bisecting cause commit starting from ff8744b5eb116fdf9b80a6ff774393afac7325bd building syzkaller on 9d2ab5dfe7727dfea4b9b279f4edf731acb386ef testing commit ff8744b5eb116fdf9b80a6ff774393afac7325bd with gcc (GCC) 10.2.1 20210217 kernel signature: 0620f9cc2d4b6021236cb50a2562ed1efa62c21b5430fdbaebe587fc15eeb2bb all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: ede0a6be35d02bcdc3983e7c04226f9d08a8bc9a29385bbaf2255819d572192e run #0: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #1: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #2: crashed: BUG: sleeping function called from invalid context in __fput run #3: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #4: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #5: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #6: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #7: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #8: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #9: crashed: BUG: sleeping function called from invalid context in __fdget_pos testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: eda73bd1168e31ee706a6dc1f8919152f9e2aafd3e115381cbb289df22ef7a0a all runs: OK # git bisect start 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 f40ddce88593482919761f74910f42f4b84c004b Bisecting: 6798 revisions left to test after this (roughly 13 steps) [d99676af540c2dc829999928fb81c58c80a1dce4] Merge tag 'drm-next-2021-02-19' of git://anongit.freedesktop.org/drm/drm testing commit d99676af540c2dc829999928fb81c58c80a1dce4 with gcc (GCC) 10.2.1 20210217 kernel signature: cb609147358150e8619397d2a5450955831bbce8fcba9c1542d473c53c9d6e51 all runs: OK # git bisect good d99676af540c2dc829999928fb81c58c80a1dce4 Bisecting: 3476 revisions left to test after this (roughly 12 steps) [69264b4a43aff7307283e2bae29e9305ab6b7d47] sparc: sparc64_defconfig: remove duplicate CONFIGs testing commit 69264b4a43aff7307283e2bae29e9305ab6b7d47 with gcc (GCC) 10.2.1 20210217 kernel signature: baab3cbbe25ad9e3a191fa372677d38df1ae76369dfdad8e4394941e57f18bb4 run #0: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #1: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #2: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #3: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #4: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #5: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #6: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #7: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #8: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #9: crashed: BUG: scheduling while atomic: syz-executor/ADDR # git bisect bad 69264b4a43aff7307283e2bae29e9305ab6b7d47 Bisecting: 1682 revisions left to test after this (roughly 11 steps) [3672ac8ac0d8bece188f82c48770bbe40f234f1e] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 3672ac8ac0d8bece188f82c48770bbe40f234f1e with gcc (GCC) 10.2.1 20210217 kernel signature: e7154280b0bc49d1ea112af56dad471be414c77c18745a6e05b8e3e307dfde7a all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad 3672ac8ac0d8bece188f82c48770bbe40f234f1e Bisecting: 880 revisions left to test after this (roughly 10 steps) [5d26c176d58bc3f9380b18ba2f51a1d863c6a5a0] Merge tag 'thermal-v5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux testing commit 5d26c176d58bc3f9380b18ba2f51a1d863c6a5a0 with gcc (GCC) 10.2.1 20210217 kernel signature: afff6889f34feecdb3c89a93fc6772b2a8b666e113b36d1be9579d432478266b all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad 5d26c176d58bc3f9380b18ba2f51a1d863c6a5a0 Bisecting: 347 revisions left to test after this (roughly 9 steps) [32c080c4b5cfadeb1d1d5952840d696d5cda8bb8] Merge branch 'i2c/for-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux testing commit 32c080c4b5cfadeb1d1d5952840d696d5cda8bb8 with gcc (GCC) 10.2.1 20210217 kernel signature: a2d4225dfa7644e6031adf8cdd21addadc57ac995f706b9b9d66370d385a22ed all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad 32c080c4b5cfadeb1d1d5952840d696d5cda8bb8 Bisecting: 198 revisions left to test after this (roughly 8 steps) [31caf8b2a847214be856f843e251fc2ed2cd1075] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 31caf8b2a847214be856f843e251fc2ed2cd1075 with gcc (GCC) 10.2.1 20210217 kernel signature: f82122e4317974e8dd63dc0b5c4d06adf42ef4773199a24b96a36a8e81e2180f all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad 31caf8b2a847214be856f843e251fc2ed2cd1075 Bisecting: 105 revisions left to test after this (roughly 7 steps) [416b846757bcea20006a9197e67ba3a8b5b2a680] crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) testing commit 416b846757bcea20006a9197e67ba3a8b5b2a680 with gcc (GCC) 10.2.1 20210217 kernel signature: f5879a32fab6900f66bfce01bed3caaf67bb39e7c93e24ddd52eccf58471390f all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad 416b846757bcea20006a9197e67ba3a8b5b2a680 Bisecting: 52 revisions left to test after this (roughly 6 steps) [d6cbf4eaa46794b173c691a71211d882398d7977] crypto: aesni - replace function pointers with static branches testing commit d6cbf4eaa46794b173c691a71211d882398d7977 with gcc (GCC) 10.2.1 20210217 kernel signature: 687bd0477a0d41706ff9df189fa2b8394393710bd5263cab337672975da05d01 all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad d6cbf4eaa46794b173c691a71211d882398d7977 Bisecting: 25 revisions left to test after this (roughly 5 steps) [256693a36203f51b0a3659c8b215a7026a03a3f1] hwrng: iproc-rng200 - Move enable/disable in separate function testing commit 256693a36203f51b0a3659c8b215a7026a03a3f1 with gcc (GCC) 10.2.1 20210217 kernel signature: 0b682abe29b43a099079a13e8409fa7094d4eb74ab1931ed7962f5262e98ff1b all runs: OK # git bisect good 256693a36203f51b0a3659c8b215a7026a03a3f1 Bisecting: 12 revisions left to test after this (roughly 4 steps) [28dcca4cc0c01e2467549a36b1b0eacfdb01236c] crypto: blake2b - sync with blake2s implementation testing commit 28dcca4cc0c01e2467549a36b1b0eacfdb01236c with gcc (GCC) 10.2.1 20210217 kernel signature: 9bf71d1cc972a6c1eaf67d361a49872f8fe7364161f2ef07f14c4180fc0df127 all runs: OK # git bisect good 28dcca4cc0c01e2467549a36b1b0eacfdb01236c Bisecting: 6 revisions left to test after this (roughly 3 steps) [622aae879c1d9449562e0cae353691a2a1f9eec0] crypto: vmx - Move extern declarations into header file testing commit 622aae879c1d9449562e0cae353691a2a1f9eec0 with gcc (GCC) 10.2.1 20210217 kernel signature: 2af771682d24e67727c7e9a98309f34b556cfac68263f2b09b94fb2546ece201 run #0: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #1: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #2: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #3: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #4: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #5: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #6: crashed: BUG: scheduling while atomic: syz-executor/ADDR run #7: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #8: crashed: BUG: sleeping function called from invalid context in __fdget_pos run #9: crashed: BUG: scheduling while atomic: syz-executor/ADDR # git bisect bad 622aae879c1d9449562e0cae353691a2a1f9eec0 Bisecting: 2 revisions left to test after this (roughly 2 steps) [fecff3b931a52c8d5263fb1537161f0214acb44a] crypto: picoxcell - Remove PicoXcell driver testing commit fecff3b931a52c8d5263fb1537161f0214acb44a with gcc (GCC) 10.2.1 20210217 kernel signature: 61fee74e05513684b95f2840105f14924a6dc4738038b87aa8179f89444ee260 all runs: OK # git bisect good fecff3b931a52c8d5263fb1537161f0214acb44a Bisecting: 0 revisions left to test after this (roughly 1 step) [2481104fe98d5b016fdd95d649b1235f21e491ba] crypto: x86/aes-ni-xts - rewrite and drop indirections via glue helper testing commit 2481104fe98d5b016fdd95d649b1235f21e491ba