BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor5/5409 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 5409 Comm: syz-executor5 Not tainted 4.4.160+ #45 0000000000000000 0278457e8f1a9e51 ffff8800b303f658 ffffffff81a995dd 0000000000000000 ffffffff82929980 ffffffff82a7c660 ffff8800ba704740 0000000000000002 ffff8800b303f698 ffffffff81b3509a ffff8800b303f6a8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled.cold.0+0x7f/0x8b lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 audit: type=1401 audit(1539330277.325:13): op=fscreate invalid_context=1C000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002F6465762F7572616E646F6D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002F6465762F6C6F6F702D636F6E74726F6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000004000400040000005E20440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FC739800000000 [] tcp_try_coalesce+0x22a/0x4c0 net/ipv4/tcp_input.c:4293 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4500 [] tcp_send_rcvq+0x3a6/0x470 net/ipv4/tcp_input.c:4546 [] tcp_sendmsg+0x237c/0x2b30 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbb/0x110 net/socket.c:648 [] ___sys_sendmsg+0x745/0x880 net/socket.c:1975 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2009 [] C_SYSC_sendmsg net/compat.c:722 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:720 [] do_syscall_32_irqs_on arch/x86/entry/common.c:396 [inline] [] do_fast_syscall_32+0x31e/0xa80 arch/x86/entry/common.c:463 [] sysenter_flags_fixed+0xd/0x1a BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor5/5391 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 5391 Comm: syz-executor5 Not tainted 4.4.160+ #45 0000000000000000 1690e9d64e22819c ffff8800b2d877d8 ffffffff81a995dd 0000000000000000 ffffffff82929980 ffffffff82a7c660 ffff8800bb87af80 0000000000000002 ffff8800b2d87818 ffffffff81b3509a ffff8800ba0e65c4 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled.cold.0+0x7f/0x8b lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x22a/0x4c0 net/ipv4/tcp_input.c:4293 [] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4500 [] tcp_send_rcvq+0x3a6/0x470 net/ipv4/tcp_input.c:4546 [] tcp_sendmsg+0x237c/0x2b30 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:638 [inline] [] sock_sendmsg+0xbb/0x110 net/socket.c:648 [] SYSC_sendto net/socket.c:1678 [inline] [] SyS_sendto+0x220/0x370 net/socket.c:1646 [] do_syscall_32_irqs_on arch/x86/entry/common.c:396 [inline] [] do_fast_syscall_32+0x31e/0xa80 arch/x86/entry/common.c:463 [] sysenter_flags_fixed+0xd/0x1a binder: 5585:5586 transaction failed 29189/-22, size 0-0 line 3014 audit: type=1400 audit(1539330282.545:14): avc: denied { associate } for pid=5585 comm="syz-executor1" name="binder1" dev="devtmpfs" ino=1090 scontext=system_u:object_r:auditctl_exec_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1 binder: 5585:5586 transaction failed 29189/-22, size 0-0 line 3014 binder: 5585:5586 ioctl 40046602 20000000 returned -22 binder: 5585:5587 transaction failed 29189/-22, size 0-0 line 3014 binder: 5585:5587 transaction failed 29189/-22, size 0-0 line 3014 netlink: 32 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 32 bytes leftover after parsing attributes in process `syz-executor4'. input: syz1 as /devices/virtual/input/input14 input: syz1 as /devices/virtual/input/input15 audit: type=1326 audit(1539330286.285:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5871 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf773abe9 code=0x0 mmap: syz-executor1 (5897) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. audit: type=1326 audit(1539330287.085:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5871 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf773abe9 code=0x0