Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp2520015pxt; Mon, 9 Aug 2021 02:27:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy8vTqoP5X7muKXIGOJ2koeX6Tq+lB9/a/EN7WfO5HXxlAYStm666SMp/qa6aGbyC9OUMbN X-Received: by 2002:aa7:db95:: with SMTP id u21mr28254098edt.152.1628501222079; Mon, 09 Aug 2021 02:27:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628501222; cv=none; d=google.com; s=arc-20160816; b=CMGMEcnpteLnDxI9Mr/rm6axteWM45UnyI8PaDth8G+wbYStETgRZjycjqt1cvwyKT Pe8xkkpG0vTZtAkL18XmSS3TTEcqx3IFtH9daFpRE/EsRbgmbqDkbh4AzubQbd1qTZab Ppk1bSbRnRFTtFFzitKtMwEd+jQUYvBBwclYqaoae6flwCD/QeBR69Ymyeca8nSazePb 0m5crPLhvMaQfpqjXwdvGd4BJE0TDzXdK2M6Ffuw1mE7OD+Q39gZnxba104wcTk9ss85 VgS6yaEUlL3A4TCrXYWo1CY5dOAw2IL3igjIypi0LIvOWBBNOo3oQ3gbKXfbujKCOgyP oa+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Kv0qXianjgxGg39Jv0L+TDQ2QR47zY1TQNpfW3pv4mQ=; b=UGAKcyFLv4oABOJSP/I0DCcqV+H4YdTSqOCLFeoNtvLTmvNn7vtvt98Acy4FqnJ9qA zNt3T1jF8/tuq1dBq3pw7MRVCvRwM8ZNrFE+boSWBoRzSrLL6MKLn0pNdpD0a7QWOFCo FQoa6aiQB3MytQTFsq2+/TtNVg3+kzSsWhDmzkReWJENKhCFT/WHr7pG6sNWuUX5ZJ1R 7YwpHwK6JYUyLD5i+AZ5ABgD3vtTYRjCjcp4iXkn9rKURc0rkJputpl79LGXBeYg+HX9 fk/Qc4sno3Y4wJ6bp21xh/5cOLIWK8p1pjkvL/GpeBiHJK3Asvfr+qbItq4BpWPDGeBJ vTXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kEmda94z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k20si5857736edr.586.2021.08.09.02.26.37; Mon, 09 Aug 2021 02:27:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kEmda94z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234349AbhHIJYz (ORCPT + 99 others); Mon, 9 Aug 2021 05:24:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59566 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234338AbhHIJYz (ORCPT ); Mon, 9 Aug 2021 05:24:55 -0400 Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8441C0613CF for ; Mon, 9 Aug 2021 02:24:34 -0700 (PDT) Received: by mail-qk1-x736.google.com with SMTP id w197so16295856qkb.1 for ; Mon, 09 Aug 2021 02:24:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Kv0qXianjgxGg39Jv0L+TDQ2QR47zY1TQNpfW3pv4mQ=; b=kEmda94zCsiFJ4hkRfv8nmCHOJY9Xtz7Hi+q6mJteBnYsGeW4coQYAAlQiyIA6NuB5 rShW4nCj9a4qBHJV+fbizHmTnFouFGv8DavO0y0lckf2h752mr9WWwlZOgAoEb6pgpoE rVycT8mhx8LzKyCoh6AHlarBbgO4GakbqBbHxMxtcRTK9OUUTWV0q0o1nLiR6Xyt+zPv 60hxNJZA1ymL4imjzkp7pajUJeay+ScZyzfismLq40KayFkIMrwxIO8CPQfXOADpVhOc 8hmqaQM14DsxHc1j6daZPMaJ51cDVc56raHCdnfgcfhtb0y+OIYvGD72mN7ie2pcpqtL eN4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Kv0qXianjgxGg39Jv0L+TDQ2QR47zY1TQNpfW3pv4mQ=; b=B1jXgnpqZ6FcEcwD8TOrgQTewZyHJbxBI5INyS6JErSeHOwKNgDVXgYfsIKXP1Tgd2 9Di+/4gqgNnpK3VI8tH52wX5eslqt8zFjBal1P1pY6yvT/OMPUd/k1gGdSjXJLstolwU tmDoUYuV3NQPmR27y5/aKt8tCFm3yMHM6B150k/o3IpM/gCjcjVhT0kGTp+aFgkNCLz0 YO4jAPHdclJrvOD9bH6qxFoMeltbKDzZap/bAaIBQB0b2/QNy7wXAC7pyeofp2mR/aQr kYIvtfXbN4/Hss8FBpkC6g8LiBkHHNjUcCz8MDiUVilJOPbOCU+31/lmYuMy0KLFVzXQ tabA== X-Gm-Message-State: AOAM533rhouz1ukfCsH97xFGDFgiGfEytTM1mmGI0nopJGPbd9GiF9UW Ln1KQbb04rt4DYRT6Y/LF3BNXO+pr4KzljpywwJTHw== X-Received: by 2002:a05:620a:6c3:: with SMTP id 3mr21757425qky.501.1628501073849; Mon, 09 Aug 2021 02:24:33 -0700 (PDT) MIME-Version: 1.0 References: <0000000000007db08f05c79fc81f@google.com> In-Reply-To: From: Dmitry Vyukov Date: Mon, 9 Aug 2021 11:24:22 +0200 Message-ID: Subject: Re: [syzbot] INFO: task hung in sys_io_destroy To: Jeff Moyer Cc: syzbot , bcrl@kvack.org, linux-aio@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 6 Aug 2021 at 22:39, Jeff Moyer wrote: > > syzbot writes: > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 1d67c8d993ba Merge tag 'soc-fixes-5.14-1' of git://git.ker.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=11b40232300000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=f1b998c1afc13578 > > dashboard link: https://syzkaller.appspot.com/bug?extid=d40a01556c761b2cb385 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12453812300000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11225922300000 > > > > Bisection is inconclusive: the issue happens on the oldest tested release. > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127cac6a300000 > > final oops: https://syzkaller.appspot.com/x/report.txt?x=117cac6a300000 > > console output: https://syzkaller.appspot.com/x/log.txt?x=167cac6a300000 > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+d40a01556c761b2cb385@syzkaller.appspotmail.com > > > > INFO: task syz-executor299:8807 blocked for more than 143 seconds. > > Not tainted 5.14.0-rc1-syzkaller #0 > > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > > task:syz-executor299 state:D stack:29400 pid: 8807 ppid: 8806 flags:0x00000000 > > Call Trace: > > context_switch kernel/sched/core.c:4683 [inline] > > __schedule+0x93a/0x26f0 kernel/sched/core.c:5940 > > schedule+0xd3/0x270 kernel/sched/core.c:6019 > > schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1854 > > do_wait_for_common kernel/sched/completion.c:85 [inline] > > __wait_for_common kernel/sched/completion.c:106 [inline] > > wait_for_common kernel/sched/completion.c:117 [inline] > > wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 > > __do_sys_io_destroy fs/aio.c:1402 [inline] > > __se_sys_io_destroy fs/aio.c:1380 [inline] > > __x64_sys_io_destroy+0x17e/0x1e0 fs/aio.c:1380 > > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x44/0xae > > The reproducer is creating a thread, issuing a IOCB_CMD_PREAD from a > pipe in that thread, and then calling io_destroy from another thread. > Because there is no writer on the other end of the pipe, the read will > block. Note that it also is not submitted asynchronously, as that's not > supported. > > io_destroy is "hanging" because it's waiting for the read to finish. If > the read thread is killed, cleanup happens as usual. I'm not sure I > could classify this as a kernel bug. Hi Jeff, Thanks for looking into this. I suspect the reproducer may create a fork bomb that DoSed the kernel so that it can't make progress for 140 seconds. FTR, I've added it to https://github.com/google/syzkaller/issues/498#issuecomment-895071514 to take a closer look.