syzbot

 sign-in | mailing list | source | docs
🐞 Open [196]
🐞 Fixed [42]
🐞 Invalid [470]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: sleeping function called from invalid context at mm/slab.h:LINE

Status: fixed on 2017/10/23 20:15
Fix commit: 0f94b36de37c af_key: Add lock to key dump
First crash: 3006d, last: 2992d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: sleeping function called from invalid context at mm/slab.h:LINE (2) bpf -1 2 2823d 2824d 4/29 fixed on 2018/02/01 04:00
upstream BUG: sleeping function called from invalid context at mm/slab.h:LINE (4) crypto -1 C 36 2496d 2657d 11/29 fixed on 2019/01/11 01:22
upstream BUG: sleeping function called from invalid context at mm/slab.h:LINE (3) kernel -1 339 2719d 2803d 0/29 closed as dup on 2018/02/12 16:15
upstream BUG: sleeping function called from invalid context at mm/slab.h:LINE -1 C 8 2985d 2989d 2/29 fixed on 2017/09/06 01:15

Sample crash report:
in_atomic(): 1, irqs_disabled(): 0, pid: 3306, name: syzkaller824432
INFO: lockdep is turned off.
Preemption disabled at:[   34.739024] [<ffffffff833a4910>] spin_lock_bh include/linux/spinlock.h:307 [inline]
Preemption disabled at:[   34.739024] [<ffffffff833a4910>] xfrm_policy_walk+0xb0/0x4d0 net/xfrm/xfrm_policy.c:1033
CPU: 1 PID: 3306 Comm: syzkaller824432 Not tainted 4.9.40-g7b2727c #16
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c9f0f650 ffffffff81d8f109 ffffffff833a4910 0000000000000000
 0000000000000201 ffff8801c9803000 ffff8801c9803000 ffff8801c9f0f688
 ffffffff811ba4f4 ffff8801c9803000 ffffffff8418f96c 0000000000000189
Call Trace:
 [<ffffffff81d8f109>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d8f109>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff811ba4f4>] ___might_sleep+0x2f4/0x470 kernel/sched/core.c:8037
 [<ffffffff811ba705>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7994
 [<ffffffff815346f0>] slab_pre_alloc_hook mm/slab.h:393 [inline]
 [<ffffffff815346f0>] slab_alloc_node mm/slub.c:2641 [inline]
 [<ffffffff815346f0>] slab_alloc mm/slub.c:2723 [inline]
 [<ffffffff815346f0>] kmem_cache_alloc+0x140/0x290 mm/slub.c:2728
 [<ffffffff82ee9ce2>] skb_clone+0x142/0x2c0 net/core/skbuff.c:1032
 [<ffffffff83552497>] pfkey_broadcast_one+0x367/0x480 net/key/af_key.c:202
 [<ffffffff83559b32>] pfkey_broadcast+0x3c2/0x610 net/key/af_key.c:276
 [<ffffffff8355da34>] dump_sp+0x354/0x450 net/key/af_key.c:2672
 [<ffffffff833a4a11>] xfrm_policy_walk+0x1b1/0x4d0 net/xfrm/xfrm_policy.c:1047
 [<ffffffff835525f2>] pfkey_dump_sp+0x42/0x50 net/key/af_key.c:2682
 [<ffffffff8355b880>] pfkey_do_dump+0x40/0x2b0 net/key/af_key.c:288
 [<ffffffff8355bc77>] pfkey_spddump+0x187/0x1e0 net/key/af_key.c:2705
 [<ffffffff8355ce59>] pfkey_process+0x619/0x730 net/key/af_key.c:2795
 [<ffffffff8355e6ef>] pfkey_sendmsg+0x3af/0x750 net/key/af_key.c:3636
 [<ffffffff82ec7b9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82ec7b9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ec9751>] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968
 [<ffffffff82ecb786>] __sys_sendmsg+0xd6/0x190 net/socket.c:2002
 [<ffffffff82ecb86d>] SYSC_sendmsg net/socket.c:2013 [inline]
 [<ffffffff82ecb86d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2009
 [<ffffffff838a26c5>] entry_SYSCALL_64_fastpath+0x23/0xc6

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/08/07 17:44 https://android.googlesource.com/kernel/common android-4.9 7b2727c68878 77a9ec9b .config console log report syz C ci-android-49-kasan-gce
2017/07/25 01:57 https://android.googlesource.com/kernel/common android-4.9 72a0c9f5b54a b0d23a5c .config console log report syz C ci-android-49-kasan-gce
2017/08/07 19:00 https://android.googlesource.com/kernel/common android-4.9 7b2727c68878 77a9ec9b .config console log report syz ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.