* [syzbot] INFO: task hung in io_uring_cancel_generic
@ 2021-07-11 12:24 syzbot
2021-07-11 13:54 ` Jens Axboe
0 siblings, 1 reply; 8+ messages in thread
From: syzbot @ 2021-07-11 12:24 UTC (permalink / raw)
To: asml.silence, axboe, io-uring, linux-kernel, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 3dbdb38e Merge branch 'for-5.14' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14cd9efbd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a1fcf15a09815757
dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bbf280300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1111ec9c300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
INFO: task syz-executor015:8439 blocked for more than 143 seconds.
Tainted: G W 5.13.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor015 state:D stack:28184 pid: 8439 ppid: 8438 flags:0x00000004
Call Trace:
context_switch kernel/sched/core.c:4683 [inline]
__schedule+0x934/0x2710 kernel/sched/core.c:5940
schedule+0xd3/0x270 kernel/sched/core.c:6019
io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9203
io_uring_files_cancel include/linux/io_uring.h:16 [inline]
do_exit+0x28b/0x2a50 kernel/exit.c:780
do_group_exit+0x125/0x310 kernel/exit.c:922
__do_sys_exit_group kernel/exit.c:933 [inline]
__se_sys_exit_group kernel/exit.c:931 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43eac9
RSP: 002b:00007ffc2d1b6378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00000000004b02f0 RCX: 000000000043eac9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00000000f0ffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004b02f0
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
INFO: lockdep is turned off.
NMI backtrace for cpu 0
CPU: 0 PID: 1650 Comm: khungtaskd Tainted: G W 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96
nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
watchdog+0xd4b/0xfb0 kernel/hung_task.c:294
kthread+0x3e5/0x4d0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1c6/0x250 drivers/acpi/processor_idle.c:553
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 12:24 [syzbot] INFO: task hung in io_uring_cancel_generic syzbot @ 2021-07-11 13:54 ` Jens Axboe 2021-07-11 14:39 ` syzbot 0 siblings, 1 reply; 8+ messages in thread From: Jens Axboe @ 2021-07-11 13:54 UTC (permalink / raw) To: syzbot, asml.silence, io-uring, linux-kernel, syzkaller-bugs On 7/11/21 6:24 AM, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 3dbdb38e Merge branch 'for-5.14' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=14cd9efbd00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=a1fcf15a09815757 > dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bbf280300000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1111ec9c300000 > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: [email protected] > > INFO: task syz-executor015:8439 blocked for more than 143 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor015 state:D stack:28184 pid: 8439 ppid: 8438 flags:0x00000004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9203 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > __do_sys_exit_group kernel/exit.c:933 [inline] > __se_sys_exit_group kernel/exit.c:931 [inline] > __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x43eac9 > RSP: 002b:00007ffc2d1b6378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 > RAX: ffffffffffffffda RBX: 00000000004b02f0 RCX: 000000000043eac9 > RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 > RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00000000f0ffffff > R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004b02f0 > R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 > INFO: lockdep is turned off. > NMI backtrace for cpu 0 > CPU: 0 PID: 1650 Comm: khungtaskd Tainted: G W 5.13.0-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:79 [inline] > dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96 > nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 > nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 > trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] > check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] > watchdog+0xd4b/0xfb0 kernel/hung_task.c:294 > kthread+0x3e5/0x4d0 kernel/kthread.c:319 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 > Sending NMI from CPU 0 to CPUs 1: > NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] > NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] > NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline] > NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1c6/0x250 drivers/acpi/processor_idle.c:553 #syz test: git://git.kernel.dk/linux-block io_uring-5.14 -- Jens Axboe ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 13:54 ` Jens Axboe @ 2021-07-11 14:39 ` syzbot 2021-07-11 14:45 ` Jens Axboe 0 siblings, 1 reply; 8+ messages in thread From: syzbot @ 2021-07-11 14:39 UTC (permalink / raw) To: asml.silence, axboe, io-uring, linux-kernel, syzkaller-bugs Hello, syzbot tried to test the proposed patch but the build/boot failed: ace driver bcm203x [ 9.302351][ T1] usbcore: registered new interface driver bpa10x [ 9.303473][ T1] usbcore: registered new interface driver bfusb [ 9.305628][ T1] usbcore: registered new interface driver btusb [ 9.306881][ T1] usbcore: registered new interface driver ath3k [ 9.308526][ T1] CAPI 2.0 started up with major 68 (middleware) [ 9.309416][ T1] Modular ISDN core version 1.1.29 [ 9.310922][ T1] NET: Registered PF_ISDN protocol family [ 9.312213][ T1] DSP module 2.0 [ 9.312966][ T1] mISDN_dsp: DSP clocks every 80 samples. This equals 1 jiffies. [ 9.327662][ T1] mISDN: Layer-1-over-IP driver Rev. 2.00 [ 9.329185][ T1] 0 virtual devices registered [ 9.330263][ T1] usbcore: registered new interface driver HFC-S_USB [ 9.331803][ T1] VUB300 Driver rom wait states = 1C irqpoll timeout = 0400 [ 9.332793][ T1] usbcore: registered new interface driver vub300 [ 9.335457][ T1] usbcore: registered new interface driver ushc [ 9.342005][ T1] iscsi: registered transport (iser) [ 9.343604][ T1] SoftiWARP attached [ 9.344289][ T1] Driver 'framebuffer' was unable to register with bus_type 'coreboot' because the bus was not initialized. [ 9.346043][ T1] Driver 'memconsole' was unable to register with bus_type 'coreboot' because the bus was not initialized. [ 9.347617][ T1] Driver 'vpd' was unable to register with bus_type 'coreboot' because the bus was not initialized. [ 9.357668][ T1] hid: raw HID events driver (C) Jiri Kosina [ 9.385985][ T1] usbcore: registered new interface driver usbhid [ 9.387037][ T1] usbhid: USB HID core driver [ 9.390066][ T1] usbcore: registered new interface driver es2_ap_driver [ 9.393006][ T1] comedi: version 0.7.76 - http://www.comedi.org [ 9.394302][ T1] usbcore: registered new interface driver dt9812 [ 9.395545][ T1] usbcore: registered new interface driver ni6501 [ 9.396763][ T1] usbcore: registered new interface driver usbdux [ 9.397991][ T1] usbcore: registered new interface driver usbduxfast [ 9.399198][ T1] usbcore: registered new interface driver usbduxsigma [ 9.402039][ T1] usbcore: registered new interface driver vmk80xx [ 9.403629][ T1] usbcore: registered new interface driver prism2_usb [ 9.405013][ T1] usbcore: registered new interface driver r8712u [ 9.407131][ T1] ashmem: initialized [ 9.408362][ T1] greybus: registered new driver hid [ 9.409362][ T1] greybus: registered new driver gbphy [ 9.410305][ T1] gb_gbphy: registered new driver usb [ 9.411889][ T1] asus_wmi: ASUS WMI generic driver loaded [ 9.486305][ T1] usbcore: registered new interface driver snd-usb-audio [ 9.487650][ T1] usbcore: registered new interface driver snd-ua101 [ 9.488918][ T1] usbcore: registered new interface driver snd-usb-usx2y [ 9.492672][ T1] usbcore: registered new interface driver snd-usb-us122l [ 9.494778][ T1] usbcore: registered new interface driver snd-usb-caiaq [ 9.496007][ T1] usbcore: registered new interface driver snd-usb-6fire [ 9.497262][ T1] usbcore: registered new interface driver snd-usb-hiface [ 9.498782][ T1] usbcore: registered new interface driver snd-bcd2000 [ 9.499887][ T1] usbcore: registered new interface driver snd_usb_pod [ 9.501897][ T1] usbcore: registered new interface driver snd_usb_podhd [ 9.503388][ T1] usbcore: registered new interface driver snd_usb_toneport [ 9.505421][ T1] usbcore: registered new interface driver snd_usb_variax [ 9.506582][ T1] drop_monitor: Initializing network drop monitor service [ 9.508642][ T1] NET: Registered PF_LLC protocol family [ 9.509528][ T1] GACT probability on [ 9.510771][ T1] Mirror/redirect action on [ 9.511554][ T1] Simple TC action Loaded [ 9.514496][ T1] netem: version 1.3 [ 9.515461][ T1] u32 classifier [ 9.515990][ T1] Performance counters on [ 9.516615][ T1] input device check on [ 9.517586][ T1] Actions configured [ 9.519992][ T1] nf_conntrack_irc: failed to register helpers [ 9.521431][ T1] nf_conntrack_sane: failed to register helpers [ 9.558483][ T1] nf_conntrack_sip: failed to register helpers [ 9.563419][ T1] xt_time: kernel timezone is -0000 [ 9.564476][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP) [ 9.565840][ T1] IPVS: Connection hash table configured (size=4096, memory=64Kbytes) [ 9.567503][ T1] IPVS: ipvs loaded. [ 9.568192][ T1] IPVS: [rr] scheduler registered. [ 9.568956][ T1] IPVS: [wrr] scheduler registered. [ 9.569738][ T1] IPVS: [lc] scheduler registered. [ 9.570511][ T1] IPVS: [wlc] scheduler registered. [ 9.571373][ T1] IPVS: [fo] scheduler registered. [ 9.572445][ T1] IPVS: [ovf] scheduler registered. [ 9.573312][ T1] IPVS: [lblc] scheduler registered. [ 9.574091][ T1] IPVS: [lblcr] scheduler registered. [ 9.575006][ T1] IPVS: [dh] scheduler registered. [ 9.575796][ T1] IPVS: [sh] scheduler registered. [ 9.576720][ T1] IPVS: [mh] scheduler registered. [ 9.577462][ T1] IPVS: [sed] scheduler registered. [ 9.578179][ T1] IPVS: [nq] scheduler registered. [ 9.578924][ T1] IPVS: [twos] scheduler registered. [ 9.580010][ T1] IPVS: [sip] pe registered. [ 9.580916][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver [ 9.583382][ T1] gre: GRE over IPv4 demultiplexor driver [ 9.584183][ T1] ip_gre: GRE over IPv4 tunneling driver [ 9.589932][ T1] IPv4 over IPsec tunneling driver [ 9.593837][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 9.594983][ T1] Initializing XFRM netlink socket [ 9.596079][ T1] IPsec XFRM device driver [ 9.598464][ T1] NET: Registered PF_INET6 protocol family [ 9.608978][ T1] Segment Routing with IPv6 [ 9.609706][ T1] RPL Segment Routing with IPv6 [ 9.610809][ T1] mip6: Mobile IPv6 [ 9.615121][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver [ 9.619694][ T1] ip6_gre: GRE over IPv6 tunneling driver [ 9.622557][ T1] NET: Registered PF_PACKET protocol family [ 9.623545][ T1] NET: Registered PF_KEY protocol family [ 9.624882][ T1] Bridge firewalling registered [ 9.626399][ T1] NET: Registered PF_X25 protocol family [ 9.627654][ T1] X25: Linux Version 0.2 [ 9.658018][ T1] NET: Registered PF_NETROM protocol family [ 9.690465][ T1] NET: Registered PF_ROSE protocol family [ 9.691536][ T1] NET: Registered PF_AX25 protocol family [ 9.692549][ T1] can: controller area network core [ 9.693668][ T1] NET: Registered PF_CAN protocol family [ 9.694924][ T1] can: raw protocol [ 9.695672][ T1] can: broadcast manager protocol [ 9.696412][ T1] can: netlink gateway - max_hops=1 [ 9.698003][ T1] can: SAE J1939 [ 9.698531][ T1] can: isotp protocol [ 9.699817][ T1] Bluetooth: RFCOMM TTY layer initialized [ 9.702356][ T1] Bluetooth: RFCOMM socket layer initialized [ 9.703679][ T1] Bluetooth: RFCOMM ver 1.11 [ 9.704852][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 9.705927][ T1] Bluetooth: BNEP filters: protocol multicast [ 9.706958][ T1] Bluetooth: BNEP socket layer initialized [ 9.707792][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0 [ 9.708751][ T1] Bluetooth: CMTP socket layer initialized [ 9.709753][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2 [ 9.710823][ T1] Bluetooth: HIDP socket layer initialized [ 9.714808][ T1] NET: Registered PF_RXRPC protocol family [ 9.715884][ T1] Key type rxrpc registered [ 9.716522][ T1] Key type rxrpc_s registered [ 9.718643][ T1] NET: Registered PF_KCM protocol family [ 