with gcc (GCC) 10.2.1 20210217 kernel signature: 2af771682d24e67727c7e9a98309f34b556cfac68263f2b09b94fb2546ece201 all runs: crashed: BUG: sleeping function called from invalid context in __fdget_pos # git bisect bad 2481104fe98d5b016fdd95d649b1235f21e491ba Bisecting: 0 revisions left to test after this (roughly 0 steps) [86ad60a65f29dd862a11c22bb4b5be28d6c5cef1] crypto: x86/aes-ni-xts - use direct calls to and 4-way stride testing commit 86ad60a65f29dd862a11c22bb4b5be28d6c5cef1 with gcc (GCC) 10.2.1 20210217 kernel signature: 5dc7756daf2ed13525208e57b66487845c1ce61858b60507e6798a454b5ef642 all runs: OK # git bisect good 86ad60a65f29dd862a11c22bb4b5be28d6c5cef1 2481104fe98d5b016fdd95d649b1235f21e491ba is the first bad commit commit 2481104fe98d5b016fdd95d649b1235f21e491ba Author: Ard Biesheuvel Date: Thu Dec 31 17:41:55 2020 +0100 crypto: x86/aes-ni-xts - rewrite and drop indirections via glue helper The AES-NI driver implements XTS via the glue helper, which consumes a struct with sets of function pointers which are invoked on chunks of input data of the appropriate size, as annotated in the struct. Let's get rid of this indirection, so that we can perform direct calls to the assembler helpers. Instead, let's adopt the arm64 strategy, i.e., provide a helper which can consume inputs of any size, provided that the penultimate, full block is passed via the last call if ciphertext stealing needs to be applied. This also allows us to enable the XTS mode for i386. Tested-by: Eric Biggers # x86_64 Signed-off-by: Ard Biesheuvel Reported-by: kernel test robot Reported-by: kernel test robot Reported-by: kernel test robot Signed-off-by: Herbert Xu arch/x86/crypto/aesni-intel_asm.S | 280 ++++++++++++++++++++++++++++++------- arch/x86/crypto/aesni-intel_glue.c | 220 ++++++++++++++++------------- crypto/Kconfig | 1 - 3 files changed, 356 insertions(+), 145 deletions(-) culprit signature: 2af771682d24e67727c7e9a98309f34b556cfac68263f2b09b94fb2546ece201 parent signature: 5dc7756daf2ed13525208e57b66487845c1ce61858b60507e6798a454b5ef642 revisions tested: 17, total time: 3h37m34.997408822s (build: 2h5m27.62022173s, test: 1h30m7.607870444s) first bad commit: 2481104fe98d5b016fdd95d649b1235f21e491ba crypto: x86/aes-ni-xts - rewrite and drop indirections via glue helper recipients (to): ["ardb@kernel.org" "davem@davemloft.net" "herbert@gondor.apana.org.au" "herbert@gondor.apana.org.au" "linux-crypto@vger.kernel.org"] recipients (cc): ["bp@alien8.de" "hpa@zytor.com" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "tglx@linutronix.de" "x86@kernel.org"] crash: BUG: sleeping function called from invalid context in __fdget_pos BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 10244, name: syz-executor.5 no locks held by syz-executor.5/10244. Preemption disabled at: [] kernel_fpu_begin+0x5b/0x1a0 arch/x86/kernel/fpu/core.c:126 CPU: 0 PID: 10244 Comm: syz-executor.5 Not tainted 5.11.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:120 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:7901 __mutex_lock_common kernel/locking/mutex.c:935 [inline] __mutex_lock+0xa9/0x1110 kernel/locking/mutex.c:1103 __fdget_pos+0x9c/0xb0 fs/file.c:949 fdget_pos include/linux/file.h:75 [inline] ksys_read+0x65/0x1d0 fs/read_write.c:625 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x41935c Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 RSP: 002b:00007fe6e2250170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000041935c RDX: 000000000000000f RSI: 00007fe6e22501e0 RDI: 0000000000000005 RBP: 00007fe6e22501d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc01b3818f R14: 00007fe6e2250300 R15: 0000000000022000 BUG: scheduling while atomic: syz-executor.5/10244/0x00000002 no locks held by syz-executor.5/10244. Modules linked in: Preemption disabled at: [] kernel_fpu_begin+0x5b/0x1a0 arch/x86/kernel/fpu/core.c:126