syzbot


BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc

Status: fixed on 2021/11/10 00:50
Subsystems: arm-msm net
[Documentation on labels]
Reported-by: syzbot+3eec59e770685e3dc879@syzkaller.appspotmail.com
Fix commit: 3cbf7530a163 qrtr: Convert qrtr_ports from IDR to XArray
First crash: 1383d, last: 1046d
Cause bisection: introduced by (bisect log) :
commit e42671084361302141a09284fde9bbc14fdd16bf
Author: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Date: Thu May 7 12:53:06 2020 +0000

  net: qrtr: Do not depend on ARCH_QCOM

Crash: BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 43016d02cf6e46edfc4696452251d34bba0c0435
Author: Florian Westphal <fw@strlen.de>
Date: Mon May 3 11:51:15 2021 +0000

  netfilter: arptables: use pernet ops struct during unregister

  
Duplicate bugs (1)
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: using smp_processor_id() in preemptible code in debug_smp_processor_id arm-msm net C done 10 1383d 1383d 0/26 closed as dup on 2020/06/05 04:06
Discussions (4)
Title Replies (including bot) Last reply
BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc 4 (7) 2021/06/07 16:58
[PATCH] qrtr: Convert qrtr_ports from IDR to XArray 7 (7) 2021/03/30 22:28
[PATCH v2] net:qrtr: fix atomic idr allocation in qrtr_port_assign() 9 (9) 2021/03/29 11:09
[PATCH] net:qrtr: fix allocator flag of idr_alloc_u32() in qrtr_port_assign() 4 (4) 2021/03/27 11:46
Last patch testing requests (7)
Created Duration User Patch Repo Result
2021/03/27 01:28 15m ducheng2@gmail.com patch upstream OK
2021/03/27 01:04 15m ducheng2@gmail.com patch upstream OK
2021/03/26 03:13 15m ducheng2@gmail.com patch upstream OK
2021/03/14 09:06 15m ducheng2@gmail.com patch upstream OK
2021/03/14 09:01 0m ducheng2@gmail.com patch upstream error OK
2021/03/14 08:46 10m ducheng2@gmail.com upstream report log
2020/07/10 16:06 10m brookebasile@gmail.com upstream report log

Sample crash report:
RAX: ffffffffffffffda RBX: 00007ffdf01d56d0 RCX: 00000000004406c9
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 0000000000000005 R08: 0000000000000001 R09: 0000000000000031
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f50
R13: 0000000000401fe0 R14: 0000000000000000 R15: 0000000000000000
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor036/6796
caller is radix_tree_node_alloc.constprop.0+0x200/0x330 lib/radix-tree.c:262
CPU: 0 PID: 6796 Comm: syz-executor036 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 check_preemption_disabled lib/smp_processor_id.c:47 [inline]
 debug_smp_processor_id.cold+0x88/0x9b lib/smp_processor_id.c:57
 radix_tree_node_alloc.constprop.0+0x200/0x330 lib/radix-tree.c:262
 radix_tree_extend+0x256/0x4e0 lib/radix-tree.c:424
 idr_get_free+0x60c/0x8e0 lib/radix-tree.c:1492
 idr_alloc_u32+0x170/0x2d0 lib/idr.c:46
 idr_alloc+0xc2/0x130 lib/idr.c:87
 qrtr_port_assign net/qrtr/qrtr.c:703 [inline]
 __qrtr_bind.isra.0+0x12e/0x5c0 net/qrtr/qrtr.c:756
 qrtr_autobind net/qrtr/qrtr.c:787 [inline]
 qrtr_autobind+0xaf/0xf0 net/qrtr/qrtr.c:775
 qrtr_sendmsg+0x1d6/0x770 net/qrtr/qrtr.c:895
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6e6/0x810 net/socket.c:2352
 ___sys_sendmsg+0x100/0x170 net/socket.c:2406
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x4406c9
Code: 25 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdf01d56c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffdf01d56d0 RCX: 00000000004406c9
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 0000000000000005 R08: 0000000000000001 R09: 0000000000000031
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f50
R13: 0000000000401fe0 R14: 0000000000000000 R15: 0000000000000000