9.720344][ T1] lec:lane_module_init: lec.c: initialized [ 9.721491][ T1] mpoa:atm_mpoa_init: mpc.c: initialized [ 9.722893][ T1] l2tp_core: L2TP core driver, V2.0 [ 9.723943][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0 [ 9.724919][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3) [ 9.726037][ T1] l2tp_netlink: L2TP netlink interface [ 9.726945][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3) [ 9.728211][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3) [ 9.729626][ T1] NET: Registered PF_PHONET protocol family [ 9.731015][ T1] 8021q: 802.1Q VLAN Support v1.8 [ 9.740161][ T1] DCCP: Activated CCID 2 (TCP-like) [ 9.741707][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control) [ 9.744573][ T1] sctp: Hash tables configured (bind 32/56) [ 9.747220][ T1] NET: Registered PF_RDS protocol family [ 9.749148][ T1] Registered RDS/infiniband transport [ 9.750956][ T1] Registered RDS/tcp transport [ 9.751705][ T1] tipc: Activated (version 2.0.0) [ 9.752972][ T1] NET: Registered PF_TIPC protocol family [ 9.754278][ T1] tipc: Started in single node mode [ 9.755659][ T1] NET: Registered PF_SMC protocol family [ 9.756824][ T1] 9pnet: Installing 9P2000 support [ 9.757958][ T1] NET: Registered PF_CAIF protocol family [ 9.763274][ T1] NET: Registered PF_IEEE802154 protocol family [ 9.764544][ T1] Key type dns_resolver registered [ 9.765265][ T1] Key type ceph registered [ 9.766634][ T1] libceph: loaded (mon/osd proto 15/24) [ 9.769906][ T1] batman_adv: B.A.T.M.A.N. advanced 2021.2 (compatibility version 15) loaded [ 9.771371][ T1] openvswitch: Open vSwitch switching datapath [ 9.774437][ T1] NET: Registered PF_VSOCK protocol family [ 9.775493][ T1] mpls_gso: MPLS GSO support [ 9.785657][ T1] IPI shorthand broadcast: enabled [ 9.786804][ T1] AVX2 version of gcm_enc/dec engaged. [ 9.787910][ T1] AES CTR mode by8 optimization enabled [ 9.794810][ T1] sched_clock: Marking stable (9773193399, 21522192)->(9795960439, -1244848) [ 9.797259][ T1] registered taskstats version 1 [ 9.805286][ T1] Loading compiled-in X.509 certificates [ 9.807833][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77' [ 9.810756][ T1] zswap: loaded using pool lzo/zbud [ 9.812477][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers [ 9.814730][ T1] Key type ._fscrypt registered [ 9.815701][ T1] Key type .fscrypt registered [ 9.816492][ T1] Key type fscrypt-provisioning registered [ 9.819908][ T1] kAFS: Red Hat AFS client v0.1 registering. [ 9.821630][ T1] FS-Cache: Netfs 'afs' registered for caching [ 9.829938][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes [ 9.832751][ T1] Key type big_key registered [ 9.836164][ T1] Key type encrypted registered [ 9.836954][ T1] AppArmor: AppArmor sha1 policy hashing enabled [ 9.837875][ T1] ima: No TPM chip found, activating TPM-bypass! [ 9.838746][ T1] Loading compiled-in module X.509 certificates [ 9.840036][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77' [ 9.841866][ T1] ima: Allocated hash algorithm: sha256 [ 9.842970][ T1] ima: No architecture policies found [ 9.844189][ T1] evm: Initialising EVM extended attributes: [ 9.845100][ T1] evm: security.selinux (disabled) [ 9.845782][ T1] evm: security.SMACK64 (disabled) [ 9.846463][ T1] evm: security.SMACK64EXEC (disabled) [ 9.847188][ T1] evm: security.SMACK64TRANSMUTE (disabled) [ 9.848128][ T1] evm: security.SMACK64MMAP (disabled) [ 9.848898][ T1] evm: security.apparmor [ 9.849482][ T1] evm: security.ima [ 9.850284][ T1] evm: security.capability [ 9.851141][ T1] evm: HMAC attrs: 0x1 [ 9.851611][ T855] floppy0: no floppy controllers found [ 9.853250][ T855] work still pending [ 9.854504][ T1] PM: Magic number: 13:793:535 [ 9.855444][ T1] usb usb35-port4: hash matches [ 9.857025][ T1] bdi 1:13: hash matches [ 9.859054][ T1] printk: console [netcon0] enabled [ 9.859823][ T1] netconsole: network logging started [ 9.860932][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes) [ 9.863283][ T1] rdma_rxe: loaded [ 9.865260][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database [ 9.868221][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' [ 9.870545][ T7] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 9.871871][ T1] ALSA device list: [ 9.872225][ T7] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 9.872637][ T1] #0: Dummy 1 [ 9.874348][ T1] #1: Loopback 1 [ 9.874960][ T1] #2: Virtual MIDI Card 1 [ 9.877845][ T1] md: Waiting for all devices to be available before autodetect [ 9.879094][ T1] md: If you don't use raid, use raid=noautodetect [ 9.880372][ T1] md: Autodetecting RAID arrays. [ 9.881327][ T1] md: autorun ... [ 9.881824][ T1] md: ... autorun DONE. [ 9.885213][ T1] VFS: Cannot open root device "sda1" or unknown-block(0,0): error -6 [ 9.886783][ T1] Please append a correct "root=" boot option; here are the available partitions: [ 9.888572][ T1] 0100 4096 ram0 [ 9.888583][ T1] (driver?) [ 9.889669][ T1] 0101 4096 ram1 [ 9.889677][ T1] (driver?) [ 9.890870][ T1] 0102 4096 ram2 [ 9.890884][ T1] (driver?) [ 9.892018][ T1] 0103 4096 ram3 [ 9.892027][ T1] (driver?) [ 9.893121][ T1] 0104 4096 ram4 [ 9.893129][ T1] (driver?) [ 9.894283][ T1] 0105 4096 ram5 [ 9.894291][ T1] (driver?) [ 9.895698][ T1] 0106 4096 ram6 [ 9.895706][ T1] (driver?) [ 9.896758][ T1] 0107 4096 ram7 [ 9.896766][ T1] (driver?) [ 9.898038][ T1] 0108 4096 ram8 [ 9.898046][ T1] (driver?) [ 9.899196][ T1] 0109 4096 ram9 [ 9.899204][ T1] (driver?) [ 9.901225][ T1] 010a 4096 ram10 [ 9.901235][ T1] (driver?) [ 9.902295][ T1] 010b 4096 ram11 [ 9.902303][ T1] (driver?) [ 9.903361][ T1] 010c 4096 ram12 [ 9.903369][ T1] (driver?) [ 9.904433][ T1] 010d 4096 ram13 [ 9.904441][ T1] (driver?) [ 9.905537][ T1] 010e 4096 ram14 [ 9.905545][ T1] (driver?) [ 9.906605][ T1] 010f 4096 ram15 [ 9.906613][ T1] (driver?) [ 9.907702][ T1] 1f00 128 mtdblock0 [ 9.907710][ T1] (driver?) [ 9.909222][ T1] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) [ 9.910524][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.13.0-syzkaller #0 [ 9.911577][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 9.913030][ T1] Call Trace: [ 9.913582][ T1] dump_stack_lvl+0xcd/0x134 [ 9.914352][ T1] panic+0x306/0x73d [ 9.914959][ T1] ? __warn_printk+0xf3/0xf3 [ 9.916524][ T1] mount_block_root+0x3f8/0x4dd [ 9.917211][ T1] ? init_rootfs+0x59/0x59 [ 9.918287][ T1] ? memcpy+0x39/0x60 [ 9.919164][ T1] mount_root+0x1af/0x1f5 [ 9.919838][ T1] ? mount_block_root+0x4dd/0x4dd [ 9.920611][ T1] ? memcpy+0x39/0x60 [ 9.921332][ T1] prepare_namespace+0x1ff/0x234 [ 9.922015][ T1] kernel_init_freeable+0x729/0x741 [ 9.922766][ T1] ? rest_init+0x3e0/0x3e0 [ 9.923398][ T1] kernel_init+0x1a/0x1d0 [ 9.924014][ T1] ? rest_init+0x3e0/0x3e0 [ 9.924684][ T1] ret_from_fork+0x1f/0x30 [ 9.931512][ T1] Kernel Offset: disabled [ 9.932134][ T1] Rebooting in 86400 seconds.. Error text is too large and was truncated, full error text is at: https://syzkaller.appspot.com/x/error.txt?x=115cd5e4300000 Tested on: commit: 1b2d5f60 io_uring: use right task for exiting checks git tree: git://git.kernel.dk/linux-block io_uring-5.14 kernel config: https://syzkaller.appspot.com/x/.config?x=c4b9715112a24a2b dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109 compiler: ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 14:39 ` syzbot @ 2021-07-11 14:45 ` Jens Axboe 2021-07-11 15:27 ` syzbot 0 siblings, 1 reply; 8+ messages in thread From: Jens Axboe @ 2021-07-11 14:45 UTC (permalink / raw) To: syzbot, asml.silence, io-uring, linux-kernel, syzkaller-bugs On 7/11/21 8:39 AM, syzbot wrote: > Hello, > > syzbot tried to test the proposed patch but the build/boot failed: Unrelated failure, let's try the patch on the old base instead: #syz test: git://git.kernel.dk/linux-block io_uring-5.14-test -- Jens Axboe ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 14:45 ` Jens Axboe @ 2021-07-11 15:27 ` syzbot 2021-07-11 20:20 ` Pavel Begunkov 0 siblings, 1 reply; 8+ messages in thread From: syzbot @ 2021-07-11 15:27 UTC (permalink / raw) To: asml.silence, axboe, io-uring, linux-kernel, syzkaller-bugs Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: INFO: task hung in io_uring_cancel_generic INFO: task syz-executor.5:10156 blocked for more than 143 seconds. Tainted: G W 5.13.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:27976 pid:10156 ppid: 8832 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x934/0x2710 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x28b/0x2a50 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007fc32f0d4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffee94563df R14: 00007fc32f0d4300 R15: 0000000000022000 INFO: task syz-executor.2:10228 blocked for more than 143 seconds. Tainted: G W 5.13.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:29192 pid:10228 ppid: 8825 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x934/0x2710 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x28b/0x2a50 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f48eed2e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffc352d975f R14: 00007f48eed2e300 R15: 0000000000022000 INFO: task syz-executor.3:10229 blocked for more than 143 seconds. Tainted: G W 5.13.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:27976 pid:10229 ppid: 8828 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x934/0x2710 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x28b/0x2a50 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007fb1b5eac218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffdb651a9bf R14: 00007fb1b5eac300 R15: 0000000000022000 INFO: task syz-executor.0:10241 blocked for more than 144 seconds. Tainted: G W 5.13.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:27976 pid:10241 ppid: 8830 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x934/0x2710 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x28b/0x2a50 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007fa3ce68b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffcf35d4ebf R14: 00007fa3ce68b300 R15: 0000000000022000 INFO: task syz-executor.1:10247 blocked for more than 144 seconds. Tainted: G W 5.13.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:27976 pid:10247 ppid: 8831 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x934/0x2710 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x28b/0x2a50 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f7c4a218218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffdaa7cc7af R14: 00007f7c4a218300 R15: 0000000000022000 INFO: task syz-executor.4:10271 blocked for more than 144 seconds. Tainted: G W 5.13.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:27976 pid:10271 ppid: 8827 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x934/0x2710 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x28b/0x2a50 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007fcb3ff30218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffd6fb6745f R14: 00007fcb3ff30300 R15: 0000000000022000 INFO: lockdep is turned off. NMI backtrace for cpu 1 CPU: 1 PID: 1635 Comm: khungtaskd Tainted: G W 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xd4b/0xfb0 kernel/hung_task.c:294 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8 Comm: kworker/0:2 Tainted: G W 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_power_efficient toggle_allocation_gate RIP: 0010:__kasan_check_read+0x4/0x10 mm/kasan/shadow.c:31 Code: 24 07 48 85 db 0f 85 f6 0d 26 07 48 83 c4 60 5b 5d 41 5c 41 5d c3 c3 e9 f6 0e 26 07 cc cc cc cc cc cc cc cc cc cc 48 8b 0c 24 <89> f6 31 d2 e9 03 f9 ff ff 0f 1f 00 48 8b 0c 24 89 f6 ba 01 00 00 RSP: 0018:ffffc90000cd79a8 EFLAGS: 00000046 RAX: 0000000000000001 RBX: ffff888140158660 RCX: ffffffff81347c5f RDX: ffffed102802b0cd RSI: 0000000000000008 RDI: ffffffff8baa4870 RBP: ffffffff8baa4460 R08: 0000000000000001 R09: ffff888140158667 R10: ffffed102802b0cc R11: 000000000000003f R12: ffff888140158000 R13: ffffffff8baa4870 R14: ffff888140158660 R15: ffffffff8baa4400 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f089e135020 CR3: 000000013fe38000 CR4: 0000000000350ef0 Call Trace: instrument_atomic_read include/linux/instrumented.h:71 [inline] atomic64_read include/asm-generic/atomic-instrumented.h:605 [inline] switch_mm_irqs_off+0x1df/0x9b0 arch/x86/mm/tlb.c:556 unuse_temporary_mm arch/x86/kernel/alternative.c:763 [inline] __text_poke+0x541/0x8c0 arch/x86/kernel/alternative.c:859 text_poke_bp_batch+0x3d7/0x560 arch/x86/kernel/alternative.c:1178 text_poke_flush arch/x86/kernel/alternative.c:1268 [inline] text_poke_flush arch/x86/kernel/alternative.c:1265 [inline] text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1275 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:145 jump_label_update+0x1d5/0x430 kernel/jump_label.c:827 static_key_enable_cpuslocked+0x1b1/0x260 kernel/jump_label.c:177 static_key_enable+0x16/0x20 kernel/jump_label.c:190 toggle_allocation_gate mm/kfence/core.c:623 [inline] toggle_allocation_gate+0x100/0x390 mm/kfence/core.c:615 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Tested on: commit: dfa01077 io_uring: use right task for exiting checks git tree: git://git.kernel.dk/linux-block io_uring-5.14-test console output: https://syzkaller.appspot.com/x/log.txt?x=13b501e2300000 kernel config: https://syzkaller.appspot.com/x/.config?x=c650d78cfe48974c dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109 compiler: ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 15:27 ` syzbot @ 2021-07-11 20:20 ` Pavel Begunkov 2021-07-11 21:43 ` Pavel Begunkov 0 siblings, 1 reply; 8+ messages in thread From: Pavel Begunkov @ 2021-07-11 20:20 UTC (permalink / raw) To: syzbot, axboe, io-uring, linux-kernel, syzkaller-bugs On 7/11/21 4:27 PM, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > INFO: task hung in io_uring_cancel_generic I think I see what it is. To not duplicate efforts... > > INFO: task syz-executor.5:10156 blocked for more than 143 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor.5 state:D stack:27976 pid:10156 ppid: 8832 flags:0x00004004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > get_signal+0x47f/0x2150 kernel/signal.c:2796 > arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 > handle_signal_work kernel/entry/common.c:148 [inline] > exit_to_user_mode_loop kernel/entry/common.c:172 [inline] > exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 > __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] > syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 > do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x4665d9 > RSP: 002b:00007fc32f0d4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: fffffffffffffe00 RBX: 000000000056bf88 RCX: 00000000004665d9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 > RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c > R13: 00007ffee94563df R14: 00007fc32f0d4300 R15: 0000000000022000 > INFO: task syz-executor.2:10228 blocked for more than 143 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor.2 state:D stack:29192 pid:10228 ppid: 8825 flags:0x00004004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > get_signal+0x47f/0x2150 kernel/signal.c:2796 > arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 > handle_signal_work kernel/entry/common.c:148 [inline] > exit_to_user_mode_loop kernel/entry/common.c:172 [inline] > exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 > __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] > syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 > do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x4665d9 > RSP: 002b:00007f48eed2e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 > RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c > R13: 00007ffc352d975f R14: 00007f48eed2e300 R15: 0000000000022000 > INFO: task syz-executor.3:10229 blocked for more than 143 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor.3 state:D stack:27976 pid:10229 ppid: 8828 flags:0x00004004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > get_signal+0x47f/0x2150 kernel/signal.c:2796 > arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 > handle_signal_work kernel/entry/common.c:148 [inline] > exit_to_user_mode_loop kernel/entry/common.c:172 [inline] > exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 > __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] > syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 > do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x4665d9 > RSP: 002b:00007fb1b5eac218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 > RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c > R13: 00007ffdb651a9bf R14: 00007fb1b5eac300 R15: 0000000000022000 > INFO: task syz-executor.0:10241 blocked for more than 144 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor.0 state:D stack:27976 pid:10241 ppid: 8830 flags:0x00004004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > get_signal+0x47f/0x2150 kernel/signal.c:2796 > arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 > handle_signal_work kernel/entry/common.c:148 [inline] > exit_to_user_mode_loop kernel/entry/common.c:172 [inline] > exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 > __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] > syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 > do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x4665d9 > RSP: 002b:00007fa3ce68b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 > RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c > R13: 00007ffcf35d4ebf R14: 00007fa3ce68b300 R15: 0000000000022000 > INFO: task syz-executor.1:10247 blocked for more than 144 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor.1 state:D stack:27976 pid:10247 ppid: 8831 flags:0x00004004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > get_signal+0x47f/0x2150 kernel/signal.c:2796 > arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 > handle_signal_work kernel/entry/common.c:148 [inline] > exit_to_user_mode_loop kernel/entry/common.c:172 [inline] > exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 > __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] > syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 > do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x4665d9 > RSP: 002b:00007f7c4a218218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 > RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c > R13: 00007ffdaa7cc7af R14: 00007f7c4a218300 R15: 0000000000022000 > INFO: task syz-executor.4:10271 blocked for more than 144 seconds. > Tainted: G W 5.13.0-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor.4 state:D stack:27976 pid:10271 ppid: 8827 flags:0x00004004 > Call Trace: > context_switch kernel/sched/core.c:4683 [inline] > __schedule+0x934/0x2710 kernel/sched/core.c:5940 > schedule+0xd3/0x270 kernel/sched/core.c:6019 > io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 > io_uring_files_cancel include/linux/io_uring.h:16 [inline] > do_exit+0x28b/0x2a50 kernel/exit.c:780 > do_group_exit+0x125/0x310 kernel/exit.c:922 > get_signal+0x47f/0x2150 kernel/signal.c:2796 > arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 > handle_signal_work kernel/entry/common.c:148 [inline] > exit_to_user_mode_loop kernel/entry/common.c:172 [inline] > exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 > __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] > syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 > do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x4665d9 > RSP: 002b:00007fcb3ff30218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 > RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c > R13: 00007ffd6fb6745f R14: 00007fcb3ff30300 R15: 0000000000022000 > INFO: lockdep is turned off. > NMI backtrace for cpu 1 > CPU: 1 PID: 1635 Comm: khungtaskd Tainted: G W 5.13.0-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:79 [inline] > dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96 > nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 > nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 > trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] > check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] > watchdog+0xd4b/0xfb0 kernel/hung_task.c:294 > kthread+0x3e5/0x4d0 kernel/kthread.c:319 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 > Sending NMI from CPU 1 to CPUs 0: > NMI backtrace for cpu 0 > CPU: 0 PID: 8 Comm: kworker/0:2 Tainted: G W 5.13.0-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > Workqueue: events_power_efficient toggle_allocation_gate > RIP: 0010:__kasan_check_read+0x4/0x10 mm/kasan/shadow.c:31 > Code: 24 07 48 85 db 0f 85 f6 0d 26 07 48 83 c4 60 5b 5d 41 5c 41 5d c3 c3 e9 f6 0e 26 07 cc cc cc cc cc cc cc cc cc cc 48 8b 0c 24 <89> f6 31 d2 e9 03 f9 ff ff 0f 1f 00 48 8b 0c 24 89 f6 ba 01 00 00 > RSP: 0018:ffffc90000cd79a8 EFLAGS: 00000046 > RAX: 0000000000000001 RBX: ffff888140158660 RCX: ffffffff81347c5f > RDX: ffffed102802b0cd RSI: 0000000000000008 RDI: ffffffff8baa4870 > RBP: ffffffff8baa4460 R08: 0000000000000001 R09: ffff888140158667 > R10: ffffed102802b0cc R11: 000000000000003f R12: ffff888140158000 > R13: ffffffff8baa4870 R14: ffff888140158660 R15: ffffffff8baa4400 > FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f089e135020 CR3: 000000013fe38000 CR4: 0000000000350ef0 > Call Trace: > instrument_atomic_read include/linux/instrumented.h:71 [inline] > atomic64_read include/asm-generic/atomic-instrumented.h:605 [inline] > switch_mm_irqs_off+0x1df/0x9b0 arch/x86/mm/tlb.c:556 > unuse_temporary_mm arch/x86/kernel/alternative.c:763 [inline] > __text_poke+0x541/0x8c0 arch/x86/kernel/alternative.c:859 > text_poke_bp_batch+0x3d7/0x560 arch/x86/kernel/alternative.c:1178 > text_poke_flush arch/x86/kernel/alternative.c:1268 [inline] > text_poke_flush arch/x86/kernel/alternative.c:1265 [inline] > text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1275 > arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:145 > jump_label_update+0x1d5/0x430 kernel/jump_label.c:827 > static_key_enable_cpuslocked+0x1b1/0x260 kernel/jump_label.c:177 > static_key_enable+0x16/0x20 kernel/jump_label.c:190 > toggle_allocation_gate mm/kfence/core.c:623 [inline] > toggle_allocation_gate+0x100/0x390 mm/kfence/core.c:615 > process_one_work+0x98d/0x1630 kernel/workqueue.c:2276 > worker_thread+0x658/0x11f0 kernel/workqueue.c:2422 > kthread+0x3e5/0x4d0 kernel/kthread.c:319 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 > > > Tested on: > > commit: dfa01077 io_uring: use right task for exiting checks > git tree: git://git.kernel.dk/linux-block io_uring-5.14-test > console output: https://syzkaller.appspot.com/x/log.txt?x=13b501e2300000 > kernel config: https://syzkaller.appspot.com/x/.config?x=c650d78cfe48974c > dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109 > compiler: > -- Pavel Begunkov ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 20:20 ` Pavel Begunkov @ 2021-07-11 21:43 ` Pavel Begunkov 2021-07-11 22:05 ` syzbot 0 siblings, 1 reply; 8+ messages in thread From: Pavel Begunkov @ 2021-07-11 21:43 UTC (permalink / raw) To: syzbot, axboe, io-uring, linux-kernel, syzkaller-bugs On 7/11/21 9:20 PM, Pavel Begunkov wrote: > On 7/11/21 4:27 PM, syzbot wrote: >> Hello, >> >> syzbot has tested the proposed patch but the reproducer is still triggering an issue: >> INFO: task hung in io_uring_cancel_generic > > I think I see what it is. To not duplicate efforts... #syz test: https://github.com/isilence/linux.git drain_fix_syztest >> >> INFO: task syz-executor.5:10156 blocked for more than 143 seconds. >> Tainted: G W 5.13.0-syzkaller #0 >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. >> task:syz-executor.5 state:D stack:27976 pid:10156 ppid: 8832 flags:0x00004004 >> Call Trace: >> context_switch kernel/sched/core.c:4683 [inline] >> __schedule+0x934/0x2710 kernel/sched/core.c:5940 >> schedule+0xd3/0x270 kernel/sched/core.c:6019 >> io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 >> io_uring_files_cancel include/linux/io_uring.h:16 [inline] >> do_exit+0x28b/0x2a50 kernel/exit.c:780 >> do_group_exit+0x125/0x310 kernel/exit.c:922 >> get_signal+0x47f/0x2150 kernel/signal.c:2796 >> arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 >> handle_signal_work kernel/entry/common.c:148 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:172 [inline] >> exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 >> __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] >> syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 >> do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 >> entry_SYSCALL_64_after_hwframe+0x44/0xae >> RIP: 0033:0x4665d9 >> RSP: 002b:00007fc32f0d4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca >> RAX: fffffffffffffe00 RBX: 000000000056bf88 RCX: 00000000004665d9 >> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 >> RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c >> R13: 00007ffee94563df R14: 00007fc32f0d4300 R15: 0000000000022000 >> INFO: task syz-executor.2:10228 blocked for more than 143 seconds. >> Tainted: G W 5.13.0-syzkaller #0 >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. >> task:syz-executor.2 state:D stack:29192 pid:10228 ppid: 8825 flags:0x00004004 >> Call Trace: >> context_switch kernel/sched/core.c:4683 [inline] >> __schedule+0x934/0x2710 kernel/sched/core.c:5940 >> schedule+0xd3/0x270 kernel/sched/core.c:6019 >> io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 >> io_uring_files_cancel include/linux/io_uring.h:16 [inline] >> do_exit+0x28b/0x2a50 kernel/exit.c:780 >> do_group_exit+0x125/0x310 kernel/exit.c:922 >> get_signal+0x47f/0x2150 kernel/signal.c:2796 >> arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 >> handle_signal_work kernel/entry/common.c:148 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:172 [inline] >> exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 >> __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] >> syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 >> do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 >> entry_SYSCALL_64_after_hwframe+0x44/0xae >> RIP: 0033:0x4665d9 >> RSP: 002b:00007f48eed2e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca >> RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 >> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 >> RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c >> R13: 00007ffc352d975f R14: 00007f48eed2e300 R15: 0000000000022000 >> INFO: task syz-executor.3:10229 blocked for more than 143 seconds. >> Tainted: G W 5.13.0-syzkaller #0 >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. >> task:syz-executor.3 state:D stack:27976 pid:10229 ppid: 8828 flags:0x00004004 >> Call Trace: >> context_switch kernel/sched/core.c:4683 [inline] >> __schedule+0x934/0x2710 kernel/sched/core.c:5940 >> schedule+0xd3/0x270 kernel/sched/core.c:6019 >> io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 >> io_uring_files_cancel include/linux/io_uring.h:16 [inline] >> do_exit+0x28b/0x2a50 kernel/exit.c:780 >> do_group_exit+0x125/0x310 kernel/exit.c:922 >> get_signal+0x47f/0x2150 kernel/signal.c:2796 >> arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 >> handle_signal_work kernel/entry/common.c:148 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:172 [inline] >> exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 >> __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] >> syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 >> do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 >> entry_SYSCALL_64_after_hwframe+0x44/0xae >> RIP: 0033:0x4665d9 >> RSP: 002b:00007fb1b5eac218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca >> RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 >> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 >> RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c >> R13: 00007ffdb651a9bf R14: 00007fb1b5eac300 R15: 0000000000022000 >> INFO: task syz-executor.0:10241 blocked for more than 144 seconds. >> Tainted: G W 5.13.0-syzkaller #0 >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. >> task:syz-executor.0 state:D stack:27976 pid:10241 ppid: 8830 flags:0x00004004 >> Call Trace: >> context_switch kernel/sched/core.c:4683 [inline] >> __schedule+0x934/0x2710 kernel/sched/core.c:5940 >> schedule+0xd3/0x270 kernel/sched/core.c:6019 >> io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 >> io_uring_files_cancel include/linux/io_uring.h:16 [inline] >> do_exit+0x28b/0x2a50 kernel/exit.c:780 >> do_group_exit+0x125/0x310 kernel/exit.c:922 >> get_signal+0x47f/0x2150 kernel/signal.c:2796 >> arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 >> handle_signal_work kernel/entry/common.c:148 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:172 [inline] >> exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 >> __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] >> syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 >> do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 >> entry_SYSCALL_64_after_hwframe+0x44/0xae >> RIP: 0033:0x4665d9 >> RSP: 002b:00007fa3ce68b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca >> RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 >> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 >> RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c >> R13: 00007ffcf35d4ebf R14: 00007fa3ce68b300 R15: 0000000000022000 >> INFO: task syz-executor.1:10247 blocked for more than 144 seconds. >> Tainted: G W 5.13.0-syzkaller #0 >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. >> task:syz-executor.1 state:D stack:27976 pid:10247 ppid: 8831 flags:0x00004004 >> Call Trace: >> context_switch kernel/sched/core.c:4683 [inline] >> __schedule+0x934/0x2710 kernel/sched/core.c:5940 >> schedule+0xd3/0x270 kernel/sched/core.c:6019 >> io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 >> io_uring_files_cancel include/linux/io_uring.h:16 [inline] >> do_exit+0x28b/0x2a50 kernel/exit.c:780 >> do_group_exit+0x125/0x310 kernel/exit.c:922 >> get_signal+0x47f/0x2150 kernel/signal.c:2796 >> arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 >> handle_signal_work kernel/entry/common.c:148 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:172 [inline] >> exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 >> __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] >> syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 >> do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 >> entry_SYSCALL_64_after_hwframe+0x44/0xae >> RIP: 0033:0x4665d9 >> RSP: 002b:00007f7c4a218218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca >> RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 >> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 >> RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c >> R13: 00007ffdaa7cc7af R14: 00007f7c4a218300 R15: 0000000000022000 >> INFO: task syz-executor.4:10271 blocked for more than 144 seconds. >> Tainted: G W 5.13.0-syzkaller #0 >> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. >> task:syz-executor.4 state:D stack:27976 pid:10271 ppid: 8827 flags:0x00004004 >> Call Trace: >> context_switch kernel/sched/core.c:4683 [inline] >> __schedule+0x934/0x2710 kernel/sched/core.c:5940 >> schedule+0xd3/0x270 kernel/sched/core.c:6019 >> io_uring_cancel_generic+0x54d/0x890 fs/io_uring.c:9148 >> io_uring_files_cancel include/linux/io_uring.h:16 [inline] >> do_exit+0x28b/0x2a50 kernel/exit.c:780 >> do_group_exit+0x125/0x310 kernel/exit.c:922 >> get_signal+0x47f/0x2150 kernel/signal.c:2796 >> arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 >> handle_signal_work kernel/entry/common.c:148 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:172 [inline] >> exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 >> __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] >> syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 >> do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 >> entry_SYSCALL_64_after_hwframe+0x44/0xae >> RIP: 0033:0x4665d9 >> RSP: 002b:00007fcb3ff30218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca >> RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 >> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 >> RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c >> R13: 00007ffd6fb6745f R14: 00007fcb3ff30300 R15: 0000000000022000 >> INFO: lockdep is turned off. >> NMI backtrace for cpu 1 >> CPU: 1 PID: 1635 Comm: khungtaskd Tainted: G W 5.13.0-syzkaller #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 >> Call Trace: >> __dump_stack lib/dump_stack.c:79 [inline] >> dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96 >> nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 >> nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 >> trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] >> check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] >> watchdog+0xd4b/0xfb0 kernel/hung_task.c:294 >> kthread+0x3e5/0x4d0 kernel/kthread.c:319 >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 >> Sending NMI from CPU 1 to CPUs 0: >> NMI backtrace for cpu 0 >> CPU: 0 PID: 8 Comm: kworker/0:2 Tainted: G W 5.13.0-syzkaller #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 >> Workqueue: events_power_efficient toggle_allocation_gate >> RIP: 0010:__kasan_check_read+0x4/0x10 mm/kasan/shadow.c:31 >> Code: 24 07 48 85 db 0f 85 f6 0d 26 07 48 83 c4 60 5b 5d 41 5c 41 5d c3 c3 e9 f6 0e 26 07 cc cc cc cc cc cc cc cc cc cc 48 8b 0c 24 <89> f6 31 d2 e9 03 f9 ff ff 0f 1f 00 48 8b 0c 24 89 f6 ba 01 00 00 >> RSP: 0018:ffffc90000cd79a8 EFLAGS: 00000046 >> RAX: 0000000000000001 RBX: ffff888140158660 RCX: ffffffff81347c5f >> RDX: ffffed102802b0cd RSI: 0000000000000008 RDI: ffffffff8baa4870 >> RBP: ffffffff8baa4460 R08: 0000000000000001 R09: ffff888140158667 >> R10: ffffed102802b0cc R11: 000000000000003f R12: ffff888140158000 >> R13: ffffffff8baa4870 R14: ffff888140158660 R15: ffffffff8baa4400 >> FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 00007f089e135020 CR3: 000000013fe38000 CR4: 0000000000350ef0 >> Call Trace: >> instrument_atomic_read include/linux/instrumented.h:71 [inline] >> atomic64_read include/asm-generic/atomic-instrumented.h:605 [inline] >> switch_mm_irqs_off+0x1df/0x9b0 arch/x86/mm/tlb.c:556 >> unuse_temporary_mm arch/x86/kernel/alternative.c:763 [inline] >> __text_poke+0x541/0x8c0 arch/x86/kernel/alternative.c:859 >> text_poke_bp_batch+0x3d7/0x560 arch/x86/kernel/alternative.c:1178 >> text_poke_flush arch/x86/kernel/alternative.c:1268 [inline] >> text_poke_flush arch/x86/kernel/alternative.c:1265 [inline] >> text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1275 >> arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:145 >> jump_label_update+0x1d5/0x430 kernel/jump_label.c:827 >> static_key_enable_cpuslocked+0x1b1/0x260 kernel/jump_label.c:177 >> static_key_enable+0x16/0x20 kernel/jump_label.c:190 >> toggle_allocation_gate mm/kfence/core.c:623 [inline] >> toggle_allocation_gate+0x100/0x390 mm/kfence/core.c:615 >> process_one_work+0x98d/0x1630 kernel/workqueue.c:2276 >> worker_thread+0x658/0x11f0 kernel/workqueue.c:2422 >> kthread+0x3e5/0x4d0 kernel/kthread.c:319 >> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 >> >> >> Tested on: >> >> commit: dfa01077 io_uring: use right task for exiting checks >> git tree: git://git.kernel.dk/linux-block io_uring-5.14-test >> console output: https://syzkaller.appspot.com/x/log.txt?x=13b501e2300000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=c650d78cfe48974c >> dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109 >> compiler: >> > -- Pavel Begunkov ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] INFO: task hung in io_uring_cancel_generic 2021-07-11 21:43 ` Pavel Begunkov @ 2021-07-11 22:05 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2021-07-11 22:05 UTC (permalink / raw) To: asml.silence, axboe, io-uring, linux-kernel, syzkaller-bugs Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: [email protected] Tested on: commit: 66af6ccf io_uring: fix io_drain_req() git tree: https://github.com/isilence/linux.git drain_fix_syztest kernel config: https://syzkaller.appspot.com/x/.config?x=c650d78cfe48974c dashboard link: https://syzkaller.appspot.com/bug?extid=ba6fcd859210f4e9e109 compiler: Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-07-11 22:05 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-07-11 12:24 [syzbot] INFO: task hung in io_uring_cancel_generic syzbot 2021-07-11 13:54 ` Jens Axboe 2021-07-11 14:39 ` syzbot 2021-07-11 14:45 ` Jens Axboe 2021-07-11 15:27 ` syzbot 2021-07-11 20:20 ` Pavel Begunkov 2021-07-11 21:43 ` Pavel Begunkov 2021-07-11 22:05 ` syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox