BUG: using smp_processor_id() in preemptible code in __do_user

BUG: using smp_processor_id() in preemptible code in __do_user_fault
Status: upstream: reported on 2021/03/11 08:17
Reported-by: syzbot+a7ee43e564223f195c84@syzkaller.appspotmail.com
First crash: 44d, last: 2h26m

Sample crash report:

BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/9557
caller is debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64
CPU: 1 PID: 9557 Comm: syz-executor.0 Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
 r7:00000000 r6:60000113 r5:00000000 r4:82b58344
[<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline])
[<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
[<81809de0>] (dump_stack) from [<8181da88>] (check_preemption_disabled+0x118/0x11c lib/smp_processor_id.c:53)
 r7:81f63120 r6:00000001 r5:8181daac r4:868835f0
[<8181d970>] (check_preemption_disabled) from [<8181daac>] (debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64)
 r7:0000020e r6:868830c0 r5:0000000b r4:99999998
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (harden_branch_predictor arch/arm/include/asm/system_misc.h:24 [inline])
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (__do_user_fault+0x98/0x108 arch/arm/mm/fault.c:142)
[<80217968>] (__do_user_fault) from [<80217c90>] (do_page_fault+0x190/0x378 arch/arm/mm/fault.c:357)
 r9:00000000 r8:835e1bfc r7:835e1b80 r6:0000020e r5:99999998 r4:86be3fb0
[<80217b00>] (do_page_fault) from [<80218054>] (do_DataAbort+0x38/0xb8 arch/arm/mm/fault.c:522)
 r10:000bbbb8 r9:00000000 r8:80217b00 r7:86be3fb0 r6:99999998 r5:0000020e
 r4:82a330e8
[<8021801c>] (do_DataAbort) from [<80200dc4>] (__dabt_usr+0x44/0x60 arch/arm/kernel/entry-armv.S:421)
Exception stack(0x86be3fb0 to 0x86be3ff8)
3fa0:                                     99999999 99999998 00000001 ffffffff
3fc0: 99999999 76f08e80 0000000b 00084290 00000073 00000000 000bbbb8 76f08e74
3fe0: 7f030101 76f08988 00034f7c 000463a4 60000010 ffffffff
 r8:30c5387d r7:30c5387d r6:ffffffff r5:60000010 r4:000463a4
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/9557
caller is debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64
CPU: 1 PID: 9557 Comm: syz-executor.0 Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
 r7:00000000 r6:60000113 r5:00000000 r4:82b58344
[<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline])
[<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
[<81809de0>] (dump_stack) from [<8181da88>] (check_preemption_disabled+0x118/0x11c lib/smp_processor_id.c:53)
 r7:81f63120 r6:00000001 r5:8181daac r4:868835f0
[<8181d970>] (check_preemption_disabled) from [<8181daac>] (debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64)
 r7:0000020e r6:868830c0 r5:0000000b r4:99999998
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (harden_branch_predictor arch/arm/include/asm/system_misc.h:24 [inline])
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (__do_user_fault+0x98/0x108 arch/arm/mm/fault.c:142)
[<80217968>] (__do_user_fault) from [<80217c90>] (do_page_fault+0x190/0x378 arch/arm/mm/fault.c:357)
 r9:00000000 r8:835e1bfc r7:835e1b80 r6:0000020e r5:99999998 r4:86be3fb0
[<80217b00>] (do_page_fault) from [<80218054>] (do_DataAbort+0x38/0xb8 arch/arm/mm/fault.c:522)
 r10:000bbbb8 r9:00000000 r8:80217b00 r7:86be3fb0 r6:99999998 r5:0000020e
 r4:82a330e8
[<8021801c>] (do_DataAbort) from [<80200dc4>] (__dabt_usr+0x44/0x60 arch/arm/kernel/entry-armv.S:421)
Exception stack(0x86be3fb0 to 0x86be3ff8)
3fa0:                                     99999999 99999998 00000001 ffffffff
3fc0: 99999999 76f08e80 0000000b 00084290 00000073 00000000 000bbbb8 76f08e74
3fe0: 7f030101 76f08988 00034f7c 000463a4 60000010 ffffffff
 r8:30c5387d r7:30c5387d r6:ffffffff r5:60000010 r4:000463a4

Crashes (1810):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-qemu2-arm32	2021/04/23 13:56	upstream	bf152b0b	17f0b706	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/23 10:44	upstream	bf152b0b	17f0b706	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/23 09:09	upstream	bf152b0b	590921a5	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/23 07:12	upstream	bf152b0b	590921a5	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/23 06:08	upstream	bf152b0b	590921a5	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/23 01:31	upstream	bf152b0b	590921a5	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/23 00:00	upstream	bf152b0b	590921a5	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 20:22	upstream	bf152b0b	33c28d03	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 19:04	upstream	bf152b0b	33c28d03	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 16:45	upstream	bf152b0b	33c28d03	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 13:58	upstream	bf152b0b	33c28d03	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 12:33	upstream	bf152b0b	33c28d03	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 10:40	upstream	bf152b0b	33c28d03	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 08:02	upstream	bf152b0b	2bc8999a	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 06:22	upstream	bf152b0b	2bc8999a	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/22 03:26	upstream	bf152b0b	2bc8999a	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 22:31	upstream	bf152b0b	2bc8999a	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 19:44	upstream	bf152b0b	95777977	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 17:36	upstream	bf152b0b	95777977	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 15:58	upstream	bf152b0b	95777977	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 12:00	upstream	bf152b0b	95777977	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 10:27	upstream	bf152b0b	95777977	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 07:47	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 06:17	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 04:55	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 03:50	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 02:40	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 02:32	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 01:14	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/21 00:09	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 23:08	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 21:12	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 18:45	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 17:30	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 16:29	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 15:08	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 13:44	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 13:16	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 08:42	upstream	bf152b0b	c0ced557	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 05:23	upstream	bf152b0b	4285c989	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/20 03:53	upstream	bf152b0b	4285c989	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/19 22:34	upstream	bf152b0b	4285c989	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/19 20:38	upstream	bf152b0b	4285c989	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/19 18:14	upstream	bf152b0b	50f523d7	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/19 16:49	upstream	bf152b0b	50f523d7	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/19 15:32	upstream	bf152b0b	50f523d7	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/04/19 13:48	upstream	bf152b0b	50f523d7	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/03/11 08:04	upstream	a74e6a01	c2ca1f2a	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/03/10 02:11	upstream	05a59d79	26967e35	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault