BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/2303 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 1 PID: 2303 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 e05621fc250a5d4d ffff8800b8bd77b0 ffffffff81aad1a1 ffff8800b80adf00 0000000000000001 ffffffff82a861e0 ffffffff8292c040 0000000000000001 ffff8800b8bd77f0 ffffffff81b0ad83 ffffffff00000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_prune_queue net/ipv4/tcp_input.c:4978 [inline] [] tcp_try_rmem_schedule+0x1a1/0x1280 net/ipv4/tcp_input.c:4386 [] tcp_send_rcvq+0x1d7/0x4a0 net/ipv4/tcp_input.c:4574 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] sock_write_iter+0x235/0x3d0 net/socket.c:847 [] new_sync_write fs/read_write.c:480 [inline] [] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/2303 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 2303 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 e05621fc250a5d4d ffff8800b8bd7618 ffffffff81aad1a1 ffff8800b80adf00 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8800b8bd7658 ffffffff81b0ad83 ffff8800b7ad9480 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_collapse_one+0x119/0x1e0 net/ipv4/tcp_input.c:4736 [] tcp_collapse+0x84f/0xda0 net/ipv4/tcp_input.c:4849 [] tcp_prune_queue net/ipv4/tcp_input.c:4990 [inline] [] tcp_try_rmem_schedule+0x6ba/0x1280 net/ipv4/tcp_input.c:4386 [] tcp_send_rcvq+0x1d7/0x4a0 net/ipv4/tcp_input.c:4574 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] sock_write_iter+0x235/0x3d0 net/socket.c:847 [] new_sync_write fs/read_write.c:480 [inline] [] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/2303 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 2303 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 e05621fc250a5d4d ffff8800b8bd77b0 ffffffff81aad1a1 ffff8800b80adf00 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8800b8bd77f0 ffffffff81b0ad83 ffffffff00000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_prune_queue net/ipv4/tcp_input.c:5011 [inline] [] tcp_try_rmem_schedule+0xf35/0x1280 net/ipv4/tcp_input.c:4386 [] tcp_send_rcvq+0x1d7/0x4a0 net/ipv4/tcp_input.c:4574 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] sock_write_iter+0x235/0x3d0 net/socket.c:847 [] new_sync_write fs/read_write.c:480 [inline] [] __vfs_write+0x2e8/0x3d0 fs/read_write.c:493 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25955 sclass=netlink_route_socket input: syz1 as /devices/virtual/input/input4 loop_set_status: loop0 () has still dirty pages (nrpages=1) syz-executor.1 (2384) used greatest stack depth: 23504 bytes left input: syz1 as /devices/virtual/input/input5 audit: type=1400 audit(1574524855.999:10): avc: denied { setopt } for pid=2448 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 syz-executor.0 (2450) used greatest stack depth: 23152 bytes left input: syz1 as /devices/virtual/input/input6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket capability: warning: `syz-executor.2' uses 32-bit capabilities (legacy support in use) syz-executor.0 (2661) used greatest stack depth: 22864 bytes left