BUG: using __this_cpu_add() in preemptible code in check_preemption_disabled
9 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:43 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4e74e983 ANDROID: sdcardfs: Protect set_top
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=17a1a725800000
kernel config: https://syzkaller.appspot.com/x/.config?x=51f4476befd65731
dashboard link: https://syzkaller.appspot.com/bug?extid=7d3429383387cc013027
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101f6055800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14710b05800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7d3429...@syzkaller.appspotmail.com
BUG: using __this_cpu_add() in preemptible [00000000] code:
syzkaller923016/5299
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 5299 Comm: syzkaller923016 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 bfab85adf8ab8103 ffff8800aa7376c8 ffffffff81d03d2d
0000000000000000 ffffffff839fe3a0 ffffffff83cef720 ffff8801d38a9800
0000000000000003 ffff8800aa737708 ffffffff81d63c74 ffffffff810002b8
Call Trace:
[<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff810002b8>] ? 0xffffffff810002b8
[<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
[<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
[<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
[<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def4ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def4ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837742df>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_add() in preemptible [00000000] code:
syzkaller923016/5460
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 5460 Comm: syzkaller923016 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 224f5a243efd0488 ffff8800b60676c8 ffffffff81d03d2d
0000000000000001 ffffffff839fe3a0 ffffffff83cef720 ffff8800b6819800
0000000000000003 ffff8800b6067708 ffffffff81d63c74 ffffffff810002b8
Call Trace:
[<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff810002b8>] ? 0xffffffff810002b8
[<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
[<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
[<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
[<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def4ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def4ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837742df>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_add() in preemptible [00000000] code:
syzkaller923016/6742
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 6742 Comm: syzkaller923016 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 16b6d38d6d993585 ffff8800b55cf6c8 ffffffff81d03d2d
0000000000000001 ffffffff839fe3a0 ffffffff83cef720 ffff8801d04f4800
0000000000000003 ffff8800b55cf708 ffffffff81d63c74 ffffffff810002b8
Call Trace:
[<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff810002b8>] ? 0xffffffff810002b8
[<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
[<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
[<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
[<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def4ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def4ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837742df>] entry_SYSCALL_64_fastpath+0x1c/0x98
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 4e74e983 ANDROID: sdcardfs: Protect set_top
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=17a1a725800000
kernel config: https://syzkaller.appspot.com/x/.config?x=51f4476befd65731
dashboard link: https://syzkaller.appspot.com/bug?extid=7d3429383387cc013027
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101f6055800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14710b05800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7d3429...@syzkaller.appspotmail.com
BUG: using __this_cpu_add() in preemptible [00000000] code:
syzkaller923016/5299
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 5299 Comm: syzkaller923016 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 bfab85adf8ab8103 ffff8800aa7376c8 ffffffff81d03d2d
0000000000000000 ffffffff839fe3a0 ffffffff83cef720 ffff8801d38a9800
0000000000000003 ffff8800aa737708 ffffffff81d63c74 ffffffff810002b8
Call Trace:
[<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff810002b8>] ? 0xffffffff810002b8
[<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
[<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
[<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
[<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def4ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def4ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837742df>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_add() in preemptible [00000000] code:
syzkaller923016/5460
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 5460 Comm: syzkaller923016 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 224f5a243efd0488 ffff8800b60676c8 ffffffff81d03d2d
0000000000000001 ffffffff839fe3a0 ffffffff83cef720 ffff8800b6819800
0000000000000003 ffff8800b6067708 ffffffff81d63c74 ffffffff810002b8
Call Trace:
[<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff810002b8>] ? 0xffffffff810002b8
[<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
[<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
[<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
[<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def4ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def4ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837742df>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_add() in preemptible [00000000] code:
syzkaller923016/6742
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 6742 Comm: syzkaller923016 Not tainted 4.4.114-g4e74e98 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 16b6d38d6d993585 ffff8800b55cf6c8 ffffffff81d03d2d
0000000000000001 ffffffff839fe3a0 ffffffff83cef720 ffff8801d04f4800
0000000000000003 ffff8800b55cf708 ffffffff81d63c74 ffffffff810002b8
Call Trace:
[<ffffffff81d03d2d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d03d2d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81d63c74>] check_preemption_disabled+0x1d4/0x200
lib/smp_processor_id.c:46
[<ffffffff810002b8>] ? 0xffffffff810002b8
[<ffffffff81d63cdc>] __this_cpu_preempt_check+0x1c/0x20
lib/smp_processor_id.c:62
[<ffffffff8312a609>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
[<ffffffff83132787>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
[<ffffffff8314a05b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
[<ffffffff831212bf>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
[<ffffffff831d6fec>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
[<ffffffff82deb79a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82deb79a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82ded371>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82def3c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82def4ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82def4ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff837742df>] entry_SYSCALL_64_fastpath+0x1c/0x98
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages