syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: using __this_cpu_add() in preemptible code in __vmalloc_node_range

Status: auto-closed as invalid on 2019/10/29 01:24
Reported-by: syzbot+f5d5234338eb3b37bbf0@syzkaller.appspotmail.com
First crash: 2245d, last: 1760d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 BUG: using __this_cpu_add() in preemptible code in __vmalloc_node_range (2) 1 1618d 1618d 0/2 auto-closed as invalid on 2020/03/19 02:15

Sample crash report:
vmalloc: allocation failure: 0 bytes
syz-executor.4: page allocation failure: order:0, mode:0x24000c2
CPU: 1 PID: 11273 Comm: syz-executor.4 Not tainted 4.4.174+ #4
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11281
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 0000000000000000 ba95c9ec890aa086 ffff8801cf37f9f0 ffffffff81aad1a1
 1ffff10039e6ff41 ffff8801bfd1c740 00000000024000c2 0000000000000000
 ffffffff82895080 ffff8801cf37fb00 ffffffff8148c0cb ffffffff00000001
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff8148c0cb>] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757
 [<ffffffff8145fb65>] __vmalloc_node_range mm/vmalloc.c:1693 [inline]
 [<ffffffff8145fb65>] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654
 [<ffffffff8146031c>] __vmalloc_node mm/vmalloc.c:1716 [inline]
 [<ffffffff8146031c>] __vmalloc_node_flags mm/vmalloc.c:1730 [inline]
 [<ffffffff8146031c>] vmalloc+0x5c/0x70 mm/vmalloc.c:1745
 [<ffffffff81979df9>] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527
 [<ffffffff81496916>] __vfs_write+0x116/0x3d0 fs/read_write.c:491
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
CPU: 0 PID: 11281 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000 5e26c99d2d5d42b8 ffff8801d91377c8 ffffffff81aad1a1
 ffff8801d986af80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801d9137808 ffffffff81b0ad83 ffff8800ba8f2204
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11284
Mem-Info:
active_anon:59445 inactive_anon:8246 isolated_anon:0
 active_file:4759 inactive_file:15332 isolated_file:0
 unevictable:0 dirty:145 writeback:0 unstable:0
 slab_reclaimable:5084 slab_unreclaimable:62112
 mapped:59026 shmem:8379 pagetables:7759 bounce:0
 free:1418885 free_pcp:558 free_cma:0
DMA32 free:2593288kB min:4696kB low:5868kB high:7044kB active_anon:109148kB inactive_anon:15544kB active_file:9320kB inactive_file:26804kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:472kB writeback:0kB mapped:108144kB shmem:15824kB slab_reclaimable:9588kB slab_unreclaimable:113908kB kernel_stack:5664kB pagetables:14724kB unstable:0kB bounce:0kB free_pcp:1236kB local_pcp:676kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 3504 3504
Normal free:3082252kB min:5580kB low:6972kB high:8368kB active_anon:128632kB inactive_anon:17440kB active_file:9716kB inactive_file:34524kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:108kB writeback:0kB mapped:127960kB shmem:17692kB slab_reclaimable:10748kB slab_unreclaimable:134540kB kernel_stack:7712kB pagetables:16312kB unstable:0kB bounce:0kB free_pcp:996kB local_pcp:668kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA32: 222*4kB (UME) 288*8kB (UME) 153*16kB (UME) 118*32kB (UME) 80*64kB (UME) 22*128kB (UME) 4*256kB (UM) 3*512kB (M) 1*1024kB (M) 2*2048kB (UE) 627*4096kB (M) = 2593224kB
Normal: 365*4kB (UME) 319*8kB (UME) 168*16kB (UME) 100*32kB (UME) 146*64kB (UME) 37*128kB (UME) 10*256kB (UM) 6*512kB (UM) 3*1024kB (ME) 1*2048kB (U) 744*4096kB (M) = 3082156kB
28469 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313294 pages reserved
vmalloc: allocation failure: 0 bytes
syz-executor.4: page allocation failure: order:0, mode:0x24000c2
