BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor1/6360 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 6360 Comm: syz-executor1 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 8ae380315537c10d ffff8801c54bf648 ffffffff81d028ed 0000000000000000 ffffffff839fe3a0 ffffffff83cef6a0 ffff8801d9652f80 0000000000000003 ffff8801c54bf688 ffffffff81d62834 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 audit: type=1401 audit(1517276841.457:24): op=fscreate invalid_context=73797374656D5F753A6F626A6563745F723A747A646174615F657865635F743A73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000audit: type=1401 audit(1517276841.457:25): op=fscreate invalid_context=73797374656D5F753A6F626A6563745F723A747A646174615F657865635F743A73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962 [] __sys_sendmsg+0xd3/0x190 net/socket.c:1996 [] C_SYSC_sendmsg net/compat.c:720 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:718 [] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline] [] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457 [] sysenter_flags_fixed+0xd/0x17 audit: type=1400 audit(1517276842.017:26): avc: denied { bind } for pid=6414 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517276842.047:27): avc: denied { ioctl } for pid=6414 comm="syz-executor5" path="socket:[13721]" dev="sockfs" ino=13721 ioctlcmd=4c82 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517276842.087:28): avc: denied { getopt } for pid=6414 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 6486:6496 ioctl 40044590 20a8f000 returned -22 binder: 6486:6496 ioctl 40044590 20a8f000 returned -22 audit: type=1400 audit(1517276842.577:29): avc: denied { write } for pid=6584 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 tmpfs: No value for mount option '²Å$Fít⹦ÿís#^સ­¢ñ' tmpfs: No value for mount option '²Å$Fít⹦ÿís#^સ­¢ñ' netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. IPv4: Oversized IP packet from 127.0.0.1 IPVS: Creating netns size=2552 id=9 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 6948 Comm: syz-executor7 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d72cdf00 task.stack: ffff8800b8a28000 RIP: 0010:[] [] __read_once_size include/linux/compiler.h:218 [inline] RIP: 0010:[] [] nfqnl_nf_hook_drop+0x190/0x3a0 net/netfilter/nfnetlink_queue.c:879 RSP: 0018:ffff8800b8a2f920 EFLAGS: 00010202 RAX: 0000000000000007 RBX: 0000000000000003 RCX: ffffffff82f9b839 RDX: 0000000000010000 RSI: ffffc900021cb000 RDI: ffffffff847eb500 RBP: ffff8800b8a2f950 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 1ffff10017145ef0 R12: dffffc0000000000 R13: ffff8800ad077728 R14: 0000000000000038 R15: 00000000000000b8 FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f6eedb40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000020001000 CR3: 00000000b1c16000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff82f9b7b0 ffffffff83cc6560 ffff8800b7661e00 ffff8800ad077728 ffff8800ad077728 ffff8800ad077720 ffff8800b8a2f980 ffffffff82f936fe ffffffff82f93640 ffffffff843e3760 ffff8800b76628b8 dffffc0000000000 Call Trace: [] nf_queue_nf_hook_drop+0xbe/0x1d0 net/netfilter/nf_queue.c:108 [] nf_unregister_net_hook+0x2ab/0x350 net/netfilter/core.c:154 [] nf_unregister_hook_list net/netfilter/core.c:434 [inline] [] netfilter_net_exit+0x40/0xb0 net/netfilter/core.c:466 [] ops_exit_list.isra.4+0xae/0x150 net/core/net_namespace.c:134 [] setup_net+0x221/0x3e0 net/core/net_namespace.c:303 [] copy_net_ns+0xd2/0x190 net/core/net_namespace.c:369 [] create_new_namespaces+0x2f6/0x610 kernel/nsproxy.c:95 [] copy_namespaces+0x291/0x320 kernel/nsproxy.c:150 [] copy_process+0x1d98/0x6120 kernel/fork.c:1506 [] _do_fork+0x151/0xe00 kernel/fork.c:1784 [] SYSC_clone kernel/fork.c:1893 [inline] [] SyS_clone+0x37/0x50 kernel/fork.c:1887 [] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline] [] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457 [] sysenter_flags_fixed+0xd/0x17 Code: f7 83 01 00 0f 84 d8 00 00 00 4d 8d 77 38 49 bc 00 00 00 00 00 fc ff df 49 81 c7 b8 00 00 00 e8 57 45 3c fe 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 0f 85 f4 01 00 00 49 8b 1e e8 0d 97 2e fe 48 85 RIP [] __read_once_size include/linux/compiler.h:218 [inline] RIP [] nfqnl_nf_hook_drop+0x190/0x3a0 net/netfilter/nfnetlink_queue.c:879 RSP ---[ end trace b8c94f859031ea9c ]---