syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [5941]
🐞 Invalid [14533]
Missing Backports [113]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher

Status: upstream: reported C repro on 2024/12/30 19:22
Subsystems: crypto
[Documentation on labels]
Reported-by: syzbot+b3e02953598f447d4d2a@syzkaller.appspotmail.com
Fix commit: net: restrict SO_REUSEPORT to inet sockets
Patched on: [ci-upstream-net-this-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 3d21h, last: 3d15h
Cause bisection: failed (error log, bisect log)
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH v2 net] net: restrict SO_REUSEPORT to inet sockets 3 (3) 2025/01/03 02:20
[PATCH net] net: restrict SO_REUSEPORT to TCP, UDP and SCTP sockets 4 (4) 2024/12/31 18:33
[syzbot] [crypto?] BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher 0 (1) 2024/12/30 19:22
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/12/30 18:48 22m edumazet@google.com patch net OK log
2024/12/30 18:04 26m edumazet@google.com patch net OK log

Sample crash report:
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/0
preempt_count: 101, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by swapper/0/0:
 #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
 #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
Preemption disabled at:
[<ffffffff8bc9a85d>] schedule_preempt_disabled+0x1d/0x30 kernel/sched/core.c:6906
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758
 __mutex_lock_common kernel/locking/mutex.c:562 [inline]
 __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735
 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
 aead_release+0x3d/0x50 crypto/algif_aead.c:489
 alg_do_release crypto/af_alg.c:118 [inline]
 alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline]
RIP: 0010:acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112
Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 00 d6 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 15 c1 a0 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffffff8e607ca8 EFLAGS: 00000246
RAX: ffffffff8e6965c0 RBX: ffff888140ee4064 RCX: 000000000001ace9
RDX: 0000000000000001 RSI: ffff888140ee4000 RDI: ffff888140ee4064
RBP: 000000000003a9f8 R08: ffff8880b8637cdb R09: 1ffff110170c6f9b
R10: dffffc0000000000 R11: ffffffff8bc8bc80 R12: ffff88814628d000
R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f1217a0
 acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:699
 cpuidle_enter_state+0x109/0x470 drivers/cpuidle/cpuidle.c:268
 cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:389
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:230 [inline]
 do_idle+0x372/0x5c0 kernel/sched/idle.c:325
 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
 rest_init+0x2dc/0x300 init/main.c:747
 start_kernel+0x47f/0x500 init/main.c:1102
 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
 x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
 common_startup_64+0x13e/0x147
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Tainted: G        W         
-----------------------------
swapper/0/0 is trying to lock:
ffffffff8f035d88 (crypto_default_null_skcipher_lock){+.+.}-{4:4}, at: crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
other info that might help us debug this:
context-{3:3}
1 lock held by swapper/0/0:
 #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
 #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
stack backtrace:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G        W          6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
 check_wait_context kernel/locking/lockdep.c:4898 [inline]
 __lock_acquire+0x15a8/0x2100 kernel/locking/lockdep.c:5176
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
 aead_release+0x3d/0x50 crypto/algif_aead.c:489
 alg_do_release crypto/af_alg.c:118 [inline]
 alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline]
RIP: 0010:acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112
Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 00 d6 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 15 c1 a0 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffffff8e607ca8 EFLAGS: 00000246
RAX: ffffffff8e6965c0 RBX: ffff888140ee4064 RCX: 000000000001ace9
RDX: 0000000000000001 RSI: ffff888140ee4000 RDI: ffff888140ee4064
RBP: 000000000003a9f8 R08: ffff8880b8637cdb R09: 1ffff110170c6f9b
R10: dffffc0000000000 R11: ffffffff8bc8bc80 R12: ffff88814628d000
R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f1217a0
 acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:699
 cpuidle_enter_state+0x109/0x470 drivers/cpuidle/cpuidle.c:268
 cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:389
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:230 [inline]
 do_idle+0x372/0x5c0 kernel/sched/idle.c:325
 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
 rest_init+0x2dc/0x300 init/main.c:747
 start_kernel+0x47f/0x500 init/main.c:1102
 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
 x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
 common_startup_64+0x13e/0x147
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	65 48 8b 04 25 00 d6 	mov    %gs:0x3d600,%rax
  10:	03 00
  12:	48 f7 00 08 00 00 00 	testq  $0x8,(%rax)
  19:	75 10                	jne    0x2b
  1b:	66 90                	xchg   %ax,%ax
  1d:	0f 00 2d 15 c1 a0 00 	verw   0xa0c115(%rip)        # 0xa0c139
  24:	f3 0f 1e fa          	endbr64
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	fa                   	cli <-- trapping instruction
  2b:	c3                   	ret
  2c:	cc                   	int3
  2d:	cc                   	int3
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  37:	00 00
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/30 15:16 net a024e377efed d3ccff63 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher
2024/12/30 12:27 net a024e377efed d3ccff63 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher
2024/12/30 10:55 net a024e377efed d3ccff63 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher
2024/12/30 13:58 net a024e377efed d3ccff63 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher
2024/12/30 09:26 net a024e377efed d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce BUG: sleeping function called from invalid context in crypto_put_default_null_skcipher
* Struck through repros no longer work on HEAD.