BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor5/30735 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 30735 Comm: syz-executor5 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 124b8c655a94427e ffff8801d335f828 ffffffff81cc9b0f 0000000000000000 ffffffff839fd4a0[ 177.029472] device gre0 entered promiscuous mode ffff8801d335f868 ffffffff81d28d18 ffffffff83ced1a0 1ffff1003a66bf14 ffff8800b919cfc0 ffff8800b919c6c0 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 device lo entered promiscuous mode audit: type=1400 audit(1513025505.346:51): avc: denied { dyntransition } for pid=31648 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0,c1 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0,c1 tclass=process permissive=1 audit: type=1401 audit(1513025505.416:52): op=fscreate invalid_context=":" nla_parse: 9 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) loop_reread_partitions: partition scan of loop0 () failed (rc=-13) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode device gre0 entered promiscuous mode binder: 32674:32680 got reply transaction with no transaction stack binder: 32674:32680 transaction failed 29201/-71, size 32-8 line 2924 audit: type=1400 audit(1513025507.936:53): avc: denied { set_context_mgr } for pid=32674 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 32674:32696 ioctl 404c534a 2000cfb4 returned -22 binder: 32674:32696 ioctl c0306201 2000a000 returned -14 binder: 32674:32680 unknown command -1971837343 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket device gre0 entered promiscuous mode binder: 32674:32680 ioctl c0306201 2000afd0 returned -22 binder: 32674:32680 BC_CLEAR_DEATH_NOTIFICATION invalid ref 4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket binder: 32674:32680 got reply transaction with no transaction stack binder: 32674:32680 transaction failed 29201/-71, size 24-16 line 2924 binder: 32674:32756 got reply transaction with no transaction stack binder: undelivered TRANSACTION_ERROR: 29201 binder: 32674:32756 transaction failed 29201/-71, size 32-8 line 2924 binder: 32674:32680 ioctl 404c534a 2000cfb4 returned -22 binder: 32674:32696 ioctl c0306201 2000a000 returned -14 binder: 32674:32756 unknown command -1971837343 binder: 32674:32756 ioctl c0306201 2000afd0 returned -22 binder: 32674:32696 BC_CLEAR_DEATH_NOTIFICATION invalid ref 4 binder: 32674:32696 got reply transaction with no transaction stack binder: 32674:32696 transaction failed 29201/-71, size 24-16 line 2924 binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket device gre0 entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket netlink: 14 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1513025511.286:54): avc: denied { bind } for pid=1400 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 netlink: 14 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket