Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp671427rwi;
        Mon, 10 Oct 2022 05:55:26 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM4w+FUz/Z90yb/BV3jvCo7D8uslCB5oIHO3HZJTEFhjguEAqcrU9KgFIpN+NIgmVYIM8gVt
X-Received: by 2002:a05:6a00:15c9:b0:541:1767:4ce2 with SMTP id o9-20020a056a0015c900b0054117674ce2mr19293662pfu.30.1665406526650;
        Mon, 10 Oct 2022 05:55:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665406526; cv=none;
        d=google.com; s=arc-20160816;
        b=KY4A8Bq4MoYNmqnz0wM+dW6S8R/Qp7Q4mb2ZZa6FVLH+1MJBKdorcfjSqV0eDeEf07
         KpPzcoLX0JghpWwHCERccGc40lksT/z6j90371lh9LGSiVA9EgKi5qcqasY009Wliik4
         qxbIYRt/18XhUy8eOYU3CCBKKEJZkRP5ur2A4vJ/YDtBg3d961pTHk7zPMojwoisSZso
         A3Iz6xCCr+xy0XtAs2Cbv5JjOuuK+3AfdQBzJfLJadPZkUKphWZpawZrWOnE/So8SS3M
         DBeH5tKk9Ash54gVy8IwUZnGU+Um86ZGymy5RBldMsL1QQvxiiAHZrRM3/tvj/sNa4qT
         M1xQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version
         :dkim-signature;
        bh=F1ZctX6XDmO3TswyeHBG/Q26Ppmm5MVYMtNhscdLU40=;
        b=BJ4NfeLfNTaNDxwIcMgcFjvpQv1l+STZ1nIiKTAtP2og9/Y0nY+gsBPQQCJV3lQXng
         39Yh1pqSP52w16LhxFSBbbsXpkRZqo/td4aAFx/JpIb8BNNKaE2SEk7z6ST6FBtLPeQU
         T8QtJGFdSk7VQg7XcpOBJT7UPpg4DCSIyCvtDE6Oc7TLqwu4FMBpfqf4ow82ZaVgNdSs
         nZ4JaX3xc+vT45ZEWBwZj/klyVlvKE9iQjbufUHYL97rDcTd68OgLHtPm4wx6rFO92n8
         ViF0nI9GNZANmkeJASaxq7QZxL6ul9LmtVVhWac0TVrwO4TH23itWSw5QIPb3cEFEt+6
         z0CQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=m0RAaSsg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i2-20020a17090acf8200b0020982a8dbf2si11666425pju.96.2022.10.10.05.55.14;
        Mon, 10 Oct 2022 05:55:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=m0RAaSsg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230166AbiJJMmj (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Mon, 10 Oct 2022 08:42:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47016 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229827AbiJJMmh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Oct 2022 08:42:37 -0400
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57A0550F97;
        Mon, 10 Oct 2022 05:42:36 -0700 (PDT)
Received: by mail-ej1-x62b.google.com with SMTP id q9so20087132ejd.0;
        Mon, 10 Oct 2022 05:42:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=F1ZctX6XDmO3TswyeHBG/Q26Ppmm5MVYMtNhscdLU40=;
        b=m0RAaSsgDpVjL7zYC56uy68TGt3WWpOTzFm4ianTg8+q2uOqWyubb99P6NLVDkCmNZ
         X/kZIpjYlGR2Tv76D3wokM+t7MwXZ3EsRuQrpqwwaiSdvIxOLdXu5UtS8w32jM2uutxE
         enTTbflfoRRf53M4cUb4hWvnPKfpI3pPjabO11wnnGO+1ouiT1EVd5EiszK5Tbu+jgi2
         /L9v2p+w3Hca9Mcp4abS0XdNEj4y/QDVYfVsqHisAxMqMCqp24iijF4aU2VftaEohNsa
         A1cLas6Q5akos8p7ouiDgijJBDnrbKr42xIPCyhPTe6fafjLg2Gm4cHZPJQUPdQb7RfP
         Q7DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=F1ZctX6XDmO3TswyeHBG/Q26Ppmm5MVYMtNhscdLU40=;
        b=YbzkNzDfrJUyOs/X8mi3mHKuEStkwJ9VJ/dp2YgdXBD8dxsNOZlSigwRgwdKHpH/sF
         iBsNon+8X6fuYm/V+Emv9a5klkzb9o6MH96fnXX2aHyzvwXSDYuRaTPQ/hlpEcBlt8nx
         LFbGXwJJ2kloIWS7e+P6Awy7ByGpr/RkMdExqjJ0Pye4xcHnzJbCeXPbFxIYOs/FbuGp
         xWbTEosvbNVfm44OjjcKjN/5bj82fXZEFJvgfoqveZLoS+/pjy4Yv0aNvlBAVBYWWSbk
         f+/rWiASUb1HosBVj0ab/+J1LlsmN4m12OmJ75DJxMwhxIFNSivatOMHrxgam6f8urIc
         Apjg==
X-Gm-Message-State: ACrzQf0pT7vlM4/pOSK69RYLLt57nX3qYhdZaytxbu1bidEYkgyX9pzo
        hTOlOE8YdNKQ5BshBRCq+LTN8MugPpfaRet728NtfS+BMfI=
X-Received: by 2002:a17:907:948f:b0:78b:5a89:a23e with SMTP id
 dm15-20020a170907948f00b0078b5a89a23emr14716796ejc.421.1665405754508; Mon, 10
 Oct 2022 05:42:34 -0700 (PDT)
MIME-Version: 1.0
From:   Wei Chen <harperchen1110@gmail.com>
Date:   Mon, 10 Oct 2022 20:41:59 +0800
Message-ID: <CAO4mrffiwEOr2tC+LXnjzP7QZ56M+V3o87K43Y7m6-rvHfwjwA@mail.gmail.com>
Subject: BUG: corrupted list in io_poll_task_func
To:     asml.silence@gmail.com, axboe@kernel.dk, io-uring@vger.kernel.org
Cc:     linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
        FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Dear Linux Developer,

