Re: [io-uring] WARNING in io_issue_sqe

public inbox for [email protected]
 help / color / mirror / Atom feed

From: Pavel Begunkov <[email protected]>
To: chase xd <[email protected]>, Jens Axboe <[email protected]>,
	[email protected], [email protected]
Subject: Re: [io-uring] WARNING in io_issue_sqe
Date: Wed, 12 Jun 2024 16:41:45 +0100	[thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <CADZouDR_Qz7dNVDsJyVSK8HfeSPpoO2ts=C-VbzhvHs3xE53AA@mail.gmail.com>

On 6/12/24 15:29, chase xd wrote:
> Hi,
> 
> Syzkaller hits a new bug in branch 6.10.0-rc1-00004-gff802a9f35cf-dirty #7.
> Note: this is also not a reliable repro, might need to try more times

Do you have a syz repro? It's easier to understand what it's doing,
which request types are used and such.


> 
> ```
> 
> [  153.857557][T21250] apt-get (21250) used greatest stack depth:
> 22240 bytes left
> [  249.711259][T57846] ------------[ cut here ]------------
> [  249.711626][T57846] WARNING: CPU: 1 PID: 57846 at
> io_uring/refs.h:38 io_issue_sqe+0x10dc/0x1720
> [  249.712188][T57846] Modules linked in:
> [  249.712431][T57846] CPU: 1 PID: 57846 Comm: iou-wrk-57845 Not
> tainted 6.10.0-rc1-00004-gff802a9f35cf-dirty #7
> [  249.713020][T57846] Hardware name: QEMU Standard PC (i440FX + PIIX,
> 1996), BIOS 1.15.0-1 04/01/2014
> [  249.713566][T57846] RIP: 0010:io_issue_sqe+0x10dc/0x1720
> [  249.713894][T57846] Code: fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00
> 0f 85 c6 05 00 00 49 89 1c 24 49f
> [  249.715023][T57846] RSP: 0018:ffffc9000e84fc00 EFLAGS: 00010293
> [  249.715389][T57846] RAX: 0000000000000000 RBX: 0000000000000000
> RCX: ffffffff84139c3c
> [  249.715855][T57846] RDX: ffff88801eaad640 RSI: ffffffff8413a70b
> RDI: 0000000000000007
> [  249.716300][T57846] RBP: ffffc9000e84fc80 R08: 0000000000000007
> R09: 0000000000000000
> [  249.716676][T57846] R10: 0000000000000000 R11: 0000000000000000
> R12: ffff8880001c3a00
> [  249.717042][T57846] R13: 0000000000000000 R14: ffff888010600040
> R15: ffff8880001c3a48
> [  249.717428][T57846] FS:  00007f58ce931800(0000)
> GS:ffff88807ec00000(0000) knlGS:0000000000000000
> [  249.717837][T57846] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  249.718135][T57846] CR2: 00007f58ce932128 CR3: 000000001b08a000
> CR4: 00000000000006f0
> [  249.718497][T57846] Call Trace:
> [  249.718668][T57846]  <TASK>
> [  249.718810][T57846]  ? __warn+0xc7/0x2f0
> [  249.719003][T57846]  ? io_issue_sqe+0x10dc/0x1720
> [  249.719233][T57846]  ? report_bug+0x347/0x410
> [  249.719451][T57846]  ? handle_bug+0x3d/0x80
> [  249.719654][T57846]  ? exc_invalid_op+0x18/0x50
> [  249.719872][T57846]  ? asm_exc_invalid_op+0x1a/0x20
> [  249.720127][T57846]  ? io_issue_sqe+0x60c/0x1720
> [  249.720420][T57846]  ? io_issue_sqe+0x10db/0x1720
> [  249.720711][T57846]  ? io_issue_sqe+0x10dc/0x1720
> [  249.721012][T57846]  ? __fget_files+0x1bc/0x3d0
> [  249.722194][T57846]  ? io_wq_submit_work+0x264/0xcb0
> [  249.722521][T57846]  io_wq_submit_work+0x264/0xcb0
> [  249.722826][T57846]  io_worker_handle_work+0x97e/0x1790
> [  249.723159][T57846]  io_wq_worker+0x38e/0xe50
> [  249.723435][T57846]  ? __pfx_io_wq_worker+0x10/0x10
> [  249.723687][T57846]  ? ret_from_fork+0x16/0x70
> [  249.723907][T57846]  ? __pfx_lock_release+0x10/0x10
> [  249.724139][T57846]  ? do_raw_spin_lock+0x12c/0x2b0
