Re: [PATCH v3] ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data
From: Niklas Cassel
Date: Mon Oct 21 2024 - 11:20:26 EST
On Mon, Oct 21, 2024 at 02:07:21PM +0200, Niklas Cassel wrote:
> Hello Yi Lai,
>
> On Mon, Oct 21, 2024 at 06:58:59PM +0800, Lai, Yi wrote:
> > Hi Niklas Cassel,
> >
> > Greetings!
> >
> > I used Syzkaller and found that there is INFO: task hung in blk_mq_get_tag in v6.12-rc3
> >
> > After bisection and the first bad commit is:
> > "
> > e5dd410acb34 ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data
> > "
>
> It might be that your bisection results are accurate.
>
> However, after looking at the stacktraces, I find it way more likely that
> bisection has landed on the wrong commit.
>
> See this series that was just queued (for 6.13) a few days ago that solves a
> similar starvation:
> https://lore.kernel.org/linux-block/20241014092934.53630-1-songmuchun@xxxxxxxxxxxxx/
> https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/log/?h=for-6.13/block
>
> You could perhaps run with v6.14-rc4 (which should be able to trigger the bug)
> and then try v6.14-rc4 + that series applied, to see if you can still trigger
> the bug?
Another patch that might be relevant:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e972b08b91ef48488bae9789f03cfedb148667fb
Which fixes a use after delete in rq_qos_wake_function().
(We can see that the stack trace has rq_qos_wake_function() before
getting stuck forever in rq_qos_wait())
Who knows what could go wrong when accessing a deleted entry, in the
report there was a crash, but I could image other surprises :)
The fix was first included in v6.12-rc4.
Kind regards,
Niklas