Re: [syzbot] INFO: task hung in vhost_work_dev_flush
On Mon, Feb 21, 2022 at 09:23:04PM +0530, Anirudh Rayabharam wrote: > On Mon, Feb 21, 2022 at 03:12:33PM +0100, Stefano Garzarella wrote: > > #syz test: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ > > f71077a4d84b > > > > Patch sent upstream: > > https://lore.kernel.org/virtualization/20220221114916.107045-1-sgarz...@redhat.com/T/#u > > I don't see how your patch fixes this issue. It looks unrelated. It is > surprising that syzbot is happy with it. > > I have sent a patch for this issue here: > https://lore.kernel.org/lkml/20220221072852.31820-1-m...@anirudhrb.com/ I wasted so much time trying to figure out what this patch fixes. :P (It doesn't fix anything). regards, dan carpenter ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [syzbot] INFO: task hung in vhost_work_dev_flush
On Mon, Feb 21, 2022 at 09:23:04PM +0530, Anirudh Rayabharam wrote: On Mon, Feb 21, 2022 at 03:12:33PM +0100, Stefano Garzarella wrote: #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ f71077a4d84b Patch sent upstream: https://lore.kernel.org/virtualization/20220221114916.107045-1-sgarz...@redhat.com/T/#u I don't see how your patch fixes this issue. It looks unrelated. It is surprising that syzbot is happy with it. I have sent a patch for this issue here: https://lore.kernel.org/lkml/20220221072852.31820-1-m...@anirudhrb.com/ It is related because the worker thread is accessing the iotlb that is going to be freed, so it could be corrupted/invalid. Your patch seems right, but simply prevents iotlb from being set for the the specific test case, so it remains NULL and iotlb_access_ok() exits immediately. Anyway, currently if nregions is 0 vhost_set_memory() sets an iotlb with no regions (the for loop is not executed), so I'm not sure iotlb_access_ok() cycles infinitely. Stefano ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [syzbot] INFO: task hung in vhost_work_dev_flush
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ f71077a4d84b Patch sent upstream: https://lore.kernel.org/virtualization/20220221114916.107045-1-sgarz...@redhat.com/T/#u On Sat, Feb 19, 2022 at 12:23 AM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit:e6251ab4551f Merge tag 'nfs-for-5.17-2' of git://git.linux.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=163caa3c70 > kernel config: https://syzkaller.appspot.com/x/.config?x=266de9da75c71a45 > dashboard link: https://syzkaller.appspot.com/bug?extid=0abd373e2e50d704db87 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils > for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108514a470 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16ca671c70 > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+0abd373e2e50d704d...@syzkaller.appspotmail.com > > INFO: task syz-executor117:3632 blocked for more than 143 seconds. > Not tainted 5.17.0-rc3-syzkaller-00029-ge6251ab4551f #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:syz-executor117 state:D stack:27512 pid: 3632 ppid: 3631 > flags:0x4002 > Call Trace: > > context_switch kernel/sched/core.c:4986 [inline] > __schedule+0xab2/0x4db0 kernel/sched/core.c:6295 > schedule+0xd2/0x260 kernel/sched/core.c:6368 > schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 > do_wait_for_common kernel/sched/completion.c:85 [inline] > __wait_for_common kernel/sched/completion.c:106 [inline] > wait_for_common kernel/sched/completion.c:117 [inline] > wait_for_completion+0x174/0x270 kernel/sched/completion.c:138 > vhost_work_dev_flush.part.0+0xbb/0xf0 drivers/vhost/vhost.c:243 > vhost_work_dev_flush drivers/vhost/vhost.c:238 [inline] > vhost_poll_flush+0x5e/0x80 drivers/vhost/vhost.c:252 > vhost_vsock_flush drivers/vhost/vsock.c:710 [inline] > vhost_vsock_dev_release+0x1be/0x4b0 drivers/vhost/vsock.c:757 > __fput+0x286/0x9f0 fs/file_table.c:311 > task_work_run+0xdd/0x1a0 kernel/task_work.c:164 > exit_task_work include/linux/task_work.h:32 [inline] > do_exit+0xb29/0x2a30 kernel/exit.c:806 > do_group_exit+0xd2/0x2f0 kernel/exit.c:935 > __do_sys_exit_group kernel/exit.c:946 [inline] > __se_sys_exit_group kernel/exit.c:944 [inline] > __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:944 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x7fbf04b83b89 > RSP: 002b:7fff5bc9ca18 EFLAGS: 0246 ORIG_RAX: 00e7 > RAX: ffda RBX: 7fbf04bf8330 RCX: 7fbf04b83b89 > RDX: 003c RSI: 00e7 RDI: > RBP: R08: ffc0 R09: 7fff5bc9cc08 > R10: 7fff5bc9cc08 R11: 0246 R12: 7fbf04bf8330 > R13: 0001 R14: R15: 0001 > > > Showing all locks held in the system: > 1 lock held by khungtaskd/26: > #0: 8bb83c20 (rcu_read_lock){}-{1:2}, at: > debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460 > 2 locks held by getty/3275: > #0: 88807f0db098 (>ldisc_sem){}-{0:0}, at: > tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244 > #1: c90002b662e8 (>atomic_read_lock){+.+.}-{3:3}, at: > n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077 > 1 lock held by vhost-3632/3633: > > = > > NMI backtrace for cpu 0 > CPU: 0 PID: 26 Comm: khungtaskd Not tainted > 5.17.0-rc3-syzkaller-00029-ge6251ab4551f #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 > nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111 > nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 > trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] > check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline] > watchdog+0xc1d/0xf50 kernel/hung_task.c:369 > kthread+0x2e9/0x3a0 kernel/kthread.c:377 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 > > Sending NMI from CPU 0 to CPUs 1: > NMI backtrace for cpu 1 > CPU: 1 PID: 3633 Comm: vhost-3632 Not tainted > 5.17.0-rc3-syzkaller-00029-ge6251ab4551f #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline] > RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:200 > Code: 00 00 e9 c6 41 66 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff > ff 31 c0 c3 90 65 8b 05 29 f7 89 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 > 48 8b 14 25 00 70 02 00 a9 00 01 ff 00 74 0e > RSP: 0018:c9cd7c78 EFLAGS: