BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor0/5188
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 5188 Comm: syz-executor0 Not tainted 4.4.113-g962d1f3 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 a8c15b789b712f19 ffff8801cc6a7800 ffffffff81d028ed
 0000000000000001 ffffffff839fe3a0 ffffffff83cef6a0 ffff8800b12c0000
 0000000000000003 ffff8801cc6a7840 ffffffff81d62834 ffffffff810002b8
Call Trace:
 [<ffffffff81d028ed>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d028ed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d62834>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff81d6289c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff831289d9>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
 [<ffffffff83130b57>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
 [<ffffffff8314842b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
 [<ffffffff8311f71f>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
 [<ffffffff831d51fc>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
 [<ffffffff82dea20a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea20a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82deb158>] SYSC_sendto+0x2c8/0x340 net/socket.c:1665
 [<ffffffff82ded650>] SyS_sendto+0x40/0x50 net/socket.c:1633
 [<ffffffff83771c9f>] entry_SYSCALL_64_fastpath+0x1c/0x98
mmap: syz-executor4 (5221) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
l2tp_core: tunl 2: fd 19 wrong protocol, got 1, expected 17
l2tp_core: tunl 2: fd 19 wrong protocol, got 1, expected 17
l2tp_core: tunl 2: fd 19 wrong protocol, got 1, expected 17
sd 0:0:1:0: [sg0] tag#224 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#224 CDB: Test Unit Ready
sd 0:0:1:0: [sg0] tag#224 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#224 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#224 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#224 CDB[30]: 00 00 00
sd 0:0:1:0: [sg0] tag#224 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#224 CDB: Test Unit Ready
sd 0:0:1:0: [sg0] tag#224 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#224 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#224 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#224 CDB[30]: 00 00 00
audit: type=1400 audit(1517383968.393:7): avc:  denied  { ioctl } for  pid=5552 comm="syz-executor0" path="socket:[12538]" dev="sockfs" ino=12538 ioctlcmd=540e scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
binder: 5568:5572 ERROR: BC_REGISTER_LOOPER called without request
binder: 5568:5572 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER
binder: 5568:5590 ERROR: BC_REGISTER_LOOPER called without request
binder: 5608:5614 BC_INCREFS_DONE u0000000000000000 no match
binder: 5608:5628 BC_INCREFS_DONE u0000000000000000 no match
tmpfs: No value for mount option '�3�VxZ���Tݕ�Z��4"�q��,1'
tmpfs: No value for mount option '�3�VxZ���Tݕ�Z��4"�q��,1'
audit: type=1400 audit(1517383968.973:8): avc:  denied  { create } for  pid=5714 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
capability: warning: `syz-executor6' uses 32-bit capabilities (legacy support in use)
audit: type=1400 audit(1517383969.183:9): avc:  denied  { set_context_mgr } for  pid=5772 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1517383969.863:10): avc:  denied  { write } for  pid=5961 comm="syz-executor2" path="socket:[12769]" dev="sockfs" ino=12769 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1517383969.893:11): avc:  denied  { create } for  pid=5967 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
audit: type=1400 audit(1517383969.933:12): avc:  denied  { setopt } for  pid=5961 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
TCP: request_sock_TCP: Possible SYN flooding on port 20022. Sending cookies.  Check SNMP counters.
binder: 6064:6074 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 6064:6076 tried to acquire reference to desc 0, got 1 instead
binder: 6064:6074 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
binder: 6085:6089 transaction failed 29201/-22, size 0--4880856391614455847 line 3128
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6085:6104 ioctl 40046207 0 returned -16
binder_alloc: 6085: binder_alloc_buf, no vma
binder: 6085:6089 transaction failed 29189/-3, size 0--4880856391614455847 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
syz-executor0 uses obsolete (PF_INET,SOCK_PACKET)
netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'.
device gre0 entered promiscuous mode
audit_printk_skb: 21 callbacks suppressed
audit: type=1400 audit(1517383972.133:20): avc:  denied  { setattr } for  pid=6538 comm="syz-executor1" name="fdinfo" dev="proc" ino=13370 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor1/6556
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 6556 Comm: syz-executor1 Not tainted 4.4.113-g962d1f3 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 ad56c1efb65a2cd6 ffff8800b9c6f6c8 ffffffff81d028ed
 0000000000000000 ffffffff839fe3a0 ffffffff83d0b8a0 ffff8800a9f297c0
 0000000000000003 ffff8800b9c6f708 ffffffff81d62834 ffff8800b9c6f720
Call Trace:
 [<ffffffff81d028ed>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d028ed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d62834>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff81d6289c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff832e03e8>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832e03e8>] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83248640>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
 [<ffffffff832bed57>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058
 [<ffffffff832bf4ba>] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2084
 [<ffffffff8344391b>] pfkey_msg2xfrm_state net/key/af_key.c:1289 [inline]
 [<ffffffff8344391b>] pfkey_add+0x1fbb/0x3490 net/key/af_key.c:1506
 [<ffffffff8344755b>] pfkey_process+0x68b/0x750 net/key/af_key.c:2834
 [<ffffffff83448db9>] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3678
 [<ffffffff82dea20a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea20a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82debde1>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82dede33>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82dedf1d>] SYSC_sendmsg net/socket.c:2007 [inline]
 [<ffffffff82dedf1d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
 [<ffffffff83771c9f>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor1/6556
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 6556 Comm: syz-executor1 Not tainted 4.4.113-g962d1f3 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 ad56c1efb65a2cd6 ffff8800b9c6f6c8 ffffffff81d028ed
 0000000000000000 ffffffff839fe3a0 ffffffff83d0b8a0 ffff8800a9f297c0
 0000000000000003 ffff8800b9c6f708 ffffffff81d62834 ffff8800b9c6f720
Call Trace:
 [<ffffffff81d028ed>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d028ed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d62834>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff81d6289c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff832e03e8>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832e03e8>] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83248640>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
 [<ffffffff832bed57>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058
 [<ffffffff832bf4ba>] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2084
 [<ffffffff8344391b>] pfkey_msg2xfrm_state net/key/af_key.c:1289 [inline]
 [<ffffffff8344391b>] pfkey_add+0x1fbb/0x3490 net/key/af_key.c:1506
 [<ffffffff8344755b>] pfkey_process+0x68b/0x750 net/key/af_key.c:2834
 [<ffffffff83448db9>] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3678
 [<ffffffff82dea20a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea20a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82debde1>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82dede33>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82dedf1d>] SYSC_sendmsg net/socket.c:2007 [inline]
 [<ffffffff82dedf1d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
 [<ffffffff83771c9f>] entry_SYSCALL_64_fastpath+0x1c/0x98
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
device syz4 entered promiscuous mode
device syz4 left promiscuous mode
audit: type=1400 audit(1517383973.853:21): avc:  denied  { getattr } for  pid=6751 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
binder: 6812:6814 ERROR: BC_REGISTER_LOOPER called without request
audit: type=1400 audit(1517383974.123:22): avc:  denied  { transfer } for  pid=6812 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 6812:6829 ioctl c0306201 20009000 returned -14
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6812:6829 ioctl 40046207 0 returned -16
binder_alloc: 6812: binder_alloc_buf, no vma
binder: 6812:6814 transaction failed 29189/-3, size 0-0 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: unexpected work type, 4, not freed
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered transaction 12, process died.
IPv4: Oversized IP packet from 127.0.0.1
IPv4: Oversized IP packet from 127.0.0.1
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
device gre0 entered promiscuous mode