On 8/23/21 6:30 AM, Pavel Begunkov wrote: > WARNING: CPU: 1 PID: 5870 at fs/io_uring.c:5975 io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 > CPU: 0 PID: 5870 Comm: iou-wrk-5860 Not tainted 5.14.0-rc6-next-20210820-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > RIP: 0010:io_try_cancel_userdata+0x30f/0x540 fs/io_uring.c:5975 > Call Trace: > io_async_cancel fs/io_uring.c:6014 [inline] > io_issue_sqe+0x22d5/0x65a0 fs/io_uring.c:6407 > io_wq_submit_work+0x1dc/0x300 fs/io_uring.c:6511 > io_worker_handle_work+0xa45/0x1840 fs/io-wq.c:533 > io_wqe_worker+0x2cc/0xbb0 fs/io-wq.c:582 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 > > io_try_cancel_userdata() can be called from io_async_cancel() executing > in the io-wq context, so the warning fires, which is there to alert > anyone accessing task->io_uring->io_wq in a racy way. However, > io_wq_put_and_exit() always first waits for all threads to complete, > so the only detail left is to zero tctx->io_wq after the context is > removed. > > note: one little assumption is that when IO_WQ_WORK_CANCEL, the executor > won't touch ->io_wq, because io_wq_destroy() might cancel left pending > requests in such a way. Applied, thanks. -- Jens Axboe
