BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.5/3563
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 3563 Comm: syz-executor.5 Not tainted 4.4.174+ #17
 0000000000000000 81b5abd8d53fe3d7 ffff8800001cf5f8 ffffffff81aad1a1
 ffff8800b3782f80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8800001cf638 ffffffff81b0ad83 ffff8801d5fdc644
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
input: syz1 as /devices/virtual/input/input5
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d9e69>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975
syz-executor.1 (3555) used greatest stack depth: 23040 bytes left
 [<ffffffff821dd386>] __sys_sendmmsg+0x1d6/0x2e0 net/socket.c:2053
 [<ffffffff822ace22>] C_SYSC_sendmmsg net/compat.c:731 [inline]
 [<ffffffff822ace22>] compat_SyS_sendmmsg+0x32/0x40 net/compat.c:728
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor.5/3563
caller is __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
CPU: 0 PID: 3563 Comm: syz-executor.5 Not tainted 4.4.174+ #17
 0000000000000000 81b5abd8d53fe3d7 ffff8800001cf5f8 ffffffff81aad1a1
 ffff8800b3782f80 0000000000000000 ffffffff82a861e0 ffffffff8292c040
 0000000000000002 ffff8800001cf638 ffffffff81b0ad83 ffff8800b9177c44
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b0ad83>] check_preemption_disabled+0x1d3/0x200 lib/smp_processor_id.c:46
 [<ffffffff81b0aded>] __this_cpu_preempt_check+0x1d/0x30 lib/smp_processor_id.c:62
 [<ffffffff8240fcf5>] tcp_try_coalesce net/ipv4/tcp_input.c:4293 [inline]
 [<ffffffff8240fcf5>] tcp_try_coalesce+0x245/0x510 net/ipv4/tcp_input.c:4275
 [<ffffffff824100e7>] tcp_queue_rcv+0x127/0x6f0 net/ipv4/tcp_input.c:4539
 [<ffffffff8242494e>] tcp_send_rcvq+0x3de/0x4a0 net/ipv4/tcp_input.c:4585
 [<ffffffff823fd062>] tcp_sendmsg+0x2332/0x2ab0 net/ipv4/tcp.c:1134
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d9e69>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975
 [<ffffffff821dd386>] __sys_sendmmsg+0x1d6/0x2e0 net/socket.c:2053
 [<ffffffff822ace22>] C_SYSC_sendmmsg net/compat.c:731 [inline]
 [<ffffffff822ace22>] compat_SyS_sendmmsg+0x32/0x40 net/compat.c:728
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
DRBG: could not allocate digest TFM handle: hmac(sha256)
DRBG: could not allocate digest TFM handle: hmac(sha256)
audit: type=1400 audit(1575385450.814:18): avc:  denied  { create } for  pid=3643 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22019 sclass=netlink_route_socket
input: syz1 as /devices/virtual/input/input9
binder: 3719:3720 ERROR: BC_REGISTER_LOOPER called without request
binder: 3719:3730 Release 1 refcount change on invalid ref 0 ret -22
binder: 3719:3730 ERROR: BC_REGISTER_LOOPER called without request
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=26 sclass=netlink_audit_socket
input: syz1 as /devices/virtual/input/input10
audit: type=1400 audit(1575385458.534:19): avc:  denied  { shutdown } for  pid=3940 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1