binder: 11339:11344 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11339:11344 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11339:11344 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11355 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11355 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 c4a588f3f9b7597d ffff8801cfcdf678 ffffffff81aad1a1 ffff8801bc6d8000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801cfcdf6b8 ffffffff81b0ad83 ffff8800b3116780 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11355 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11355 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 c4a588f3f9b7597d ffff8801cfcdf678 ffffffff81aad1a1 ffff8801bc6d8000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801cfcdf6b8 ffffffff81b0ad83 ffff8800b7f1e780 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11355 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11355 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 c4a588f3f9b7597d ffff8801cfcdf678 ffffffff81aad1a1 ffff8801bc6d8000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801cfcdf6b8 ffffffff81b0ad83 ffff8800b7f1f400 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11355 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11355 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 c4a588f3f9b7597d ffff8801cfcdf678 ffffffff81aad1a1 ffff8801bc6d8000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801cfcdf6b8 ffffffff81b0ad83 ffff8801d053c280 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11355 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11355 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 c4a588f3f9b7597d ffff8801cfcdf678 ffffffff81aad1a1 ffff8801bc6d8000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801cfcdf6b8 ffffffff81b0ad83 ffff8801d053c500 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11355 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11355 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 c4a588f3f9b7597d ffff8801cfcdf678 ffffffff81aad1a1 ffff8801bc6d8000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801cfcdf6b8 ffffffff81b0ad83 ffff8801d053c000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11378 binder: 11374:11379 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11374:11379 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11374:11379 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 1 PID: 11378 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 b7fa4e16df0661a8 ffff8800b47df678 ffffffff81aad1a1 ffff8801baf62f80 0000000000000001[ 460.385887] binder: 11384:11386 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11384:11386 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11384:11386 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 ffffffff82a861e0 ffffffff8292c040 0000000000000001 ffff8800b47df6b8 ffffffff81b0ad83 ffff8801d2b92280 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11378 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 1 PID: 11378 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 b7fa4e16df0661a8 ffff8800b47df678 ffffffff81aad1a1 ffff8801baf62f80 0000000000000001 ffffffff82a861e0 ffffffff8292c040 0000000000000001 ffff8800b47df6b8 ffffffff81b0ad83 ffff8801d2b92000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11378 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 1 PID: 11378 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 b7fa4e16df0661a8 ffff8800b47df678 ffffffff81aad1a1 ffff8801baf62f80 0000000000000001 ffffffff82a861e0 ffffffff8292c040 0000000000000001 ffff8800b47df6b8 ffffffff81b0ad83 ffff8800b4243180 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a netlink: 4456 bytes leftover after parsing attributes in process `syz-executor.4'. binder: 11424:11437 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 netlink: 4456 bytes leftover after parsing attributes in process `syz-executor.4'. BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11440 binder: 11444:11445 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11444:11445 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11444:11445 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11440 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 ffa7916b6ced110a ffff8800a1487678 ffffffff81aad1a1 ffff8801bc628000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8800a14876b8 ffffffff81b0ad83 ffff8800b9723900 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11440 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11440 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 ffa7916b6ced110a ffff8800a1487678 ffffffff81aad1a1 ffff8801bc628000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8800a14876b8 ffffffff81b0ad83 ffff8800b9722780 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11440 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11440 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 ffa7916b6ced110a ffff8800a1487678 ffffffff81aad1a1 ffff8801bc628000 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8800a14876b8 ffffffff81b0ad83 ffff8800b9723180 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11449 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11449 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 6020d1f3811bee71 ffff8801d065f678 ffffffff81aad1a1 ffff8800b3be97c0 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801d065f6b8 ffffffff81b0ad83 ffff8800b9723680 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11449 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11449 Comm: syz-executor.1 Not tainted 4.4.174+ #4 binder: 11451:11462 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11451:11462 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11451:11462 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 0000000000000000 6020d1f3811bee71 ffff8801d065f678 ffffffff81aad1a1 ffff8800b3be97c0 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801d065f6b8 ffffffff81b0ad83 ffff8800b9722c80 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.1/11449 caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 CPU: 0 PID: 11449 Comm: syz-executor.1 Not tainted 4.4.174+ #4 0000000000000000 6020d1f3811bee71 ffff8801d065f678 ffffffff81aad1a1 ffff8800b3be97c0 0000000000000000 ffffffff82a861e0 ffffffff8292c040 0000000000000002 ffff8801d065f6b8 ffffffff81b0ad83 ffff8800b9722a00 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62 [] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline] [] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539 [] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585 [] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbe/0x110 net/socket.c:648 [] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [] SYSC_sendmmsg net/socket.c:2090 [inline] [] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [] entry_SYSCALL_64_fastpath+0x1e/0x9a binder: 11473:11477 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11472:11478 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11472:11478 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11472:11478 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 binder: 11473:11477 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 11473:11477 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 audit: type=1400 audit(1575282198.271:49): avc: denied { write } for pid=11508 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 11522:11524 ioctl c0306201 0 returned -14