Crashes (544):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/04 22:57 upstream acf25aa66371 6720fdef .config console log report syz C ci-upstream-kasan-gce
2021/05/04 18:44 upstream d2b6f8a17919 09efdd63 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/05/03 18:12 upstream d2b6f8a17919 ad61f371 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/30 17:19 upstream d2b6f8a17919 77e2b668 .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/30 04:18 upstream d2b6f8a17919 77e2b668 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/29 17:48 upstream d72cd4ad4174 77e2b668 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/29 03:24 upstream acd3d2859453 77e2b668 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/28 10:31 upstream 57fa2369ab17 805b5003 .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/27 02:58 upstream 9f4ad9e425a1 e60b7df1 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/26 13:28 upstream 9f4ad9e425a1 2a82f1b3 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/25 16:50 upstream 2a1d7946fa53 36c88236 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/25 15:44 upstream 2a1d7946fa53 36c88236 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/25 02:31 upstream 8db5efb83fa9 17f0b706 .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/25 01:11 upstream 8db5efb83fa9 17f0b706 .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/24 15:25 upstream e77a830c8297 17f0b706 .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/23 09:27 upstream 90c911ad7445 590921a5 .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/22 13:10 upstream 16fc44d6387e 33c28d03 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/22 04:26 upstream 16fc44d6387e 2bc8999a .config console log report info ci-upstream-kasan-gce-selinux-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/19 00:21 upstream c98ff1d013d2 7e2b734b .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/17 01:35 upstream 2f7b98d1e55c 7e2b734b .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/14 17:22 upstream 50987beca096 3134b37f .config console log report info ci-upstream-kasan-gce-smack-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/13 11:47 upstream 89698becf06d bfeda1b1 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/12 04:58 upstream 7d900724913c bfeda1b1 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/11 12:35 upstream 52e44129fba5 bfeda1b1 .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/10 18:38 upstream d4961772226d bfeda1b1 .config console log report info ci-upstream-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/08 21:33 upstream 454859c552da 6a81331a .config console log report info ci-upstream-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/05/02 07:40 upstream d2b6f8a17919 77e2b668 .config console log report info ci-upstream-kasan-gce-386 BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/23 22:43 upstream 18a3c5f7abfd 17f0b706 .config console log report info ci-upstream-kasan-gce-386 BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/13 09:05 upstream 89698becf06d bfeda1b1 .config console log report info ci-upstream-kasan-gce-386 BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/12 20:09 upstream d434405aaab7 bfeda1b1 .config console log report info ci-upstream-kasan-gce-386 BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/02/22 23:34 upstream 31caf8b2a847 c26fb06b .config console log report info ci-qemu2-arm64-compat BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/02/10 05:02 upstream e0756cfc7d7c 2bd9619f .config console log report info ci-qemu2-arm64 BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/05/07 21:18 net-old bbd6f0a94813 f6da8120 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/05/07 18:49 net-old bbd6f0a94813 f6da8120 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/30 09:42 net-old bbd6f0a94813 77e2b668 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/30 02:52 net-old bbd6f0a94813 77e2b668 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/29 22:38 net-old bbd6f0a94813 77e2b668 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/27 06:37 net-old bbd6f0a94813 805b5003 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/25 11:21 net-old 6477dd39e62c 36c88236 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/21 00:46 net-old 4acd47644ef1 c0ced557 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/18 20:11 net-old 88a5af943985 7e2b734b .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/18 16:53 net-old 88a5af943985 7e2b734b .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/18 15:15 net-old 88a5af943985 7e2b734b .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/16 18:25 net-old 0e0704bb9ea0 7e2b734b .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/15 12:59 net-old 00423969d806 fcdb12ba .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/11 07:20 net-old 4e04e7513b0f bfeda1b1 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/11 00:49 net-old 4e04e7513b0f bfeda1b1 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/10 18:27 net-old 4e04e7513b0f bfeda1b1 .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/07 15:31 net-old 0f6925b3e8da 6a81331a .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/07 09:04 net-old 0f6925b3e8da 6a81331a .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/07 07:37 net-old 0f6925b3e8da 6a81331a .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/07 01:13 net-old 08c27f3322fe 6a81331a .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/04/06 03:39 net-old 08c27f3322fe 6a81331a .config console log report info ci-upstream-net-this-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/03/30 10:39 net-next-old 37f368d8d09d 6a81331a .config console log report info ci-upstream-net-kasan-gce BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2021/02/08 01:44 linux-next aa2b88209686 2ce644fc .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
2020/10/18 03:41 upstream 9d9af1007bc0 fea47c01 .config console log report info ci-qemu-upstream-386
2020/06/04 19:20 net-old cb8e59cc8720 6720fdef .config console log report ci-upstream-net-this-kasan-gce
2021/01/17 08:43 net-next-old c761b2df9df0 65a7a854 .config console log report info ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.