BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.2/9749 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 9749 Comm: syz-executor.2 Not tainted 4.4.174+ #17 0000000000000000 04ec8183b2c24516 ffff8800a5b275f8 ffffffff81aad1a1 ffff8800a59bc740 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8800a5b27638 ffffffff81b0ad83 ffff8801d9e712a1 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x1d6/0x2e0 net/socket.c:2053 [] C_SYSC_sendmmsg net/compat.c:731 [inline] [] compat_SyS_sendmmsg+0x32/0x40 net/compat.c:728 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent device syz_tun entered promiscuous mode keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: Insufficient bytes present for keycount 20 device syz_tun left promiscuous mode keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent binder: 9990:9991 got transaction with invalid offset (8747515702831047727, min 0 max 72) or object. binder: 9990:9991 transaction failed 29201/-22, size 72-24 line 3199 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 9990:9993 ioctl 40046207 0 returned -16 binder: 9990:9993 transaction failed 29189/-22, size 72-24 line 3014 binder: undelivered TRANSACTION_ERROR: 29189 keychord: using input dev AT Translated Set 2 keyboard for fevent netlink: 1 bytes leftover after parsing attributes in process `syz-executor.2'. vmalloc: allocation failure: 0 bytes syz-executor.0: page allocation failure: order:0, mode:0x24000c2 keychord: using input dev AT Translated Set 2 keyboard for fevent netlink: 1 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor.2'. CPU: 0 PID: 10099 Comm: syz-executor.0 Not tainted 4.4.174+ #17 0000000000000000 8a7bf2209ba3eedb ffff8800ba7d7978 ffffffff81aad1a1 1ffff100174faf32 ffff8801d3cf0000 00000000024000c2 0000000000000000 ffffffff82895080 ffff8800ba7d7a88 ffffffff8148c0cb ffffffff00000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __vmalloc_node_range mm/vmalloc.c:1693 [inline] [] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654 [] __vmalloc_node mm/vmalloc.c:1716 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1730 [inline] [] vmalloc+0x5c/0x70 mm/vmalloc.c:1745 [] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:222928 inactive_anon:7953 isolated_anon:0 active_file:5050 inactive_file:15671 isolated_file:0 unevictable:0 dirty:278 writeback:0 unstable:0 slab_reclaimable:6004 slab_unreclaimable:66578 mapped:61787 shmem:8115 pagetables:4138 bounce:0 free:1247507 free_pcp:485 free_cma:0 DMA32 free:2281172kB min:4696kB low:5868kB high:7044kB active_anon:408760kB inactive_anon:13624kB active_file:9364kB inactive_file:27264kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:660kB writeback:0kB mapped:112304kB shmem:14268kB slab_reclaimable:11128kB slab_unreclaimable:120348kB kernel_stack:3808kB pagetables:7684kB unstable:0kB bounce:0kB free_pcp:1080kB local_pcp:420kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:2708856kB min:5580kB low:6972kB high:8368kB active_anon:482952kB inactive_anon:18188kB active_file:10836kB inactive_file:35420kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:452kB writeback:0kB mapped:134844kB shmem:18192kB slab_reclaimable:12888kB slab_unreclaimable:145964kB kernel_stack:5056kB pagetables:8868kB unstable:0kB bounce:0kB free_pcp:860kB local_pcp:196kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 651*4kB (UM) 831*8kB (UME) 589*16kB (UME) 187*32kB (UME) 122*64kB (UME) 78*128kB (UME) 53*256kB (UME) 28*512kB (UM) 13*1024kB (UE) 5*2048kB (UME) 534*4096kB (UM) = 2281172kB Normal: 968*4kB (UM) 931*8kB (UME) 596*16kB (UME) 231*32kB (UME) 116*64kB (ME) 117*128kB (UME) 75*256kB (UME) 38*512kB (UME) 18*1024kB (UME) 4*2048kB (U) 633*4096kB (M) = 2708696kB 28835 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved keychord: using input dev AT Translated Set 2 keyboard for fevent vmalloc: allocation failure: 0 bytes syz-executor.0: page allocation failure: order:0, mode:0x24000c2 CPU: 1 PID: 10122 Comm: syz-executor.0 Not tainted 4.4.174+ #17 0000000000000000 e61be95e11982f86 ffff88009c2cf978 ffffffff81aad1a1 1ffff10013859f32 ffff8801d65f2f80 00000000024000c2 0000000000000000 ffffffff82895080 ffff88009c2cfa88 ffffffff8148c0cb ffffffff00000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __vmalloc_node_range mm/vmalloc.c:1693 [inline] [] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654 [] __vmalloc_node mm/vmalloc.c:1716 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1730 [inline] [] vmalloc+0x5c/0x70 mm/vmalloc.c:1745 [] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:226887 inactive_anon:7952 isolated_anon:0 active_file:4937 inactive_file:15678 isolated_file:0 unevictable:0 dirty:199 writeback:0 unstable:0 slab_reclaimable:5970 slab_unreclaimable:66549 mapped:61788 shmem:8117 pagetables:4197 bounce:0 free:1244858 free_pcp:517 free_cma:0 keychord: using input dev AT Translated Set 2 keyboard for fevent DMA32 free:2276372kB min:4696kB low:5868kB high:7044kB active_anon:416064kB inactive_anon:13616kB active_file:8980kB inactive_file:27268kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:416kB writeback:0kB mapped:112304kB shmem:14264kB slab_reclaimable:11104kB slab_unreclaimable:120168kB kernel_stack:3584kB pagetables:7604kB unstable:0kB bounce:0kB free_pcp:1064kB local_pcp:512kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:2703060kB min:5580kB low:6972kB high:8368kB active_anon:491384kB inactive_anon:18192kB active_file:10768kB inactive_file:35460kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:380kB writeback:0kB mapped:134848kB shmem:18204kB slab_reclaimable:12776kB slab_unreclaimable:146064kB kernel_stack:5312kB pagetables:9116kB unstable:0kB bounce:0kB free_pcp:1160kB local_pcp:692kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 283*4kB (UME) 279*8kB (UME) 596*16kB (UME) 209*32kB (UME) 146*64kB (UME) 78*128kB (UME) 53*256kB (UME) 28*512kB (UM) 13*1024kB (UE) 5*2048kB (UME) 534*4096kB (UM) = 2277636kB Normal: 957*4kB (UME) 854*8kB (UME) 600*16kB (UME) 243*32kB (UME) 159*64kB (UME) 120*128kB (UME) 75*256kB (UME) 39*512kB (UME) 18*1024kB (UME) 4*2048kB (U) 633*4096kB (M) = 2712132kB 28749 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB keychord: using input dev AT Translated Set 2 keyboard for fevent Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved vmalloc: allocation failure: 0 bytes syz-executor.1: page allocation failure: order:0, mode:0x24000c2 CPU: 1 PID: 10137 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 316684b5554d9a5a ffff8800b117f978 ffffffff81aad1a1 1ffff1001622ff32 ffff8800b4368000 00000000024000c2 0000000000000000 ffffffff82895080 ffff8800b117fa88 ffffffff8148c0cb ffffffff00000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __vmalloc_node_range mm/vmalloc.c:1693 [inline] [] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654 [] __vmalloc_node mm/vmalloc.c:1716 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1730 [inline] [] vmalloc+0x5c/0x70 mm/vmalloc.c:1745 [] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:222757 inactive_anon:7953 isolated_anon:0 active_file:4942 inactive_file:15692 isolated_file:0 unevictable:0 dirty:206 writeback:0 unstable:0 slab_reclaimable:5945 slab_unreclaimable:66643 mapped:61787 shmem:8116 pagetables:4182 bounce:0 free:1249036 free_pcp:655 free_cma:0 DMA32 free:2283892kB min:4696kB low:5868kB