WARNING in __might_sleep
16 views
Skip to first unread message
syzbot
Apr 22, 2018, 10:02:05 PM4/22/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot hit the following crash on upstream commit
285848b0f4074f04ab606f1e5dca296482033d54 (Sun Apr 22 04:20:48 2018 +0000)
Merge tag 'random_for_linus_stable' of
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=5716967ee703d0209874
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6408984483332096
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ar...@arndb.de gre...@linuxfoundation.org linux-...@vger.kernel.org
ty...@mit.edu]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+571696...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
kernel msg: ebtables bug: please report to author: bad policy
kernel msg: ebtables bug: please report to author: bad policy
IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc
------------[ cut here ]------------
do not call blocking ops when !TASK_RUNNING; state=2 set at [<
(ptrval)>] prepare_to_wait+0x126/0x4d0 kernel/sched/wait.c:229
WARNING: CPU: 0 PID: 2271 at kernel/sched/core.c:6139
__might_sleep+0x13d/0x190 kernel/sched/core.c:6134
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2271 Comm: jbd2/sda1-8 Not tainted 4.17.0-rc1+ #12
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
panic+0x22f/0x4de kernel/panic.c:184
__warn.cold.8+0x163/0x1b3 kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:__might_sleep+0x13d/0x190 kernel/sched/core.c:6134
RSP: 0000:ffff8801dae07930 EFLAGS: 00010082
RAX: 000000000000006c RBX: ffff8801cc538240 RCX: ffffffff818432e8
RDX: 0000000000010000 RSI: ffffffff8160f4e1 RDI: 0000000000000001
RBP: ffff8801dae07960 R08: ffff8801cc538240 R09: ffffed003b5c3eb2
R10: ffffed003b5c3eb2 R11: ffff8801dae1f597 R12: ffffffff889d450d
R13: 00000000000001a5 R14: 0000000000000000 R15: 00000000014088c0
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3378 [inline]
__do_kmalloc mm/slab.c:3716 [inline]
__kmalloc+0x2b9/0x760 mm/slab.c:3727
kmalloc_array include/linux/slab.h:631 [inline]
kcalloc include/linux/slab.h:642 [inline]
numa_crng_init drivers/char/random.c:798 [inline]
crng_reseed+0x427/0x920 drivers/char/random.c:923
credit_entropy_bits+0x98d/0xa30 drivers/char/random.c:708
add_interrupt_randomness+0x494/0x860 drivers/char/random.c:1254
handle_irq_event_percpu+0xf9/0x1c0 kernel/irq/handle.c:191
handle_irq_event+0xa7/0x135 kernel/irq/handle.c:206
handle_edge_irq+0x20f/0x870 kernel/irq/chip.c:791
generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
handle_irq+0x18c/0x2e7 arch/x86/kernel/irq_64.c:77
do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:245
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:642
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:783
[inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa1/0xc0
kernel/locking/spinlock.c:184
RSP: 0000:ffff8801cc546b10 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffda
RAX: dffffc0000000000 RBX: 0000000000000286 RCX: 0000000000000000
RDX: 1ffffffff11a312d RSI: 0000000000000001 RDI: 0000000000000286
RBP: ffff8801cc546b20 R08: fffffbfff1181563 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88c0ab10
R13: ffff8801cc538240 R14: 0000000000000002 R15: ffffffff88c0ab48
spin_unlock_irqrestore include/linux/spinlock.h:365 [inline]
prepare_to_wait+0x194/0x4d0 kernel/sched/wait.c:232
__wait_on_bit+0x58/0x130 kernel/sched/wait_bit.c:46
out_of_line_wait_on_bit+0x204/0x3a0 kernel/sched/wait_bit.c:63
wait_on_bit_io include/linux/wait_bit.h:101 [inline]
__wait_on_buffer+0x76/0x90 fs/buffer.c:118
wait_on_buffer include/linux/buffer_head.h:356 [inline]
journal_wait_on_commit_record fs/jbd2/commit.c:174 [inline]
jbd2_journal_commit_transaction+0x655b/0x8c18 fs/jbd2/commit.c:865
kjournald2+0x26c/0xb30 fs/jbd2/journal.c:229
kthread+0x345/0x410 kernel/kthread.c:238
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot hit the following crash on upstream commit
285848b0f4074f04ab606f1e5dca296482033d54 (Sun Apr 22 04:20:48 2018 +0000)
Merge tag 'random_for_linus_stable' of
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=5716967ee703d0209874
