BUG: using smp_processor_id() in preemptible code in __do_user

BUG: using smp_processor_id() in preemptible code in __do_user_fault
Status: upstream: reported on 2021/03/11 08:17
Reported-by: syzbot+a7ee43e564223f195c84@syzkaller.appspotmail.com
First crash: 148d, last: 3h03m

Sample crash report:

BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/19493
caller is debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64
CPU: 0 PID: 19493 Comm: syz-executor.0 Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
 r7:00000000 r6:60000113 r5:00000000 r4:82b58344
[<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline])
[<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
[<81809de0>] (dump_stack) from [<8181da88>] (check_preemption_disabled+0x118/0x11c lib/smp_processor_id.c:53)
 r7:81f63120 r6:00000000 r5:8181daac r4:835135f0
[<8181d970>] (check_preemption_disabled) from [<8181daac>] (debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64)
 r7:00000207 r6:835130c0 r5:0000000b r4:fffffffc
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (harden_branch_predictor arch/arm/include/asm/system_misc.h:24 [inline])
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (__do_user_fault+0x98/0x108 arch/arm/mm/fault.c:142)
[<80217968>] (__do_user_fault) from [<80217c90>] (do_page_fault+0x190/0x378 arch/arm/mm/fault.c:357)
 r9:00000000 r8:835fcb7c r7:835fcb00 r6:00000207 r5:fffffffc r4:86fbbfb0
[<80217b00>] (do_page_fault) from [<80218054>] (do_DataAbort+0x38/0xb8 arch/arm/mm/fault.c:522)
 r10:000bbab0 r9:00000000 r8:80217b00 r7:86fbbfb0 r6:fffffffc r5:00000207
 r4:82a33078
[<8021801c>] (do_DataAbort) from [<80200dc4>] (__dabt_usr+0x44/0x60 arch/arm/kernel/entry-armv.S:421)
Exception stack(0x86fbbfb0 to 0x86fbbff8)
bfa0:                                     ffffffff fffffffc 00000001 ffffffff
bfc0: ffffffff 76f61e80 0000000b 000842c0 00000073 00000000 000bbab0 76f61e74
bfe0: 7f030101 76f61988 00034fac 000463d4 60000010 ffffffff
 r8:30c5387d r7:30c5387d r6:ffffffff r5:60000010 r4:000463d4
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/19493
caller is debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64
CPU: 0 PID: 19493 Comm: syz-executor.0 Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
 r7:00000000 r6:60000113 r5:00000000 r4:82b58344
[<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline])
[<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
[<81809de0>] (dump_stack) from [<8181da88>] (check_preemption_disabled+0x118/0x11c lib/smp_processor_id.c:53)
 r7:81f63120 r6:00000000 r5:8181daac r4:835135f0
[<8181d970>] (check_preemption_disabled) from [<8181daac>] (debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:64)
 r7:00000207 r6:835130c0 r5:0000000b r4:fffffffc
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (harden_branch_predictor arch/arm/include/asm/system_misc.h:24 [inline])
[<8181da8c>] (debug_smp_processor_id) from [<80217a00>] (__do_user_fault+0x98/0x108 arch/arm/mm/fault.c:142)
[<80217968>] (__do_user_fault) from [<80217c90>] (do_page_fault+0x190/0x378 arch/arm/mm/fault.c:357)
 r9:00000000 r8:835fcb7c r7:835fcb00 r6:00000207 r5:fffffffc r4:86fbbfb0
[<80217b00>] (do_page_fault) from [<80218054>] (do_DataAbort+0x38/0xb8 arch/arm/mm/fault.c:522)
 r10:000bbab0 r9:00000000 r8:80217b00 r7:86fbbfb0 r6:fffffffc r5:00000207
 r4:82a33078
[<8021801c>] (do_DataAbort) from [<80200dc4>] (__dabt_usr+0x44/0x60 arch/arm/kernel/entry-armv.S:421)
Exception stack(0x86fbbfb0 to 0x86fbbff8)
bfa0:                                     ffffffff fffffffc 00000001 ffffffff
bfc0: ffffffff 76f61e80 0000000b 000842c0 00000073 00000000 000bbab0 76f61e74
bfe0: 7f030101 76f61988 00034fac 000463d4 60000010 ffffffff
 r8:30c5387d r7:30c5387d r6:ffffffff r5:60000010 r4:000463d4

Crashes (6715):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-qemu2-arm32	2021/08/05 12:58	upstream	bf152b0b41dc	7f7bb950	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/05 08:44	upstream	bf152b0b41dc	7f7bb950	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/05 06:31	upstream	bf152b0b41dc	7f7bb950	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/05 04:46	upstream	bf152b0b41dc	7f7bb950	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/05 02:31	upstream	bf152b0b41dc	b97d64c9	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/05 01:09	upstream	bf152b0b41dc	b97d64c9	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 18:11	upstream	bf152b0b41dc	b97d64c9	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 16:45	upstream	bf152b0b41dc	b97d64c9	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 15:06	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 14:34	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 13:06	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 11:16	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 10:08	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 10:07	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 08:50	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 07:41	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 06:31	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 06:21	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 05:13	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 03:15	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 02:14	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 01:13	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/04 00:06	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 23:05	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 21:32	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 20:40	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 19:18	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 18:09	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 16:54	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 15:50	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 14:17	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 13:09	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 11:59	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 10:43	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 09:28	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 09:24	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 07:52	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 06:29	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 05:21	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 04:17	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 03:17	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 02:10	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/03 01:02	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/08/02 23:57	upstream	bf152b0b41dc	6c236867	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/03/11 08:04	upstream	a74e6a014c9d	c2ca1f2a	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault
ci-qemu2-arm32	2021/03/10 02:11	upstream	05a59d79793d	26967e35	.config	log	report	info	BUG: using smp_processor_id() in preemptible code in __do_user_fault