public inbox for [email protected]
 help / color / mirror / Atom feed
From: Jens Axboe <[email protected]>
To: syzbot <[email protected]>,
	[email protected], [email protected],
	[email protected], [email protected]
Subject: Re: [syzbot] WARNING in io_cqring_event_overflow
Date: Thu, 12 Jan 2023 08:27:48 -0700	[thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>

On 1/12/23 3:56?AM, syzbot wrote:
> Hello,
> 
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> WARNING in io_cqring_event_overflow
> 
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 2836 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734
> Modules linked in:
> CPU: 1 PID: 2836 Comm: kworker/u4:4 Not tainted 6.2.0-rc3-syzkaller-00011-g0af4af977a59 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
> Workqueue: events_unbound io_ring_exit_work
> pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734
> lr : io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734
> sp : ffff8000164abad0
> x29: ffff8000164abad0
>  x28: ffff0000c655e578
>  x27: ffff80000d49b000
> 
> x26: 0000000000000000
>  x25: 0000000000000000
>  x24: 0000000000000000
> 
> x23: 0000000000000000
>  x22: 0000000000000000
>  x21: 0000000000000000
> 
> x20: 0000000000000000
>  x19: ffff0000d1727000
>  x18: 00000000000000c0
> 
> x17: ffff80000df48158
>  x16: ffff80000dd86118
>  x15: ffff0000c60dce00
> 
> x14: 0000000000000110
>  x13: 00000000ffffffff
>  x12: ffff0000c60dce00
> 
> x11: ff808000095945e8
>  x10: 0000000000000000
>  x9 : ffff8000095945e8
> 
> x8 : ffff0000c60dce00
>  x7 : ffff80000c1090e0
>  x6 : 0000000000000000
> 
> x5 : 0000000000000000
>  x4 : 0000000000000000
>  x3 : 0000000000000000
> 
> x2 : 0000000000000000
>  x1 : 0000000000000000
>  x0 : 0000000000000000
> 
> Call trace:
>  io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734
>  io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773
>  io_fill_cqe_req io_uring/io_uring.h:168 [inline]
>  io_do_iopoll+0x474/0x62c io_uring/rw.c:1065
>  io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513
>  io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056
>  io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869
>  process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
>  worker_thread+0x340/0x610 kernel/workqueue.c:2436
>  kthread+0x12c/0x158 kernel/kthread.c:376
>  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863
> irq event stamp: 576210
> hardirqs last  enabled at (576209): [<ffff80000c1238f8>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
> hardirqs last  enabled at (576209): [<ffff80000c1238f8>] _raw_spin_unlock_irq+0x3c/0x70 kernel/locking/spinlock.c:202
> hardirqs last disabled at (576210): [<ffff80000c110630>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
> softirqs last  enabled at (576168): [<ffff80000bfd4634>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
> softirqs last  enabled at (576168): [<ffff80000bfd4634>] batadv_nc_purge_paths+0x1d0/0x214 net/batman-adv/network-coding.c:471
> softirqs last disabled at (576166): [<ffff80000bfd44c4>] spin_lock_bh include/linux/spinlock.h:355 [inline]
> softirqs last disabled at (576166): [<ffff80000bfd44c4>] batadv_nc_purge_paths+0x60/0x214 net/batman-adv/network-coding.c:442
> ---[ end trace 0000000000000000 ]---
> ------------[ cut here ]------------

Pavel, don't we want to make this follow the usual lockdep rules?


diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 1dd0fc0412c8..5aab3fa3b7c5 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -753,7 +753,7 @@ static bool io_cqring_event_overflow(struct io_ring_ctx *ctx, u64 user_data,
 	size_t ocq_size = sizeof(struct io_overflow_cqe);
 	bool is_cqe32 = (ctx->flags & IORING_SETUP_CQE32);
 
-	lockdep_assert_held(&ctx->completion_lock);
+	io_lockdep_assert_cq_locked(ctx);
 
 	if (is_cqe32)
 		ocq_size += sizeof(struct io_uring_cqe);

-- 
Jens Axboe


  reply	other threads:[~2023-01-12 15:38 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-12 10:20 [syzbot] WARNING in io_cqring_event_overflow syzbot
2023-01-12 10:37 ` Pavel Begunkov
2023-01-12 10:56   ` syzbot
2023-01-12 15:27     ` Jens Axboe [this message]
2023-01-12 18:11     ` Pavel Begunkov
2023-01-13  2:51       ` syzbot
2023-01-13  3:10       ` Jens Axboe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox