BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor3/23389 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 23389 Comm: syz-executor3 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. audit: type=1326 audit(1513001310.023:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23385 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001310.023:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23385 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket 0000000000000000 dd6cf62fb96fe70e ffff8800b7477828 ffffffff81cc9b0f 0000000000000001 ffffffff839fd4a0 ffff8800b7477868 ffffffff81d28d18 ffffffff83ced1a0 1ffff10016e8ef14 ffff8800b8113200 ffff8800b8112480 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor3/23389 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 1 PID: 23389 Comm: syz-executor3 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 dd6cf62fb96fe70e ffff8800b7477828 ffffffff81cc9b0f 0000000000000001 ffffffff839fd4a0 ffff8800b7477868 ffffffff81d28d18 ffffffff83ced1a0 1ffff10016e8ef14 ffff8801d6fefb00 ffff8801d6fef8c0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 binder: 23524:23530 ERROR: BC_REGISTER_LOOPER called without request binder: 23530 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 23524:23540 ioctl 40046207 0 returned -16 binder: 23524:23530 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 23524: binder_alloc_buf, no vma binder: 23524:23543 transaction failed 29189/-3, size 0-0 line 3131 binder: release 23524:23530 transaction 302 in, still active binder: send failed reply for transaction 302 to 23524:23540 binder: undelivered TRANSACTION_ERROR: 29189 netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'. IPv6: NLM_F_REPLACE set, but no existing node found! ALSA: seq fatal error: cannot create timer (-19) IPv6: NLM_F_REPLACE set, but no existing node found! ALSA: seq fatal error: cannot create timer (-19) device gre0 entered promiscuous mode device gre0 entered promiscuous mode skbuff: bad partial csum: csum=0/65534 len=4124 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51555 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51555 sclass=netlink_route_socket audit: type=1326 audit(1513001312.683:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24170 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001312.713:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24170 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 device lo entered promiscuous mode device gre0 entered promiscuous mode nla_parse: 5 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop5, sector 0 Buffer I/O error on dev loop5, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. blk_update_request: I/O error, dev loop5, sector 0 Buffer I/O error on dev loop5, logical block 0, lost async page write VFS: Dirty inode writeback failed for block device loop5 (err=-5). binder: 24963:24967 ERROR: BC_REGISTER_LOOPER called without request binder: 24967 RLIMIT_NICE not set netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. binder: BINDER_SET_CONTEXT_MGR already set binder: 24963:24979 ioctl 40046207 0 returned -16 binder: 24963:24967 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 24963: binder_alloc_buf, no vma binder: 24963:24988 transaction failed 29189/-3, size 0-0 line 3131 netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. binder: release 24963:24967 transaction 305 in, still active binder: send failed reply for transaction 305 to 24963:24979 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1326 audit(1513001316.413:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25052 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001316.433:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25052 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. ICMPv6: NA: someone advertises our address fe80:0000:0000:0000:0000:0000:0000:03aa on syz3! ICMPv6: NA: someone advertises our address fe80:0000:0000:0000:0000:0000:0000:03aa on syz3! audit: type=1326 audit(1513001318.283:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25513 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 device gre0 entered promiscuous mode audit: type=1326 audit(1513001318.313:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25513 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001318.733:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25564 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001318.763:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25564 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001318.913:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25636 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513001318.943:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25636 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 nla_parse: 2 callbacks suppressed netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. binder: 25849:25851 ERROR: BC_REGISTER_LOOPER called without request netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. binder: 25851 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 25849:25862 ioctl 40046207 0 returned -16 binder: 25849:25851 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 25849: binder_alloc_buf, no vma binder: 25849:25884 transaction failed 29189/-3, size 0-0 line 3131 binder: release 25849:25851 transaction 308 in, still active binder: send failed reply for transaction 308 to 25849:25862 binder: undelivered TRANSACTION_ERROR: 29189