high:7044kB active_anon:408252kB inactive_anon:13620kB active_file:8988kB inactive_file:27316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:432kB writeback:0kB mapped:112304kB shmem:14264kB slab_reclaimable:11008kB slab_unreclaimable:120456kB kernel_stack:3808kB pagetables:7668kB unstable:0kB bounce:0kB free_pcp:1244kB local_pcp:548kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:2712472kB min:5580kB low:6972kB high:8368kB active_anon:482776kB inactive_anon:18192kB active_file:10780kB inactive_file:35452kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:392kB writeback:0kB mapped:134844kB shmem:18200kB slab_reclaimable:12772kB slab_unreclaimable:146116kB kernel_stack:5248kB pagetables:9060kB unstable:0kB bounce:0kB free_pcp:1292kB local_pcp:628kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 722*4kB (UME) 730*8kB (UME) 599*16kB (UME) 197*32kB (UME) 144*64kB (UME) 73*128kB (UME) 53*256kB (UME) 31*512kB (UM) 13*1024kB (UE) 5*2048kB (UME) 534*4096kB (UM) = 2283432kB Normal: 970*4kB (UME) 861*8kB (UME) 597*16kB (UME) 263*32kB (UME) 156*64kB (UME) 120*128kB (UME) 75*256kB (UME) 40*512kB (UME) 18*1024kB (UME) 4*2048kB (U) 633*4096kB (M) = 2713152kB 28749 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved vmalloc: allocation failure: 0 bytes syz-executor.4: page allocation failure: order:0, mode:0x24000c2 CPU: 1 PID: 10143 Comm: syz-executor.4 Not tainted 4.4.174+ #17 0000000000000000 100cef6caf5ba17e ffff8801d4f1f978 ffffffff81aad1a1 1ffff1003a9e3f32 ffff8800b3c2df00 00000000024000c2 0000000000000000 ffffffff82895080 ffff8801d4f1fa88 ffffffff8148c0cb ffffffff00000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757 [] __vmalloc_node_range mm/vmalloc.c:1693 [inline] [] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654 [] __vmalloc_node mm/vmalloc.c:1716 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1730 [inline] [] vmalloc+0x5c/0x70 mm/vmalloc.c:1745 [] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Mem-Info: active_anon:222757 inactive_anon:7953 isolated_anon:0 active_file:4942 inactive_file:15692 isolated_file:0 unevictable:0 dirty:206 writeback:0 unstable:0 slab_reclaimable:5945 slab_unreclaimable:66526 mapped:61787 shmem:8116 pagetables:4182 bounce:0 free:1249144 free_pcp:561 free_cma:0 DMA32 free:2283496kB min:4696kB low:5868kB high:7044kB active_anon:408252kB inactive_anon:13620kB active_file:8988kB inactive_file:27316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:432kB writeback:0kB mapped:112304kB shmem:14264kB slab_reclaimable:11008kB slab_unreclaimable:120456kB kernel_stack:3808kB pagetables:7668kB unstable:0kB bounce:0kB free_pcp:996kB local_pcp:576kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 3504 3504 Normal free:2712804kB min:5580kB low:6972kB high:8368kB active_anon:482876kB inactive_anon:18192kB active_file:10780kB inactive_file:35452kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:392kB writeback:0kB mapped:134844kB shmem:18200kB slab_reclaimable:12772kB slab_unreclaimable:145648kB kernel_stack:5248kB pagetables:9208kB unstable:0kB bounce:0kB free_pcp:1056kB local_pcp:452kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 DMA32: 722*4kB (UME) 740*8kB (UME) 600*16kB (UME) 197*32kB (UME) 144*64kB (UME) 73*128kB (UME) 53*256kB (UME) 31*512kB (UM) 13*1024kB (UE) 5*2048kB (UME) 534*4096kB (UM) = 2283528kB Normal: 981*4kB (UME) 877*8kB (UME) 596*16kB (UME) 265*32kB (UME) 157*64kB (UME) 120*128kB (UME) 75*256kB (UME) 41*512kB (UME) 18*1024kB (UME) 4*2048kB (U) 633*4096kB (M) = 2713948kB 28757 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313294 pages reserved device sit0 entered promiscuous mode device sit0 left promiscuous mode