bisecting fixing commit since 174651bdf802a2139065e8e31ce950e2f3fc4a94 building syzkaller on b20883285d2350f5694399287b7f03478a3036c6 testing commit 174651bdf802a2139065e8e31ce950e2f3fc4a94 with gcc (GCC) 8.1.0 kernel signature: da899879c251fe5cdfe6eb1645e98a37a70d743e4c593cf5f19af84ffdff3e3e all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested testing current HEAD 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b testing commit 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b with gcc (GCC) 8.1.0 kernel signature: d0ee39d7ad0916c3d91a91b718dd5308dd7d40cfd438ea0b5d9b9a9c8f5eaf5a all runs: OK # git bisect start 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b 174651bdf802a2139065e8e31ce950e2f3fc4a94 Bisecting: 1166 revisions left to test after this (roughly 10 steps) [b9fffe57eaaa8a1b03a8bd5be74d6a7607d74c68] mm/zsmalloc.c: fix the migrated zspage statistics. testing commit b9fffe57eaaa8a1b03a8bd5be74d6a7607d74c68 with gcc (GCC) 8.1.0 kernel signature: 1ec8eff9a4613e440c522a42a492b77884664b6f6535a0c332f475d10414800b run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: WARNING: suspicious RCU usage in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good b9fffe57eaaa8a1b03a8bd5be74d6a7607d74c68 Bisecting: 583 revisions left to test after this (roughly 9 steps) [4738e916fb3c2f3fdc2a286ede43dc7a7b50132a] net: dsa: b53: Do not program CPU port's PVID testing commit 4738e916fb3c2f3fdc2a286ede43dc7a7b50132a with gcc (GCC) 8.1.0 kernel signature: 34eacec333a51d196ac8f70b9aa9bd49c35b2f3f7bf60ee9b865ee3a681386ec all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 4738e916fb3c2f3fdc2a286ede43dc7a7b50132a Bisecting: 291 revisions left to test after this (roughly 8 steps) [50176c0d22ea2347867c6196c99b0f778f81f7be] net: fix bpf_xdp_adjust_head regression for generic-XDP testing commit 50176c0d22ea2347867c6196c99b0f778f81f7be with gcc (GCC) 8.1.0 kernel signature: 8911231b9a7f5a978c2ecc7108c8940437eed020eef6755ad9ebe4036758f939 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: WARNING: suspicious RCU usage in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 50176c0d22ea2347867c6196c99b0f778f81f7be Bisecting: 145 revisions left to test after this (roughly 7 steps) [d3b5ecceea7dc3ce36c5306b3e45bd75cd192291] gtp: make sure only SOCK_DGRAM UDP sockets are accepted testing commit d3b5ecceea7dc3ce36c5306b3e45bd75cd192291 with gcc (GCC) 8.1.0 kernel signature: d6fd7c9dc95e59fc202a291f5d0d90ff16c81abc9fc2c9b6e54f0b6803b558cf all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good d3b5ecceea7dc3ce36c5306b3e45bd75cd192291 Bisecting: 72 revisions left to test after this (roughly 6 steps) [8893b51a89600e6a8d7d79f397b6427edb508f7b] mm, memory_hotplug: update a comment in unregister_memory() testing commit 8893b51a89600e6a8d7d79f397b6427edb508f7b with gcc (GCC) 8.1.0 kernel signature: c19189da42f42d51fa84a048e12f473c76b255d50a1fc4f1b804e4e01a55b0dd all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 8893b51a89600e6a8d7d79f397b6427edb508f7b Bisecting: 36 revisions left to test after this (roughly 5 steps) [c477154f17a2066d37fbfa54d88ebc7fbbae2e63] ath9k: fix storage endpoint lookup testing commit c477154f17a2066d37fbfa54d88ebc7fbbae2e63 with gcc (GCC) 8.1.0 kernel signature: eb38a86afbda36d9efdba6d945a2e32e6fbb3eb493bcc26da73c4b2e96411bd2 all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good c477154f17a2066d37fbfa54d88ebc7fbbae2e63 