syzbot


BUG: sleeping function called from invalid context in corrupted (2)

Status: upstream: reported C repro on 2022/06/09 04:01
Reported-by: syzbot+efe1afd49d981d281ae4@syzkaller.appspotmail.com
First crash: 16d, last: 15d

Cause bisection: introduced by (bisect log) :
commit d8616ee2affcff37c5d315310da557a694a3303d
Author: Wang Yufen <wangyufen@huawei.com>
Date: Tue May 24 07:53:11 2022 +0000

  bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues

Crash: BUG: sleeping function called from invalid context in sock_map_destroy (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: sleeping function called from invalid context in corrupted C done 2 578d 579d 1/1 fixed on 2020/12/25 08:46
upstream BUG: sleeping function called from invalid context in corrupted syz done 18 568d 592d 21/22 fixed on 2021/03/10 01:49
Patch testing requests:
Created Duration User Patch Repo Result
2022/06/11 02:53 17m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 03c312cc5f47 OK log

Sample crash report:
BUG: sleeping function called from invalid context at kernel/workqueue.c:3010
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3612, name: syz-executor806
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
3 locks held by syz-executor806/3612:
 #0: ffff888072661410 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:740 [inline]
 #0: ffff888072661410 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:649
 #1: ffff888026a11ab0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]
 #1: ffff888026a11ab0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1e/0xc0 net/ipv4/tcp.c:2908
 #2: ffff888026a11a30 (slock-AF_INET6){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:360 [inline]
 #2: ffff888026a11a30 (slock-AF_INET6){+...}-{2:2}, at: __tcp_close+0x722/0x12b0 net/ipv4/tcp.c:2830
Preemption disabled at:
[<ffffffff87ddddca>] local_bh_disable include/linux/bottom_half.h:20 [inline]
[<ffffffff87ddddca>] __tcp_close+0x71a/0x12b0 net/ipv4/tcp.c:2829
CPU: 0 PID: 3612 Comm: syz-executor806 Not tainted 5.19.0-rc1-next-20220609-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9823
 __flush_wor

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2022/06/09 18:59 linux-next ff539ac73ea5 0d5abf15 .config log report syz C BUG: sleeping function called from invalid context in corrupted
ci-upstream-linux-next-kasan-gce-root 2022/06/09 11:25 linux-next ff539ac73ea5 0d5abf15 .config log report syz C BUG: sleeping function called from invalid context in corrupted
ci-upstream-linux-next-kasan-gce-root 2022/06/09 11:05 linux-next ff539ac73ea5 0d5abf15 .config log report syz C BUG: sleeping function called from invalid context in corrupted
ci-upstream-linux-next-kasan-gce-root 2022/06/08 20:35 linux-next 03c312cc5f47 b2706118 .config log report syz C BUG: sleeping function called from invalid context in corrupted