CPU: 1 PID: 11286 Comm: syz-executor.4 Not tainted 4.4.174+ #4
 0000000000000000 fef1f419a0923138 ffff8800b3f6f9f0 ffffffff81aad1a1
 1ffff100167edf41 ffff8801d96997c0 00000000024000c2 0000000000000000
 ffffffff82895080 ffff8800b3f6fb00 ffffffff8148c0cb ffffffff00000001
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff8148c0cb>] warn_alloc_failed.cold+0x78/0x99 mm/page_alloc.c:2757
 [<ffffffff8145fb65>] __vmalloc_node_range mm/vmalloc.c:1693 [inline]
 [<ffffffff8145fb65>] __vmalloc_node_range+0x365/0x650 mm/vmalloc.c:1654
 [<ffffffff8146031c>] __vmalloc_node mm/vmalloc.c:1716 [inline]
 [<ffffffff8146031c>] __vmalloc_node_flags mm/vmalloc.c:1730 [inline]
 [<ffffffff8146031c>] vmalloc+0x5c/0x70 mm/vmalloc.c:1745
 [<ffffffff81979df9>] sel_write_load+0x119/0xf90 security/selinux/selinuxfs.c:527
 [<ffffffff81496916>] __vfs_write+0x116/0x3d0 fs/read_write.c:491
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Mem-Info:
active_anon:59445 inactive_anon:8246 isolated_anon:0
 active_file:4759 inactive_file:15332 isolated_file:0
 unevictable:0 dirty:145 writeback:0 unstable:0
 slab_reclaimable:5084 slab_unreclaimable:62144
 mapped:59026 shmem:8379 pagetables:7759 bounce:0
 free:1418853 free_pcp:555 free_cma:0
DMA32 free:2593160kB min:4696kB low:5868kB high:7044kB active_anon:109148kB inactive_anon:15544kB active_file:9320kB inactive_file:26804kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3145324kB managed:3021976kB mlocked:0kB dirty:472kB writeback:0kB mapped:108144kB shmem:15824kB slab_reclaimable:9588kB slab_unreclaimable:114036kB kernel_stack:5664kB pagetables:14724kB unstable:0kB bounce:0kB free_pcp:1220kB local_pcp:660kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 3504 3504
Normal free:3082252kB min:5580kB low:6972kB high:8368kB active_anon:128632kB inactive_anon:17440kB active_file:9716kB inactive_file:34524kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3588764kB mlocked:0kB dirty:108kB writeback:0kB mapped:127960kB shmem:17692kB slab_reclaimable:10748kB slab_unreclaimable:134540kB kernel_stack:7712kB pagetables:16312kB unstable:0kB bounce:0kB free_pcp:1000kB local_pcp:672kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA32: 222*4kB (UME) 288*8kB (UME) 153*16kB (UME) 112*32kB (UME) 80*64kB (UME) 22*128kB (UME) 4*256kB (UM) 3*512kB (M) 1*1024kB (M) 2*2048kB (UE) 627*4096kB (M) = 2593032kB
Normal: 365*4kB (UME) 319*8kB (UME) 168*16kB (UME) 100*32kB (UME) 146*64kB (UME) 37*128kB (UME) 10*256kB (UM) 6*512kB (UM) 3*1024kB (ME) 1*2048kB (U) 744*4096kB (M) = 3082156kB
28469 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313294 pages reserved
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 11284 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000 a8accaa7db92cb20 ffff8801bfedf7c8 ffffffff81aad1a1
 ffff8801d969af80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801bfedf808 ffffffff81b0ad83 ffff8800b462b344
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11306
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 1 PID: 11306 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000 061990c0677648d2 ffff8800bacef7c8 ffffffff81aad1a1
 ffff8801cfdd97c0 0000000000000001 ffffffff82a861e0 ffffffff8292c040
 0000000000000001 ffff8800bacef808 ffffffff81b0ad83 ffff8801d7390344
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11344
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 11344 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000 58ab6d3fb4d812e9 ffff8801d06677c8 ffffffff81aad1a1
 ffff8801bfddc740 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801d0667808 ffffffff81b0ad83 ffff8800a513a0c4
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11377