Bisecting: 18 revisions left to test after this (roughly 4 steps) [94c9249dc8d727edd04af8b88eec317770925275] net: wan: sdla: Fix cast from pointer to integer of different size testing commit 94c9249dc8d727edd04af8b88eec317770925275 with gcc (GCC) 8.1.0 kernel signature: 00b4804b62a952290c1484b5ac141ab7ff867419067b980f278ba67d54c6004e all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 94c9249dc8d727edd04af8b88eec317770925275 Bisecting: 9 revisions left to test after this (roughly 3 steps) [6c11530ea420d144038694fd01a2d15b8e58cf11] sched/fair: Add tmp_alone_branch assertion testing commit 6c11530ea420d144038694fd01a2d15b8e58cf11 with gcc (GCC) 8.1.0 kernel signature: 573d591767405ab6a4b40660a915c950cc71c607e93b2ea9fe5e15954560b747 all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 6c11530ea420d144038694fd01a2d15b8e58cf11 Bisecting: 4 revisions left to test after this (roughly 2 steps) [6b544caa07e5672b69f2a8e5f80d72fa4ecf7671] crypto: af_alg - Use bh_lock_sock in sk_destruct testing commit 6b544caa07e5672b69f2a8e5f80d72fa4ecf7671 with gcc (GCC) 8.1.0 kernel signature: 68bcf5a82c60ae3c8301cf931ad4ee029e98f0d545dcd03d411cdb7c3aa7d64c all runs: OK # git bisect bad 6b544caa07e5672b69f2a8e5f80d72fa4ecf7671 Bisecting: 2 revisions left to test after this (roughly 1 step) [1b6b6371784977c2fb2353c63ffc260b46f17f96] rsi: fix use-after-free on probe errors testing commit 1b6b6371784977c2fb2353c63ffc260b46f17f96 with gcc (GCC) 8.1.0 kernel signature: 8553d176d3352c6f85d9dd0fd62d8a8c242abaa571e9bea6e37196e6c576ccec all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 1b6b6371784977c2fb2353c63ffc260b46f17f96 Bisecting: 0 revisions left to test after this (roughly 1 step) [5c1187d168953838fceb281fadc404621a5a091b] rsi: fix non-atomic allocation in completion handler testing commit 5c1187d168953838fceb281fadc404621a5a091b with gcc (GCC) 8.1.0 kernel signature: 7d1d3f0d7459e4e0a25cbcc426181ea23f41f4884315e8cdb6ab4980b14574a5 all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested # git bisect good 5c1187d168953838fceb281fadc404621a5a091b 6b544caa07e5672b69f2a8e5f80d72fa4ecf7671 is the first bad commit commit 6b544caa07e5672b69f2a8e5f80d72fa4ecf7671 Author: Herbert Xu Date: Thu Dec 5 13:45:05 2019 +0800 crypto: af_alg - Use bh_lock_sock in sk_destruct commit 37f96694cf73ba116993a9d2d99ad6a75fa7fdb0 upstream. As af_alg_release_parent may be called from BH context (most notably due to an async request that only completes after socket closure, or as reported here because of an RCU-delayed sk_destruct call), we must use bh_lock_sock instead of lock_sock. Reported-by: syzbot+c2f1558d49e25cc36e5e@syzkaller.appspotmail.com Reported-by: Eric Dumazet Fixes: c840ac6af3f8 ("crypto: af_alg - Disallow bind/setkey/...") Cc: Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman crypto/af_alg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) culprit signature: 68bcf5a82c60ae3c8301cf931ad4ee029e98f0d545dcd03d411cdb7c3aa7d64c parent signature: 7d1d3f0d7459e4e0a25cbcc426181ea23f41f4884315e8cdb6ab4980b14574a5 revisions tested: 13, total time: 2h57m27.299242202s (build: 1h57m44.346970538s, test: 58m20.45286918s) first good commit: 6b544caa07e5672b69f2a8e5f80d72fa4ecf7671 crypto: af_alg - Use bh_lock_sock in sk_destruct cc: ["davem@davemloft.net" "gregkh@linuxfoundation.org" "herbert@gondor.apana.org.au" "linux-crypto@vger.kernel.org" "linux-kernel@vger.kernel.org"]