lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CACkBjsZE4=ErfsT7z=MDfCKEsafZ23BG-uCST1bT_HT_3NSMLA@mail.gmail.com>
Date:   Tue, 14 Sep 2021 11:01:02 +0800
From:   Hao Sun <sunhao.th@...il.com>
To:     Pavel Begunkov <asml.silence@...il.com>
Cc:     Jens Axboe <axboe@...nel.dk>, io-uring@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: INFO: task hung in io_uring_cancel_generic

Pavel Begunkov <asml.silence@...il.com> 于2021年9月13日周一 下午4:30写道:
>
> On 9/13/21 3:26 AM, Hao Sun wrote:
> > Hi
> >
> > Healer found a C reproducer for this crash ("INFO: task hung in
> > io_ring_exit_work").
> >
> > HEAD commit: 4b93c544e90e-thunderbolt: test: split up test cases
> > git tree: upstream
> > console output:
> > https://drive.google.com/file/d/1NswMU2yMRTc8-EqbZcVvcJejV92cuZIk/view?usp=sharing
> > kernel config: https://drive.google.com/file/d/1c0u2EeRDhRO-ZCxr9MP2VvAtJd6kfg-p/view?usp=sharing
> > C reproducer: https://drive.google.com/file/d/170wk5_T8mYDaAtDcrdVi2UU9_dW1894s/view?usp=sharing
> > Syzlang reproducer:
> > https://drive.google.com/file/d/1eo-jAS9lncm4i-1kaCBkexrjpQHXboBq/view?usp=sharing
> >
> > If you fix this issue, please add the following tag to the commit:
> > Reported-by: Hao Sun <sunhao.th@...il.com>
>
> I don't see the repro using io_uring at all. Can it be because of
> the delay before the warning shows itself? 120 secs, this appeared
> after 143.
>

I think the crash was most likely fixed. Here is what I've done.
First, I re-run the whole execution history
(https://drive.google.com/file/d/1NswMU2yMRTc8-EqbZcVvcJejV92cuZIk/view?usp=sharing)
with `syz-repro` on  latest kernel (6880fa6c5660 Linux 5.15-rc1). The
kernel did not crash at all.
Then, I re-run the history on the original version of the kernel
(4b93c544e90e-thunderbolt: test: split up test cases). It crashed and
task hang happened but with a different location
("io_wq_submit_work").
Since `syz-repro` is smart enough and will give prog enough timeout to
be executed when the crash type is `Hang` (see
https://github.com/google/syzkaller/blob/master/pkg/repro/repro.go#L98),
the delay before a warning can be handled properly.

However, I'll still keep track of this crash since it was still not
reproduced yet.

> [...]

>
> --
> Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