Re: [syzbot] [io-uring?] WARNING in io_pin_pages

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+2159cbb522b02847c053@syzkaller.appspotmail.com>
To: asml.silence@gmail.com, axboe@kernel.dk,
	io-uring@vger.kernel.org,  linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [io-uring?] WARNING in io_pin_pages
Date: Mon, 25 Nov 2024 15:34:01 -0800	[thread overview]
Message-ID: <67450969.050a0220.1286eb.0006.GAE@google.com> (raw)
In-Reply-To: <4db729f9-eece-4732-8d6d-405a997ed35c@gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in io_pin_pages

------------[ cut here ]------------
WARNING: CPU: 0 PID: 6625 at io_uring/memmap.c:146 io_pin_pages+0x149/0x180 io_uring/memmap.c:146
Modules linked in:
CPU: 0 UID: 0 PID: 6625 Comm: syz.0.15 Not tainted 6.12.0-rc4-syzkaller-00087-g9788f6363f9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:io_pin_pages+0x149/0x180 io_uring/memmap.c:146
Code: 63 fd 4c 89 f8 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 0a f9 e8 fc 90 0f 0b 90 49 c7 c7 ea ff ff ff eb de e8 f8 f8 e8 fc 90 <0f> 0b 90 49 c7 c7 b5 ff ff ff eb cc 44 89 f1 80 e1 07 80 c1 03 38
RSP: 0018:ffffc90002ee7c10 EFLAGS: 00010293
RAX: ffffffff84abe228 RBX: fff0000000000091 RCX: ffff88806d4c9e00
RDX: 0000000000000000 RSI: fff0000000000091 RDI: 000000007fffffff
RBP: 000ffffffffffff0 R08: ffffffff84abe12e R09: 1ffff1100f98b260
R10: dffffc0000000000 R11: ffffed100f98b261 R12: ffffffffffff0000
R13: ffffffffffff0000 R14: ffffc90002ee7c80 R15: 1ffff110024de520
FS:  00007f3e6a15a6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3255ffff CR3: 00000000339f8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:185
 io_rings_map io_uring/io_uring.c:2632 [inline]
 io_allocate_scq_urings+0x212/0x710 io_uring/io_uring.c:3491
 io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3713
 io_uring_setup io_uring/io_uring.c:3802 [inline]
 __do_sys_io_uring_setup io_uring/io_uring.c:3829 [inline]
 __se_sys_io_uring_setup+0x2ba/0x330 io_uring/io_uring.c:3823
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3e6937e759
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3e6a159fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
RAX: ffffffffffffffda RBX: 00007f3e69535f80 RCX: 00007f3e6937e759
RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000002c0c
RBP: 0000000020000400 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000002c0c R15: 0000000000000000
 </TASK>


Tested on:

commit:         9788f636 io_uring: sanitise nr_pages for SQ/CQ
git tree:       https://github.com/isilence/linux.git syz/sanitise-cqsq
console output: https://syzkaller.appspot.com/x/log.txt?x=1040e778580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f0635751ca15fb7a
dashboard link: https://syzkaller.appspot.com/bug?extid=2159cbb522b02847c053
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

next prev parent reply	other threads:[~2024-11-25 23:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-22 10:51 [syzbot] [io-uring?] WARNING in io_pin_pages syzbot
2024-11-22 15:02 ` Pavel Begunkov
2024-11-25 23:10   ` Pavel Begunkov
2024-11-25 23:34     ` syzbot [this message]
2024-11-26  0:33       ` Pavel Begunkov
2024-11-26  8:21         ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67450969.050a0220.1286eb.0006.GAE@google.com \
    --to=syzbot+2159cbb522b02847c053@syzkaller.appspotmail.com \
    --cc=asml.silence@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=io-uring@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.