BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/19121 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 19121 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 66f07fd17d45e861 ffff8800b4c2f738 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8800b4c2f778 ffffffff81d28d58 ffffffff83ced1a0 0000000000002f00 ffff8801d5001680 ffff8800b4c2f8e0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_prune_queue /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4861 [inline] [] tcp_try_rmem_schedule+0x1c0/0x1140 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4337 [] tcp_send_rcvq+0x1cf/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4520 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/19121 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 19121 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 66f07fd17d45e861 ffff8800b4c2f698 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8800b4c2f6d8 ffffffff81d28d58 ffffffff83ced1a0 ffff8801d5253d40 0000000000000000 dffffc0000000000 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_collapse_one /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4673 [inline] [] tcp_collapse+0x721/0xe60 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4766 [] tcp_prune_queue /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4870 [inline] [] tcp_try_rmem_schedule+0x513/0x1140 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4337 [] tcp_send_rcvq+0x1cf/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4520 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/19121 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 19121 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 66f07fd17d45e861 ffff8800b4c2f698 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8800b4c2f6d8 ffffffff81d28d58 ffffffff83ced1a0 ffff8801d5253b00 0000000000000500 dffffc0000000000 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_collapse_one /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4673 [inline] [] tcp_collapse+0x721/0xe60 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4766 [] tcp_prune_queue /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4870 [inline] [] tcp_try_rmem_schedule+0x513/0x1140 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4337 [] tcp_send_rcvq+0x1cf/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4520 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/19121 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 19121 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 66f07fd17d45e861 ffff8800b4c2f698 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8800b4c2f6d8 ffffffff81d28d58 ffffffff83ced1a0 ffff8801d5253440 0000000000000001 dffffc0000000000 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_collapse_one /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4673 [inline] [] tcp_collapse+0x721/0xe60 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4766 [] tcp_prune_queue /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4870 [inline] [] tcp_try_rmem_schedule+0x513/0x1140 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4337 [] tcp_send_rcvq+0x1cf/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4520 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/19121 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 19121 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 66f07fd17d45e861 ffff8800b4c2f738 ffffffff81cc9b4f 0000000000000000 ffffffff839fd4a0 ffff8800b4c2f778 ffffffff81d28d58 ffffffff83ced1a0 0000000000002b00 ffff8801d5001680 0000000000600000 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_prune_queue /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4891 [inline] [] tcp_try_rmem_schedule+0xd24/0x1140 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4337 [] tcp_send_rcvq+0x1cf/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4520 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995 [] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline] [] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002 [] entry_SYSCALL_64_fastpath+0x16/0x76 PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket audit: type=1326 audit(1513042220.126:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19677 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket audit: type=1326 audit(1513042220.266:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=19677 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 TCP: request_sock_TCP: Possible SYN flooding on port 20030. Sending cookies. Check SNMP counters. TCP: request_sock_TCP: Possible SYN flooding on port 20030. Sending cookies. Check SNMP counters. nla_parse: 19 callbacks suppressed netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. FAULT_FLAG_ALLOW_RETRY missing 31 CPU: 1 PID: 20074 Comm: syz-executor0 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 67fd520f804ddae0 ffff8801d72df910 ffffffff81cc9b4f 1ffff1003ae5bf2d 0000000000000031 ffff8801d72dfab0 ffffffff815db71b ffff8800b80c2f80 ffffed0000000006 ffff8800b80c2f80 ffffffff8140ec17 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] handle_userfault+0x75b/0x1570 /syzkaller/managers/android-44-kasan-gce/kernel/fs/userfaultfd.c:316 [] do_anonymous_page /syzkaller/managers/android-44-kasan-gce/kernel/mm/memory.c:2731 [inline] [] handle_pte_fault /syzkaller/managers/android-44-kasan-gce/kernel/mm/memory.c:3295 [inline] [] __handle_mm_fault /syzkaller/managers/android-44-kasan-gce/kernel/mm/memory.c:3426 [inline] [] handle_mm_fault+0x2731/0x39b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/memory.c:3455 [] __do_page_fault+0x2d0/0x910 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/mm/fault.c:1245 [] do_page_fault+0x22/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:985 [] urandom_read+0x4e/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/char/random.c:1476 [] SYSC_getrandom /syzkaller/managers/android-44-kasan-gce/kernel/drivers/char/random.c:1627 [inline] [] SyS_getrandom+0x112/0x220 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/char/random.c:1607 [] entry_SYSCALL_64_fastpath+0x16/0x76 netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1400 audit(1513042222.016:48): avc: denied { accept } for pid=20354 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=28 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=9 nlmsg_type=28 sclass=netlink_audit_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. device gre0 entered promiscuous mode PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode binder: 22048:22055 ioctl 40046205 8 returned -22 binder: binder_mmap: 22048 20476000-20479000 bad vm_flags failed -1 binder: 22048:22068 got reply transaction with no transaction stack