BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/25332 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 25332 Comm: syz-executor4 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 208108b68cc470d5 ffff8800b96575e0 ffffffff81cc9b0f 0000000000000000 ffffffff839fd4a0 ffff8800b9657620 ffffffff81d28d18 ffffffff83ced1a0 1ffff100172caecb ffff8800ae52f440 ffff8800ae52fb00 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] ___sys_sendmsg+0x2bd/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961 [] __sys_sendmmsg+0xf5/0x260 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2046 [] SYSC_sendmmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2076 [inline] [] SyS_sendmmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2071 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor4/25332 caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 CPU: 0 PID: 25332 Comm: syz-executor4 Not tainted 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 208108b68cc470d5 ffff8800b9657828 ffffffff81cc9b0f 0000000000000000 ffffffff839fd4a0 ffff8800b9657868 ffffffff81d28d18 ffffffff83ced1a0 1ffff100172caf14 ffff8800ae52f440 ffff8800ae52fb00 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x200/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0xfe/0x720 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x391/0x4a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1d1c/0x36a0 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/tcp.c:1134 [] inet_sendmsg+0x26c/0x430 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline] [] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635 [] SYSC_sendto+0x267/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1665 [] SyS_sendto+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x16/0x76 netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE device  entered promiscuous mode device  left promiscuous mode IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route audit: type=1326 audit(1513017999.705:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26001 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE audit: type=1326 audit(1513017999.915:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26070 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513017999.995:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26070 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513018000.505:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26390 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 audit: type=1326 audit(1513018000.575:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26390 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket nla_parse: 4 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1326 audit(1513018001.905:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26984 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x0 netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket nla_parse: 11 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'.