On 2018/06/04 20:46, Dmitry Vyukov wrote: > On Fri, Jun 1, 2018 at 12:10 PM, Tetsuo Handa > <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: >> Tetsuo Handa wrote: >>> Since sum of percpu_count did not change after percpu_ref_kill(), this is >>> not a race condition while folding percpu counter values into atomic counter >>> value. That is, for some reason, someone who is responsible for calling >>> percpu_ref_put(&q->q_usage_counter) (presumably via blk_queue_exit()) is >>> unable to call percpu_ref_put(). >>> But I don't know how to find someone who is failing to call percpu_ref_put()... >> >> I found the someone. It was already there in the backtrace... > > Nice! > > Do I understand it correctly that this bug is probably the root cause > of a whole lot of syzbot "task hung" reports? E.g. this one too? > https://syzkaller.appspot.com/bug?id=cdc4add60bb95a4da3fec27c5fe6d75196b7f976 > I guess we will need to sweep close everything related to > filesystems/block devices when this is committed? > I can't tell it. We still have lockdep warning for loop module. Also, I suspect that hung tasks waiting for page bit might be related to binder module. Since we are about to merge "kernel/hung_task.c: show all hung tasks before panic" patch, we might be able to get more hints after 4.18-rc1.
