Re: Re: KASAN: soft lockup in paste_selection

From: Qiumiao Zhang
Date: Mon May 15 2023 - 03:26:39 EST

Next message: Kent Overstreet: "Re: [PATCH 07/32] mm: Bring back vmalloc_exec"
Previous message: Linus Walleij: "Re: [PATCH v2] gpio: gpiolib: clear the array_info's memory space"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: KASAN: soft lockup in paste_selection"
Next in thread: Greg KH: "Re: Re: KASAN: soft lockup in paste_selection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 12, 2023 at 11:33:26AM +0000, gregkh wrote:
>> Hello,
>>
>> We found the following issue using syzkaller on Linux v5.10.0.
>
> 5.10.0 is very old and obsolete and over 20 thousand patches old.
> Please, if you are testing LTS kernels, use the latest one.
>
>> A similar issue was found in function `paste_selection` before and I
>> believe they are the same.
>> (https://lore.kernel.org/all/000000000000fe769905d315a1b7@xxxxxxxxxx/)
>>
>> Unfortunately, no one seems to be paying attention to this issue.
>
> Do you have a proposed patch for this fix now that you have a way to reproduce this? Do you see this in real situations or only in > fault-injection systems running syzbot?
>
> And can you reproduce this on 6.4-rc1? Do you have a reproducer?
>
> thanks,
>
> greg k-h

I see this issue only in fault-injection systems running syzbot. And I can reproduce this on 6.4-rc1.
HEAD commit: ac9a78681b92 Linux 6.4-rc1
git tree: upstream
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c3bc25b00000

I am trying to analyze this issue, but I don't have any suggestions at the moment.

The brief report is below:
========================================================
INFO: task kworker/u16:5:67 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u16:5 state:D stack:0 pid:67 ppid:2 flags:0x00004000
Workqueue: events_unbound flush_to_ldisc
Call Trace:
<TASK>
__schedule+0x281/0x840
? update_load_avg+0x7e/0x740
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? _raw_spin_unlock+0xe/0x30
flush_to_ldisc+0x2a/0x190
process_one_work+0x1e5/0x3f0
worker_thread+0x4d/0x2f0
? __pfx_worker_thread+0x10/0x10
kthread+0xe5/0x120
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2c/0x50
</TASK>
INFO: task a.out:8707 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8707 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8713 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8713 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8842 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8842 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8843 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8843 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8851 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8851 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8858 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8858 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8861 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8861 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8868 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8868 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
INFO: task a.out:8997 blocked for more than 122 seconds.
Not tainted 6.4.0-rc1 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:a.out state:D stack:0 pid:8997 ppid:1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x281/0x840
schedule+0x5e/0xd0
schedule_preempt_disabled+0x15/0x30
__mutex_lock.constprop.0+0x357/0x6a0
? prb_read_valid+0x1b/0x30
paste_selection+0x97/0x1d0
? __pfx_default_wake_function+0x10/0x10
tty_ioctl+0x2cd/0x750
__x64_sys_ioctl+0x8f/0xc0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f670550677d
RSP: 002b:00007f67057dedf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f67057df640 RCX: 00007f670550677d
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00007f67057dee20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67057df640
R13: 0000000000000000 R14: 00007f670548b170 R15: 00007ffc74714c40
</TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings

With Best Regards,

Qiumiao Zhang

Next message: Kent Overstreet: "Re: [PATCH 07/32] mm: Bring back vmalloc_exec"
Previous message: Linus Walleij: "Re: [PATCH v2] gpio: gpiolib: clear the array_info's memory space"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: KASAN: soft lockup in paste_selection"
Next in thread: Greg KH: "Re: Re: KASAN: soft lockup in paste_selection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]