BUG: using __this_cpu_add() in preemptible code in tcp_try_rmem_schedule
18 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:00:44 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 55a36659 BACKPORT: xfrm: Fix return value check of copy_se..
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13734563800000
kernel config: https://syzkaller.appspot.com/x/.config?x=15c551fd51555f48
dashboard link: https://syzkaller.appspot.com/bug?extid=86f93ab5ec01c6c3c6de
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120942c3800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+86f93a...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read, 107 bits of
entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 113 bits of
entropy available)
IPVS: Creating netns size=2552 id=1
ip (3821) used greatest stack depth: 25016 bytes left
BUG: using __this_cpu_add() in preemptible [00000000] code:
syz-executor0/4000
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 4000 Comm: syz-executor0 Not tainted 4.4.115-g55a366596 #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 cd4af439e4eb773b ffff8801d84d7740 ffffffff81d03d8d
0000000000000001 ffffffff839fe4a0 ffffffff83cef860 ffff8801d9544800
0000000000000003 ffff8801d84d7780 ffffffff81d63cd4 ffffffff81237470
Call Trace:
[<ffffffff81d03d8d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d8d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63cd4>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff81d63d3c>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff83133ce2>] tcp_prune_queue net/ipv4/tcp_input.c:4861 [inline]
[<ffffffff83133ce2>] tcp_try_rmem_schedule+0xf2/0x1180
net/ipv4/tcp_input.c:4337
[<ffffffff8314a08a>] tcp_send_rcvq+0x1ba/0x450 net/ipv4/tcp_input.c:4520
[<ffffffff831214cf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d71fc>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb92a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb92a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded501>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def553>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def63d>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def63d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837744df>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_add() in preemptible [00000000] code:
syz-executor0/4000
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 4000 Comm: syz-executor0 Not tainted 4.4.115-g55a366596 #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 cd4af439e4eb773b ffff8801d84d7740 ffffffff81d03d8d
0000000000000001 ffffffff839fe4a0 ffffffff83cef860 ffff8801d9544800
0000000000000003 ffff8801d84d7780 ffffffff81d63cd4 ffffffff8313163a
Call Trace:
[<ffffffff81d03d8d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d8d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63cd4>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff81d63d3c>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff83134a23>] tcp_prune_queue net/ipv4/tcp_input.c:4891 [inline]
[<ffffffff83134a23>] tcp_try_rmem_schedule+0xe33/0x1180
net/ipv4/tcp_input.c:4337
[<ffffffff8314a08a>] tcp_send_rcvq+0x1ba/0x450 net/ipv4/tcp_input.c:4520
[<ffffffff831214cf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d71fc>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb92a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb92a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded501>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff8
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 55a36659 BACKPORT: xfrm: Fix return value check of copy_se..
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13734563800000
kernel config: https://syzkaller.appspot.com/x/.config?x=15c551fd51555f48
dashboard link: https://syzkaller.appspot.com/bug?extid=86f93ab5ec01c6c3c6de
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120942c3800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+86f93a...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read, 107 bits of
entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 113 bits of
entropy available)
IPVS: Creating netns size=2552 id=1
ip (3821) used greatest stack depth: 25016 bytes left
BUG: using __this_cpu_add() in preemptible [00000000] code:
syz-executor0/4000
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 4000 Comm: syz-executor0 Not tainted 4.4.115-g55a366596 #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 cd4af439e4eb773b ffff8801d84d7740 ffffffff81d03d8d
0000000000000001 ffffffff839fe4a0 ffffffff83cef860 ffff8801d9544800
0000000000000003 ffff8801d84d7780 ffffffff81d63cd4 ffffffff81237470
Call Trace:
[<ffffffff81d03d8d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d8d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63cd4>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff81d63d3c>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff83133ce2>] tcp_prune_queue net/ipv4/tcp_input.c:4861 [inline]
[<ffffffff83133ce2>] tcp_try_rmem_schedule+0xf2/0x1180
net/ipv4/tcp_input.c:4337
[<ffffffff8314a08a>] tcp_send_rcvq+0x1ba/0x450 net/ipv4/tcp_input.c:4520
[<ffffffff831214cf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d71fc>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb92a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb92a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded501>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def553>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def63d>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def63d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837744df>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_add() in preemptible [00000000] code:
syz-executor0/4000
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 4000 Comm: syz-executor0 Not tainted 4.4.115-g55a366596 #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 cd4af439e4eb773b ffff8801d84d7740 ffffffff81d03d8d
0000000000000001 ffffffff839fe4a0 ffffffff83cef860 ffff8801d9544800
0000000000000003 ffff8801d84d7780 ffffffff81d63cd4 ffffffff8313163a
Call Trace:
[<ffffffff81d03d8d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d8d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63cd4>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff81d63d3c>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff83134a23>] tcp_prune_queue net/ipv4/tcp_input.c:4891 [inline]
[<ffffffff83134a23>] tcp_try_rmem_schedule+0xe33/0x1180
net/ipv4/tcp_input.c:4337
[<ffffffff8314a08a>] tcp_send_rcvq+0x1ba/0x450 net/ipv4/tcp_input.c:4520
[<ffffffff831214cf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d71fc>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb92a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb92a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded501>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff8
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 13, 2019, 8:02:15 PM4/13/19
to syzkaller-a...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages