Re: Linux 5.10.125

From: Jens Axboe
Date: Sun Jun 26 2022 - 20:04:17 EST


On 6/26/22 4:56 PM, Greg Thelen wrote:
> Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
>> I'm announcing the release of the 5.10.125 kernel.
>>
>> All users of the 5.10 kernel series must upgrade.
>>
>> The updated 5.10.y git tree can be found at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y
>> and can be browsed at the normal kernel.org git web browser:
>> https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
>>
>> thanks,
>>
>> greg k-h
>>
>> ------------
>>
>> Makefile | 2
>> arch/arm64/mm/cache.S | 2
>> arch/s390/mm/pgtable.c | 2
>> drivers/tty/serial/serial_core.c | 34 ++++--------
>> drivers/usb/gadget/function/u_ether.c | 11 +++-
>> fs/io_uring.c | 23 +++++---
>> fs/zonefs/super.c | 92 ++++++++++++++++++++++------------
>> net/ipv4/inet_hashtables.c | 31 ++++++++---
>> 8 files changed, 122 insertions(+), 75 deletions(-)
>>
>> Christian Borntraeger (1):
>> s390/mm: use non-quiescing sske for KVM switch to keyed guest
>>
>> Damien Le Moal (1):
>> zonefs: fix zonefs_iomap_begin() for reads
>>
>> Eric Dumazet (1):
>> tcp: add some entropy in __inet_hash_connect()
>>
>> Greg Kroah-Hartman (1):
>> Linux 5.10.125
>>
>> Jens Axboe (1):
>> io_uring: add missing item types for various requests
>>
>> Lukas Wunner (1):
>> serial: core: Initialize rs485 RTS polarity already on probe
>>
>> Marian Postevca (1):
>> usb: gadget: u_ether: fix regression in setting fixed MAC address
>>
>> Will Deacon (1):
>> arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer
>>
>> Willy Tarreau (5):
>> tcp: use different parts of the port_offset for index and offset
>> tcp: add small random increments to the source port
>> tcp: dynamically allocate the perturb table used by source ports
>> tcp: increase source port perturb table to 2^16
>> tcp: drop the hash_32() part from the index calculation
>
> 5.10.125 commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 ("io_uring: add
> missing item types for various requests") causes panic when running
> test/iopoll.t from https://github.com/axboe/liburing commit
> dda4848a9911120a903bef6284fb88286f4464c9 (liburing-2.2).
>
> Here's a manually annotated panic message:
> [ 359.047161] list_del corruption, ffffa42098824f80->next is LIST_POISON1 (dead000000000100)
> [ 359.055393] kernel BUG at lib/list_debug.c:47!
> [ 359.059786] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
> [ 359.065463] CPU: 11 PID: 15862 Comm: iopoll.t Tainted: G S I 5.10.124 #1
> [ 359.081804] RIP: 0010:__list_del_entry_valid+0x49/0x80
> [ 359.086880] Code: c2 22 48 39 d1 74 25 48 8b 11 48 39 f2 75 2d 48 8b 50 08 48 39 f2 75 34 b0 01 5d c3 48 c7 c7 68 15 79 b1 31 c0 e8 c5 a2 5a 00 <0f> 0b 48 c7 c7 d8 8e 76 b1 31 c0 e8 b5 a2 5a 00 0f 0b 48 c7 c7 69
> [ 359.105431] RSP: 0018:ffffb6b66785bd58 EFLAGS: 00010046
> [ 359.110592] RAX: 000000000000004e RBX: ffffa42098824f00 RCX: d07284ea1fbba400
> [ 359.117642] RDX: ffffa43f7f4f05b8 RSI: ffffa43f7f4dff48 RDI: ffffa43f7f4dff48
> [ 359.124691] RBP: ffffb6b66785bd58 R08: 0000000000000000 R09: ffffffffb1f38540
> [ 359.131740] R10: 00000000ffff7fff R11: 0000000000000000 R12: 0000000000000282
> [ 359.138789] R13: ffffb6b66785beb8 R14: ffffa42095d33e00 R15: ffffa420937e3d20
> [ 359.145836] FS: 00000000004f8380(0000) GS:ffffa43f7f4c0000(0000) knlGS:0000000000000000
> [ 359.153830] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 359.159506] CR2: 0000000000539388 CR3: 000000027b57c006 CR4: 00000000003706e0
> [ 359.166552] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 359.173600] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 359.180647] Call Trace:
> [ 359.183064] io_dismantle_req+0x1da/0x2b0
> __list_del_entry [include/linux/list.h:132]
> list_del [include/linux/list.h:146]
> io_req_drop_files [fs/io_uring.c:5934]
> io_req_clean_work [fs/io_uring.c:1315]
> io_dismantle_req [fs/io_uring.c:1911]
> [ 359.187023] io_do_iopoll+0x4e5/0x790
> [ 359.194602] __se_sys_io_uring_enter+0x39b/0x6f0
> [ 359.208318] __x64_sys_io_uring_enter+0x29/0x30
> [ 359.212793] do_syscall_64+0x31/0x40
> [ 359.216324] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Well that sucks, I wonder why mine didn't fail like that. I'll see if I
can hit this and send a fix. Thanks for reporting!

--
Jens Axboe