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6408984483332096
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ar...@arndb.de gre...@linuxfoundation.org linux-...@vger.kernel.org
ty...@mit.edu]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+571696...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
kernel msg: ebtables bug: please report to author: bad policy
kernel msg: ebtables bug: please report to author: bad policy
IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc
------------[ cut here ]------------
do not call blocking ops when !TASK_RUNNING; state=2 set at [<
(ptrval)>] prepare_to_wait+0x126/0x4d0 kernel/sched/wait.c:229
WARNING: CPU: 0 PID: 2271 at kernel/sched/core.c:6139
__might_sleep+0x13d/0x190 kernel/sched/core.c:6134
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2271 Comm: jbd2/sda1-8 Not tainted 4.17.0-rc1+ #12
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
panic+0x22f/0x4de kernel/panic.c:184
__warn.cold.8+0x163/0x1b3 kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:__might_sleep+0x13d/0x190 kernel/sched/core.c:6134
RSP: 0000:ffff8801dae07930 EFLAGS: 00010082
RAX: 000000000000006c RBX: ffff8801cc538240 RCX: ffffffff818432e8
RDX: 0000000000010000 RSI: ffffffff8160f4e1 RDI: 0000000000000001
RBP: ffff8801dae07960 R08: ffff8801cc538240 R09: ffffed003b5c3eb2
R10: ffffed003b5c3eb2 R11: ffff8801dae1f597 R12: ffffffff889d450d
R13: 00000000000001a5 R14: 0000000000000000 R15: 00000000014088c0
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3378 [inline]
__do_kmalloc mm/slab.c:3716 [inline]
__kmalloc+0x2b9/0x760 mm/slab.c:3727
kmalloc_array include/linux/slab.h:631 [inline]
kcalloc include/linux/slab.h:642 [inline]
numa_crng_init drivers/char/random.c:798 [inline]
crng_reseed+0x427/0x920 drivers/char/random.c:923
credit_entropy_bits+0x98d/0xa30 drivers/char/random.c:708
add_interrupt_randomness+0x494/0x860 drivers/char/random.c:1254
handle_irq_event_percpu+0xf9/0x1c0 kernel/irq/handle.c:191
handle_irq_event+0xa7/0x135 kernel/irq/handle.c:206
handle_edge_irq+0x20f/0x870 kernel/irq/chip.c:791
generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
handle_irq+0x18c/0x2e7 arch/x86/kernel/irq_64.c:77
do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:245
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:642
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:783
[inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa1/0xc0
kernel/locking/spinlock.c:184
RSP: 0000:ffff8801cc546b10 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffda
RAX: dffffc0000000000 RBX: 0000000000000286 RCX: 0000000000000000
RDX: 1ffffffff11a312d RSI: 0000000000000001 RDI: 0000000000000286
RBP: ffff8801cc546b20 R08: fffffbfff1181563 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88c0ab10
R13: ffff8801cc538240 R14: 0000000000000002 R15: ffffffff88c0ab48
spin_unlock_irqrestore include/linux/spinlock.h:365 [inline]
prepare_to_wait+0x194/0x4d0 kernel/sched/wait.c:232
__wait_on_bit+0x58/0x130 kernel/sched/wait_bit.c:46
out_of_line_wait_on_bit+0x204/0x3a0 kernel/sched/wait_bit.c:63
wait_on_bit_io include/linux/wait_bit.h:101 [inline]
__wait_on_buffer+0x76/0x90 fs/buffer.c:118
wait_on_buffer include/linux/buffer_head.h:356 [inline]
journal_wait_on_commit_record fs/jbd2/commit.c:174 [inline]
jbd2_journal_commit_transaction+0x655b/0x8c18 fs/jbd2/commit.c:865
kjournald2+0x26c/0xb30 fs/jbd2/journal.c:229
kthread+0x345/0x410 kernel/kthread.c:238
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot
Apr 23, 2018, 7:00:24 AM4/23/18
to Tetsuo Handa, penguin...@i-love.sakura.ne.jp, syzkaller-upst...@googlegroups.com
> A bug triggered by doing GFP_KERNEL | __GFP_NOFAIL allocation attempt
> from IRQ context.
> #syz dup: WARNING: inconsistent lock state
Dup bug is already upstreamed.
> from IRQ context.
> #syz dup: WARNING: inconsistent lock state
Dup bug is already upstreamed.
Dmitry Vyukov
Apr 23, 2018, 7:03:02 AM4/23/18
to syzbot, Tetsuo Handa, 'Dmitry Vyukov' via syzkaller-upstream-moderation
fixed right here.
Reply all
Reply to author
Forward
0 new messages