Re: BUG: using smp_processor_id() in preemptible code in tipc_crypto_xmit

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+263f8c0d007dc09b2dda@syzkaller.appspotmail.com>
To: davem@davemloft.net, jmaloy@redhat.com, kuba@kernel.org,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	syzkaller-bugs@googlegroups.com,
	tipc-discussion@lists.sourceforge.net, ying.xue@windriver.com
Subject: Re: BUG: using smp_processor_id() in preemptible code in tipc_crypto_xmit
Date: Mon, 13 Jul 2020 00:19:22 -0700	[thread overview]
Message-ID: <00000000000087abf205aa4d82f0@google.com> (raw)
In-Reply-To: <000000000000cbef4a05a8ffc4ef@google.com>

syzbot has found a reproducer for the following crash on:

HEAD commit:    4437dd6e Merge tag 'io_uring-5.8-2020-07-12' of git://git...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13a4773f100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=66ad203c2bb6d8b
dashboard link: https://syzkaller.appspot.com/bug?extid=263f8c0d007dc09b2dda
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=132d41c0900000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=147f114f100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+263f8c0d007dc09b2dda@syzkaller.appspotmail.com

tipc: Started in network mode
tipc: Own node identity aaaaaaaaaa3a, cluster identity 4711
tipc: Enabled bearer <eth:macsec0>, priority 0
tipc: TX(aaaaaaaaaa3a): key initiating, rc 1!
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor201/6801
caller is tipc_aead_tfm_next net/tipc/crypto.c:402 [inline]
caller is tipc_aead_encrypt net/tipc/crypto.c:639 [inline]
caller is tipc_crypto_xmit+0x80a/0x2790 net/tipc/crypto.c:1605
CPU: 0 PID: 6801 Comm: syz-executor201 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 check_preemption_disabled+0x128/0x130 lib/smp_processor_id.c:48
 tipc_aead_tfm_next net/tipc/crypto.c:402 [inline]
 tipc_aead_encrypt net/tipc/crypto.c:639 [inline]
 tipc_crypto_xmit+0x80a/0x2790 net/tipc/crypto.c:1605
 tipc_bearer_xmit_skb+0x180/0x3f0 net/tipc/bearer.c:523
 tipc_enable_bearer+0xb1d/0xdc0 net/tipc/bearer.c:331
 __tipc_nl_bearer_enable+0x2bf/0x390 net/tipc/bearer.c:995
 __tipc_nl_compat_doit net/tipc/netlink_compat.c:361 [inline]
 tipc_nl_compat_doit+0x440/0x640 net/tipc/netlink_compat.c:383
 tipc_nl_compat_handle net/tipc/netlink_compat.c:1268 [inline]
 tipc_nl_compat_recv+0x4ef/0xb40 net/tipc/netlink_compat.c:1311
 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:714 [inline]
 genl_rcv_msg+0x61d/0x980 net/netlink/genetlink.c:731
 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2469
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:742
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2352
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2406
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4476a9
Code: Bad RIP value.
RSP: 002b:00007fff2b6d5168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000000

next prev parent reply	other threads:[~2020-07-13  7:19 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-26 17:09 BUG: using smp_processor_id() in preemptible code in tipc_crypto_xmit syzbot
2020-07-13  7:19 ` syzbot [this message]
2020-07-22 10:59 ` syzbot
2020-10-09 10:58 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=00000000000087abf205aa4d82f0@google.com \
    --to=syzbot+263f8c0d007dc09b2dda@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=jmaloy@redhat.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tipc-discussion@lists.sourceforge.net \
    --cc=ying.xue@windriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.