syzbot


WARNING in io_wqe_enqueue

Status: fixed on 2021/11/10 00:50
Subsystems: io-uring fs
[Documentation on labels]
Reported-by: syzbot+ea2f1484cffe5109dc10@syzkaller.appspotmail.com
Fix commit: e6ab8991c5d0 io_uring: fix false WARN_ONCE
First crash: 1029d, last: 1029d
Cause bisection: introduced by (bisect log) :
commit 24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c
Author: Pavel Begunkov <asml.silence@gmail.com>
Date: Tue Jan 28 00:15:48 2020 +0000

  io_uring: add io-wq workqueue sharing

Crash: WARNING in io_wqe_wake_worker (log)
Repro: C syz .config
  
Discussions (8)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 5.13 001/189] drm/etnaviv: fix NULL check before some freeing functions is not needed 201 (201) 2021/08/09 16:06
[PATCH 5.12 000/242] 5.12.18-rc1 review 258 (258) 2021/07/22 14:12
[PATCH 5.10 000/215] 5.10.51-rc1 review 225 (225) 2021/07/17 01:20
[PATCH 5.13 000/266] 5.13.3-rc1 review 276 (276) 2021/07/16 18:08
[PATCH AUTOSEL 5.10 001/137] drm/etnaviv: fix NULL check before some freeing functions is not needed 141 (141) 2021/07/12 22:03
[PATCH AUTOSEL 5.12 001/160] drm/etnaviv: fix NULL check before some freeing functions is not needed 160 (160) 2021/07/06 11:18
[PATCH for-next 00/12] another round of 5.14 optimisations 16 (16) 2021/06/18 15:35
[syzbot] WARNING in io_wqe_enqueue 3 (6) 2021/06/10 03:03

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8450 at fs/io-wq.c:244 io_wqe_wake_worker fs/io-wq.c:244 [inline]
WARNING: CPU: 0 PID: 8450 at fs/io-wq.c:244 io_wqe_enqueue+0x7f6/0x910 fs/io-wq.c:751
Modules linked in:
CPU: 1 PID: 8450 Comm: syz-executor412 Not tainted 5.13.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:io_wqe_wake_worker fs/io-wq.c:244 [inline]
RIP: 0010:io_wqe_enqueue+0x7f6/0x910 fs/io-wq.c:751
Code: ef e8 3e a3 d8 ff e9 2d f9 ff ff 4c 89 ef e8 31 a3 d8 ff e9 53 f9 ff ff 48 89 ef e8 24 a3 d8 ff e9 9f fa ff ff e8 aa 1a 94 ff <0f> 0b e9 08 fb ff ff 48 8b 7c 24 08 e8 19 a3 d8 ff e9 ca fd ff ff
RSP: 0018:ffffc90001887c78 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888018b54040 RSI: ffffffff81dff6b6 RDI: 0000000000000003
RBP: ffff888023b88010 R08: 0000000000000000 R09: ffff888023b880a3
R10: ffffffff81dff1bc R11: 0000000000000000 R12: ffff888023b88000
R13: ffff888023b88098 R14: ffff888023b880e8 R15: 0000000000000000
FS:  00000000008cd300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000411b30 CR3: 0000000016b11000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 io_queue_async_work+0x2d0/0x5f0 fs/io_uring.c:1274
 __io_queue_sqe+0x806/0x10f0 fs/io_uring.c:6438
 __io_req_task_submit+0x103/0x120 fs/io_uring.c:2039
 io_async_task_func+0x23e/0x4c0 fs/io_uring.c:5074
 __tctx_task_work fs/io_uring.c:1910 [inline]
 tctx_task_work+0x24e/0x550 fs/io_uring.c:1924
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 tracehook_notify_signal include/linux/tracehook.h:212 [inline]
 handle_signal_work kernel/entry/common.c:145 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x24a/0x280 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:301
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43f969
Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffffffee318 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000043f969
RDX: 000000000043f969 RSI: 0000000000000001 RDI: 0000000000000004
RBP: 00007ffffffee338 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffffffee340
R13: 0000000000000000 R14: 00000000004ae018 R15: 0000000000400488

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/06/04 09:32 upstream f88cd3fb9df2 0740de69 .config console log report syz C ci-upstream-kasan-gce-selinux-root WARNING in io_wqe_enqueue
2021/06/04 09:21 upstream f88cd3fb9df2 0740de69 .config console log report syz C ci-upstream-kasan-gce-root WARNING in io_wqe_enqueue
2021/06/04 09:21 upstream f88cd3fb9df2 0740de69 .config console log report syz C ci-upstream-kasan-gce-smack-root WARNING in io_wqe_enqueue
2021/06/04 09:21 upstream f88cd3fb9df2 0740de69 .config console log report syz C ci-upstream-kasan-gce WARNING in io_wqe_enqueue
2021/06/04 09:23 linux-next a1f92694393a 0740de69 .config console log report syz C ci-upstream-linux-next-kasan-gce-root WARNING in io_wqe_enqueue
2021/06/04 09:05 upstream f88cd3fb9df2 0740de69 .config console log report info ci-qemu-upstream WARNING in io_wqe_enqueue
2021/06/04 09:02 upstream f88cd3fb9df2 0740de69 .config console log report info ci-upstream-kasan-gce-selinux-root WARNING in io_wqe_enqueue
2021/06/04 09:01 upstream f88cd3fb9df2 0740de69 .config console log report info ci-upstream-kasan-gce-root WARNING in io_wqe_enqueue
2021/06/04 09:00 upstream f88cd3fb9df2 0740de69 .config console log report info ci-upstream-kasan-gce-smack-root WARNING in io_wqe_enqueue
2021/06/04 08:59 upstream f88cd3fb9df2 0740de69 .config console log report info ci-upstream-kasan-gce WARNING in io_wqe_enqueue
2021/06/04 09:02 upstream f88cd3fb9df2 0740de69 .config console log report info ci-qemu-upstream-386 WARNING in io_wqe_enqueue
2021/06/04 09:00 upstream f88cd3fb9df2 0740de69 .config console log report info ci-upstream-kasan-gce-386 WARNING in io_wqe_enqueue
2021/06/04 09:02 linux-next a1f92694393a 0740de69 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in io_wqe_enqueue
* Struck through repros no longer work on HEAD.