BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 11180, name: syz-executor
preempt_count: 100, expected: 0
RCU nest depth: 0, expected: 0
2 locks held by syz-executor/11180:
 #0: ffff8880338f01e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline]
 #0: ffff8880338f01e0 (&mm->mmap_lock){++++}-{4:4}, at: get_mmap_lock_carefully mm/memory.c:6149 [inline]
 #0: ffff8880338f01e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0 mm/memory.c:6209
 #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
 #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
Preemption disabled at:
[<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline]
[<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537
CPU: 0 UID: 0 PID: 11180 Comm: syz-executor Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758
 __mutex_lock_common kernel/locking/mutex.c:562 [inline]
 __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735
 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
 aead_release+0x3d/0x50 crypto/algif_aead.c:489
 alg_do_release crypto/af_alg.c:118 [inline]
 alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:memcg1_commit_charge+0x250/0x310 mm/memcontrol-v1.c:569
Code: 40 42 80 3c 23 00 74 08 4c 89 ff e8 da 10 f9 ff f6 44 24 41 02 75 71 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 20 0e 36 e0 45 <4b> c7 04 34 00 00 00 00 66 43 c7 44 34 09 00 00 43 c6 44 34 0b 00
RSP: 0018:ffffc900034cf4c0 EFLAGS: 00000206
RAX: 04afa6622f574200 RBX: 1ffff92000699ea0 RCX: ffffffff817b275a
RDX: dffffc0000000000 RSI: ffffffff8c0a9760 RDI: ffffffff8c5faee0
RBP: ffffc900034cf598 R08: ffffffff942a48b7 R09: 1ffffffff2854916
R10: dffffc0000000000 R11: fffffbfff2854917 R12: dffffc0000000000
R13: 0000000000000246 R14: 1ffff92000699e9c R15: ffffc900034cf500
 mem_cgroup_commit_charge mm/memcontrol.c:2411 [inline]
 charge_memcg+0xfd/0x170 mm/memcontrol.c:4501
 __mem_cgroup_charge+0x27/0x80 mm/memcontrol.c:4512
 mem_cgroup_charge include/linux/memcontrol.h:646 [inline]
 folio_prealloc+0x4f/0x170 mm/memory.c:1067
 wp_page_copy mm/memory.c:3367 [inline]
 do_wp_page+0x1253/0x49b0 mm/memory.c:3759
 handle_pte_fault+0xfa5/0x5ed0 mm/memory.c:5817
 __handle_mm_fault mm/memory.c:5944 [inline]
 handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6112
 do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x2b9/0x8b0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:__put_user_4+0x11/0x20 arch/x86/lib/putuser.S:88
Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
RSP: 0018:ffffc900034cff00 EFLAGS: 00050202
RAX: 0000000000000475 RBX: 0000000000000000 RCX: 000055557447c7d0
RDX: 0000000000000000 RSI: ffffffff8c0aa960 RDI: ffffffff8c5faee0
RBP: ffff8880613be090 R08: ffffffff90197c37 R09: 1ffffffff2032f86
R10: dffffc0000000000 R11: fffffbfff2032f87 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000475 R15: dffffc0000000000
 schedule_tail+0x96/0xb0 kernel/sched/core.c:5304
 ret_from_fork+0x24/0x80 arch/x86/kernel/process.c:143
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Tainted: G        W         
-----------------------------
syz-executor/11180 is trying to lock:
ffffffff8f035d88 (crypto_default_null_skcipher_lock){+.+.}-{4:4}, at: crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
other info that might help us debug this:
context-{3:3}
2 locks held by syz-executor/11180:
 #0: ffff8880338f01e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline]
 #0: ffff8880338f01e0 (&mm->mmap_lock){++++}-{4:4}, at: get_mmap_lock_carefully mm/memory.c:6149 [inline]
 #0: ffff8880338f01e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0 mm/memory.c:6209
 #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
 #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
stack backtrace:
CPU: 0 UID: 0 PID: 11180 Comm: syz-executor Tainted: G        W          6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
 check_wait_context kernel/locking/lockdep.c:4898 [inline]
 __lock_acquire+0x15a8/0x2100 kernel/locking/lockdep.c:5176
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
 aead_release+0x3d/0x50 crypto/algif_aead.c:489
 alg_do_release crypto/af_alg.c:118 [inline]
 alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:memcg1_commit_charge+0x250/0x310 mm/memcontrol-v1.c:569
Code: 40 42 80 3c 23 00 74 08 4c 89 ff e8 da 10 f9 ff f6 44 24 41 02 75 71 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 20 0e 36 e0 45 <4b> c7 04 34 00 00 00 00 66 43 c7 44 34 09 00 00 43 c6 44 34 0b 00
RSP: 0018:ffffc900034cf4c0 EFLAGS: 00000206
RAX: 04afa6622f574200 RBX: 1ffff92000699ea0 RCX: ffffffff817b275a
RDX: dffffc0000000000 RSI: ffffffff8c0a9760 RDI: ffffffff8c5faee0
RBP: ffffc900034cf598 R08: ffffffff942a48b7 R09: 1ffffffff2854916
R10: dffffc0000000000 R11: fffffbfff2854917 R12: dffffc0000000000
R13: 0000000000000246 R14: 1ffff92000699e9c R15: ffffc900034cf500
 mem_cgroup_commit_charge mm/memcontrol.c:2411 [inline]
 charge_memcg+0xfd/0x170 mm/memcontrol.c:4501
 __mem_cgroup_charge+0x27/0x80 mm/memcontrol.c:4512
 mem_cgroup_charge include/linux/memcontrol.h:646 [inline]
 folio_prealloc+0x4f/0x170 mm/memory.c:1067
 wp_page_copy mm/memory.c:3367 [inline]
 do_wp_page+0x1253/0x49b0 mm/memory.c:3759
 handle_pte_fault+0xfa5/0x5ed0 mm/memory.c:5817
 __handle_mm_fault mm/memory.c:5944 [inline]
 handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6112
 do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x2b9/0x8b0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:__put_user_4+0x11/0x20 arch/x86/lib/putuser.S:88
Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
RSP: 0018:ffffc900034cff00 EFLAGS: 00050202
RAX: 0000000000000475 RBX: 0000000000000000 RCX: 000055557447c7d0
RDX: 0000000000000000 RSI: ffffffff8c0aa960 RDI: ffffffff8c5faee0
RBP: ffff8880613be090 R08: ffffffff90197c37 R09: 1ffffffff2032f86
R10: dffffc0000000000 R11: fffffbfff2032f87 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000475 R15: dffffc0000000000
 schedule_tail+0x96/0xb0 kernel/sched/core.c:5304
 ret_from_fork+0x24/0x80 arch/x86/kernel/process.c:143
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess):
   0:	40                   	rex
   1:	42 80 3c 23 00       	cmpb   $0x0,(%rbx,%r12,1)
   6:	74 08                	je     0x10
   8:	4c 89 ff             	mov    %r15,%rdi
   b:	e8 da 10 f9 ff       	call   0xfff910ea
  10:	f6 44 24 41 02       	testb  $0x2,0x41(%rsp)
  15:	75 71                	jne    0x88
  17:	41 f7 c5 00 02 00 00 	test   $0x200,%r13d
  1e:	74 01                	je     0x21
  20:	fb                   	sti
  21:	48 c7 44 24 20 0e 36 	movq   $0x45e0360e,0x20(%rsp)
  28:	e0 45
* 2a:	4b c7 04 34 00 00 00 	movq   $0x0,(%r12,%r14,1) <-- trapping instruction
  31:	00
  32:	66 43 c7 44 34 09 00 	movw   $0x0,0x9(%r12,%r14,1)
  39:	00
  3a:	43 c6 44 34 0b 00    	movb   $0x0,0xb(%r12,%r14,1)