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 1 PID: 11377 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000[  282.932882] audit: type=1401 audit(1561944233.820:38): op=setxattr invalid_context=""
 f9742af659de1841 ffff8801c07b77c8 ffffffff81aad1a1
 ffff8800b9cd0000 0000000000000001 ffffffff82a861e0 ffffffff8292c040
 0000000000000001 ffff8801c07b7808 ffffffff81b0ad83 ffff8801bfd78e84
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11405
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 11405 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000 27d187a2c96da89a ffff8800baf177c8 ffffffff81aad1a1
 ffff8801bffddf00 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8800baf17808 ffffffff81b0ad83 ffff8800a5f7d344
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.3/11421
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 11421 Comm: syz-executor.3 Not tainted 4.4.174+ #4
 0000000000000000 64aab277fc26786c ffff8801d627f7c8 ffffffff81aad1a1
 ffff8801cf94df00 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8801d627f808 ffffffff81b0ad83 ffff8801d1b7d344
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d8615>] sock_write_iter+0x235/0x3d0 net/socket.c:847
 [<ffffffff81496ae8>] new_sync_write fs/read_write.c:480 [inline]
 [<ffffffff81496ae8>] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493
 [<ffffffff81498612>] vfs_write+0x182/0x4e0 fs/read_write.c:540
 [<ffffffff8149ac4c>] SYSC_write fs/read_write.c:587 [inline]
 [<ffffffff8149ac4c>] SyS_write+0xdc/0x1c0 fs/read_write.c:579
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/01 01:24 https://android.googlesource.com/kernel/common android-4.4 62872f952d6b 699d6448 .config console log report ci-android-44-kasan-gce
2019/03/16 15:25 https://android.googlesource.com/kernel/common android-4.4 62872f952d6b bab43553 .config console log report ci-android-44-kasan-gce
2019/03/08 10:42 https://android.googlesource.com/kernel/common android-4.4 62872f952d6b 12365b99 .config console log report ci-android-44-kasan-gce
2019/01/29 21:48 https://android.googlesource.com/kernel/common android-4.4 b3e9e81ee068 aa432daf .config console log report ci-android-44-kasan-gce
2018/08/23 13:27 https://android.googlesource.com/kernel/common android-4.4 37af2ff398ac 95b5c82b .config console log report ci-android-44-kasan-gce
2018/08/16 09:14 https://android.googlesource.com/kernel/common android-4.4 f057ff937754 9ccc1d45 .config console log report ci-android-44-kasan-gce
2018/08/13 19:18 https://android.googlesource.com/kernel/common android-4.4 a5fc66599b61 7a88b141 .config console log report ci-android-44-kasan-gce
2018/06/27 22:25 https://android.googlesource.com/kernel/common android-4.4 cf21a9ac5ee4 43e60f7e .config console log report ci-android-44-kasan-gce
2018/05/13 23:55 https://android.googlesource.com/kernel/common android-4.4 aa3863d27614 481f030c .config console log report ci-android-44-kasan-gce
2018/03/03 01:33 https://android.googlesource.com/kernel/common android-4.4 855ea747806b 2c6f473e .config console log report ci-android-44-kasan-gce
2019/06/29 13:00 https://android.googlesource.com/kernel/common android-4.4 62872f952d6b 7509bf36 .config console log report ci-android-44-kasan-gce-386
2019/02/20 14:08 https://android.googlesource.com/kernel/common android-4.4 62872f952d6b c95f0707 .config console log report ci-android-44-kasan-gce-386
2018/04/25 18:51 https://android.googlesource.com/kernel/common android-4.4 bd23e3af1765 73417389 .config console log report ci-android-44-kasan-gce-386
2018/03/21 18:11 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc f63eeee9 .config console log report ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.