hulk inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9318 -------------------------------- Syzkaller report a following issue: watchdog: BUG: soft lockup - CPU#0 stuck for 109s! [syz.0.555:3563] Modules linked in: CPU: 0 PID: 3563 Comm: syz.0.555 Not tainted 6.6.0+ #80 RIP: 0010:consumer_del kernel/events/uprobes.c:789 [inline] RIP: 0010:__uprobe_unregister+0x9e/0x260 kernel/events/uprobes.c:1107 RSP: 0018:ffff888143a47a58 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffffc900156aaf78 RCX: ffffffffa7128384 RDX: 1ffff92002ad55ef RSI: 0000000000000008 RDI: ffff888120c1e050 RBP: ffffc90015504a20 R08: 0000000000000001 R09: ffffed1024183c0a R10: ffff888120c1e057 R11: ffff888100e3a058 R12: dffffc0000000000 R13: ffff888120c1e000 R14: ffffc900156aaf20 R15: ffff888120c1e080 FS: 0000000000000000(0000) GS:ffff8881e1400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd57aa2048 CR3: 000000021a742006 CR4: 0000000000770ef0 PKRU: 80000000 Call Trace: <TASK> uprobe_unregister+0x62/0x90 kernel/events/uprobes.c:1131 bpf_uprobe_unregister kernel/trace/bpf_trace.c:3082 [inline] bpf_uprobe_multi_link_release+0xd5/0x1f0 kernel/trace/bpf_trace.c:3092 bpf_link_free+0x16b/0x2c0 kernel/bpf/syscall.c:2929 bpf_link_put_direct kernel/bpf/syscall.c:2969 [inline] bpf_link_release+0x68/0x80 kernel/bpf/syscall.c:2976 __fput+0x408/0xab0 fs/file_table.c:384 task_work_run+0x154/0x240 kernel/task_work.c:245 exit_task_work include/linux/task_work.h:45 [inline] do_exit+0x813/0x1140 kernel/exit.c:882 do_group_exit+0xcd/0x280 kernel/exit.c:1023 get_signal+0x185b/0x1910 kernel/signal.c:2908 arch_do_signal_or_restart+0x83/0x3b0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x20b/0x220 kernel/entry/common.c:218 do_syscall_64+0x66/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The reason is that syzkaller attempts to unregister 287088 uprobes when CONFIG_PREEMPT_NONE. Let's add cond_resched to avoid soft lockup in bpf_uprobe_unregister. Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Signed-off-by: Pu Lehui <pulehui@huawei.com> --- kernel/trace/bpf_trace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 768159fad93c..435f078782e2 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3077,6 +3077,7 @@ static void bpf_uprobe_unregister(struct path *path, struct bpf_uprobe *uprobes, for (i = 0; i < cnt; i++) { uprobe_unregister(d_real_inode(path->dentry), uprobes[i].offset, &uprobes[i].consumer); + cond_resched(); } } -- 2.34.1