Recently when using our tool to fuzz kernel, the following crash was triggered:

HEAD commit: c5eb0a61238d Linux 5.18-rc6
git tree: upstream
compiler: clang 12.0.0
console output:
https://drive.google.com/file/d/1Obzlp9wrLFx9BogwmOHhmnQqyMYa2z_k/view?usp=sharing
kernel config: https://drive.google.com/file/d/12fNP5UArsFqTi2jjGomWuCk5evtgU0Gu/view?usp=sharing

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: Wei Chen <harperchen1110@gmail.com>

list_del corruption. prev->next should be ffff88810ec0ae30, but was
ffff888114119218. (prev=ffff888114119218)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 20805 Comm: iou-sqp-20802 Not tainted 5.18.0-rc6 #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:__list_del_entry_valid+0xa7/0xc0
Code: 48 c7 c7 54 12 3f 83 4c 89 fe 48 89 da 31 c0 e8 89 e0 21 01 0f
0b 48 c7 c7 6f d7 48 83 4c 89 fe 4c 89 e1 31 c0 e8 73 e0 21 01 <0f> 0b
48 c7 c7 17 b4 42 83 4c 89 fe 4c 89 f1 31 c0 e8 5d e0 21 01
RSP: 0018:ffffc900026dbb58 EFLAGS: 00010046
RAX: 000000000000006d RBX: dead000000000122 RCX: 6101d1e720e71900
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88810ec0ae08 R08: ffffffff8115f303 R09: 0000000000000000
R10: 0001ffffffffffff R11: 000188813bc1b460 R12: ffff888114119218
R13: ffff88810ec0ae00 R14: ffff888114119218 R15: ffff88810ec0ae30
FS:  00007f1e57534700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1e574afdb8 CR3: 00000001394b3000 CR4: 0000000000750ef0
DR0: 0000000020000140 DR1: 0000000020000440 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
 <TASK>
 io_poll_task_func+0x1ca/0x4f0
 tctx_task_work+0x808/0xae0
 task_work_run+0x8e/0x110
 get_signal+0x13c6/0x1520
 io_sq_thread+0x382/0xbd0
 ret_from_fork+0x1f/0x30
 </TASK>
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid+0xa7/0xc0
Code: 48 c7 c7 54 12 3f 83 4c 89 fe 48 89 da 31 c0 e8 89 e0 21 01 0f
0b 48 c7 c7 6f d7 48 83 4c 89 fe 4c 89 e1 31 c0 e8 73 e0 21 01 <0f> 0b
48 c7 c7 17 b4 42 83 4c 89 fe 4c 89 f1 31 c0 e8 5d e0 21 01
RSP: 0018:ffffc900026dbb58 EFLAGS: 00010046
RAX: 000000000000006d RBX: dead000000000122 RCX: 6101d1e720e71900
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88810ec0ae08 R08: ffffffff8115f303 R09: 0000000000000000
R10: 0001ffffffffffff R11: 000188813bc1b460 R12: ffff888114119218
R13: ffff88810ec0ae00 R14: ffff888114119218 R15: ffff88810ec0ae30
FS:  00007f1e57534700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1e574afdb8 CR3: 00000001394b3000 CR4: 0000000000750ef0
DR0: 0000000020000140 DR1: 0000000020000440 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
PKRU: 55555554

Best,
Wei