloc.c:1730 [inline]
 [<ffffffff8146031c>] vmalloc+0x5c/0x70 mm/vmalloc.c:1745
 [<ffffffff8236da74>] xt_alloc_entry_offsets+0x44/0x60 net/netfilter/x_tables.c:757
 [<ffffffff825299a7>] translate_table+0x2c7/0x1c00 net/ipv4/netfilter/arp_tables.c:654
 [<ffffffff8252febd>] do_replace.isra.0+0x1cd/0x470 net/ipv4/netfilter/arp_tables.c:1116
vmalloc: allocation failure: 17179869180 bytes
syz-executor.2: page allocation failure: order:0, mode:0x24000c2
 [<ffffffff825303b2>] do_arpt_set_ctl+0x102/0x150 net/ipv4/netfilter/arp_tables.c:1620
 [<ffffffff822fcfad>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff822fcfad>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff823da69a>] ip_setsockopt net/ipv4/ip_sockglue.c:1225 [inline]
 [<ffffffff823da69a>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1210
 [<ffffffff824803be>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2162
 [<ffffffff82600384>] ipv6_setsockopt+0xa4/0x140 net/ipv6/ipv6_sockglue.c:899
 [<ffffffff823f782a>] tcp_setsockopt net/ipv4/tcp.c:2643 [inline]
 [<ffffffff823f782a>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2637
 [<ffffffff821def2a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2663
 [<ffffffff821dcb59>] SYSC_setsockopt net/socket.c:1780 [inline]
 [<ffffffff821dcb59>] SyS_setsockopt+0x159/0x240 net/socket.c:1759
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
CPU: 0 PID: 4295 Comm: syz-executor.2 Not tainted 4.4.174+ #4
 0000000000000000 cff89bd614724721 ffff88003fc377a8 ffffffff81aad1a1
 1ffff10007f86ef8 ffff880169cc17c0 00000000024000c2 0000000000000000
 ffffffff82895080 ffff88003fc378b8 ffffffff8148c0cb 0000000000000001
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff8148c0cb>] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757
 [<ffffffff8145fb65>] __vmalloc_node_range mm/vmalloc.c:1693 [inline]
 [<ffffffff8145fb65>] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654
 [<ffffffff8146031c>] __vmalloc_node mm/vmalloc.c:1716 [inline]
 [<ffffffff8146031c>] __vmalloc_node_flags mm/vmalloc.c:1730 [inline]
 [<ffffffff8146031c>] vmalloc+0x5c/0x70 mm/vmalloc.c:1745
 [<ffffffff8236da74>] xt_alloc_entry_offsets+0x44/0x60 net/netfilter/x_tables.c:757
 [<ffffffff825299a7>] translate_table+0x2c7/0x1c00 net/ipv4/netfilter/arp_tables.c:654
 [<ffffffff8252febd>] do_replace.isra.0+0x1cd/0x470 net/ipv4/netfilter/arp_tables.c:1116
 [<ffffffff825303b2>] do_arpt_set_ctl+0x102/0x150 net/ipv4/netfilter/arp_tables.c:1620
 [<ffffffff822fcfad>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff822fcfad>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff823da69a>] ip_setsockopt net/ipv4/ip_sockglue.c:1225 [inline]
 [<ffffffff823da69a>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1210
 [<ffffffff824803be>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2162
 [<ffffffff82600384>] ipv6_setsockopt+0xa4/0x140 net/ipv6/ipv6_sockglue.c:899
 [<ffffffff823f782a>] tcp_setsockopt net/ipv4/tcp.c:2643 [inline]
 [<ffffffff823f782a>] tcp_setsockopt+0x8a/0xe0 net/ipv4/tcp.c:2637
 [<ffffffff821def2a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2663
 [<ffffffff821dcb59>] SYSC_setsockopt net/socket.c:1780 [inline]
 [<ffffffff821dcb59>] SyS_setsockopt+0x159/0x240 net/socket.c:1759
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Mem-Info:
active_anon:311545 inactive_anon:868296 isolated_anon:0
 active_file:9131 inactive_file:26182 isolated_file:0
 unevictable:0 dirty:301 writeback:0 unstable:0
 slab_reclaimable:9516 slab_unreclaimable:84691
 mapped:920490 shmem:877168 pagetables:49184 bounce:0
 free:185606 free_pcp:599 free_cma:0
DMA32 free:346228kB min:4696kB low:5868kB high:7044kB active_anon:562860kB inactive_anon:1594276kB active_file:15784kB inactive_file:47644kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:516kB writeback:0kB mapped:1689220kB shmem:1610252kB slab_reclaimable:17540kB slab_unreclaimable:155104kB kernel_stack:33600kB pagetables:88032kB unstable:0kB bounce:0kB free_pcp:1252kB local_pcp:640kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 3504 3504
Normal free:412476kB min:5580kB low:6972kB high:8368kB active_anon:666820kB inactive_anon:1878908kB active_file:20740kB inactive_file:57084kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:688kB writeback:0kB mapped:1992740kB shmem:1898420kB slab_reclaimable:20524kB slab_unreclaimable:183992kB kernel_stack:41056kB pagetables:108556kB unstable:0kB bounce:0kB free_pcp:1056kB local_pcp:664kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
Mem-Info:
active_anon:307420 inactive_anon:868296 isolated_anon:0
 active_file:9131 inactive_file:26182 isolated_file:0
 unevictable:0 dirty:301 writeback:0 unstable:0
 slab_reclaimable:9516 slab_unreclaimable:84799
 mapped:920490 shmem:877168 pagetables:49147 bounce:0
 free:189704 free_pcp:559 free_cma:0
lowmem_reserve[]: 0 0 0
DMA32: 137*4kB (UM) 245*8kB (UME) 201*16kB (UME) 292*32kB (UME) 109*64kB (UM) 35*128kB (UME) 5*256kB (UME) 2*512kB (UM) 0*1024kB 3*2048kB (UME) 76*4096kB (M) = 346268kB
Normal: 243*4kB (UME) 249*8kB 
DMA32 free:346232kB min:4696kB low:5868kB high:7044kB active_anon:562760kB inactive_anon:1594276kB active_file:15784kB inactive_file:47644kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:516kB writeback:0kB mapped:1689220kB shmem:1610252kB slab_reclaimable:17540kB slab_unreclaimable:154980kB kernel_stack:33600kB pagetables:88328kB unstable:0kB bounce:0kB free_pcp:1084kB local_pcp:460kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
(UME) 202*16kB (ME) 258*32kB (UME) 137*64kB (UME) 35*128kB (UM) 7*256kB (UM) 2*512kB (ME) 3*1024kB (UME) 3*2048kB (UME) 91*4096kB (M) = 412468kB
912480 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313294 pages reserved
audit: type=1400 audit(1573070303.251:514): avc:  denied  { set_context_mgr } for  pid=4363 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: 4363:4370 ioctl 40046207 0 returned -16
lowmem_reserve[]: 0 3504 3504
Normal free:406580kB min:5580kB low:6972kB high:8368kB active_anon:672740kB inactive_anon:1878904kB active_file:20748kB inactive_file:57084kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:700kB writeback:0kB mapped:1992888kB shmem:1898420kB slab_reclaimable:20496kB slab_unreclaimable:184464kB kernel_stack:40928kB pagetables:108756kB unstable:0kB bounce:0kB free_pcp:488kB local_pcp:344kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no