> [  249.724392][T57846]  ? __pfx_do_raw_spin_lock+0x10/0x10
> [  249.724706][T57846]  ? __pfx_io_wq_worker+0x10/0x10
> [  249.725015][T57846]  ret_from_fork+0x2f/0x70
> [  249.725300][T57846]  ? __pfx_io_wq_worker+0x10/0x10
> [  249.725603][T57846]  ret_from_fork_asm+0x1a/0x30
> [  249.725897][T57846]  </TASK>
> [  249.726083][T57846] Kernel panic - not syncing: kernel: panic_on_warn set ...
> [  249.726521][T57846] CPU: 1 PID: 57846 Comm: iou-wrk-57845 Not
> tainted 6.10.0-rc1-00004-gff802a9f35cf-dirty #7
> [  249.727110][T57846] Hardware name: QEMU Standard PC (i440FX + PIIX,
> 1996), BIOS 1.15.0-1 04/01/2014
> [  249.727647][T57846] Call Trace:
> [  249.727842][T57846]  <TASK>
> [  249.728018][T57846]  panic+0x4fa/0x5a0
> [  249.728252][T57846]  ? __pfx_panic+0x10/0x10
> [  249.728516][T57846]  ? show_trace_log_lvl+0x284/0x390
> [  249.728832][T57846]  ? io_issue_sqe+0x10dc/0x1720
> [  249.729120][T57846]  check_panic_on_warn+0x61/0x80
> [  249.729416][T57846]  __warn+0xd3/0x2f0
> [  249.729650][T57846]  ? io_issue_sqe+0x10dc/0x1720
> [  249.729941][T57846]  report_bug+0x347/0x410
> [  249.730206][T57846]  handle_bug+0x3d/0x80
> [  249.730460][T57846]  exc_invalid_op+0x18/0x50
> [  249.730730][T57846]  asm_exc_invalid_op+0x1a/0x20
> [  249.731031][T57846] RIP: 0010:io_issue_sqe+0x10dc/0x1720
> [  249.731365][T57846] Code: fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00
> 0f 85 c6 05 00 00 49 89 1c 24 49f
> [  249.732508][T57846] RSP: 0018:ffffc9000e84fc00 EFLAGS: 00010293
> [  249.732873][T57846] RAX: 0000000000000000 RBX: 0000000000000000
> RCX: ffffffff84139c3c
> [  249.733351][T57846] RDX: ffff88801eaad640 RSI: ffffffff8413a70b
> RDI: 0000000000000007
> [  249.733822][T57846] RBP: ffffc9000e84fc80 R08: 0000000000000007
> R09: 0000000000000000
> [  249.734285][T57846] R10: 0000000000000000 R11: 0000000000000000
> R12: ffff8880001c3a00
> [  249.734757][T57846] R13: 0000000000000000 R14: ffff888010600040
> R15: ffff8880001c3a48
> [  249.735236][T57846]  ? io_issue_sqe+0x60c/0x1720
> [  249.735529][T57846]  ? io_issue_sqe+0x10db/0x1720
> [  249.735825][T57846]  ? __fget_files+0x1bc/0x3d0
> [  249.736116][T57846]  ? io_wq_submit_work+0x264/0xcb0
> [  249.736428][T57846]  io_wq_submit_work+0x264/0xcb0
> [  249.736731][T57846]  io_worker_handle_work+0x97e/0x1790
> [  249.737061][T57846]  io_wq_worker+0x38e/0xe50
> [  249.737353][T57846]  ? __pfx_io_wq_worker+0x10/0x10
> [  249.737646][T57846]  ? ret_from_fork+0x16/0x70
> [  249.737861][T57846]  ? __pfx_lock_release+0x10/0x10
> [  249.738091][T57846]  ? do_raw_spin_lock+0x12c/0x2b0
> [  249.738398][T57846]  ? __pfx_do_raw_spin_lock+0x10/0x10
> [  249.738729][T57846]  ? __pfx_io_wq_worker+0x10/0x10
> [  249.739033][T57846]  ret_from_fork+0x2f/0x70
> [  249.739308][T57846]  ? __pfx_io_wq_worker+0x10/0x10
> [  249.739617][T57846]  ret_from_fork_asm+0x1a/0x30
> [  249.739913][T57846]  </TASK>
> [  249.740236][T57846] Kernel Offset: disabled
> [  249.740518][T57846] Rebooting in 86400 seconds..
> 
> ```
> 
> crepro is in attachments.
> 
> Regards

-- 
Pavel Begunkov

next prev parent reply	other threads:[~2024-06-12 15:41 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-12 14:29 [io-uring] WARNING in io_issue_sqe chase xd
2024-06-12 15:41 ` Pavel Begunkov [this message]
2024-06-12 15:46   ` chase xd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox