Re: [syzbot] INFO: task hung in vhost_work_dev_flush

2022-02-22 Thread Dan Carpenter
On Mon, Feb 21, 2022 at 09:23:04PM +0530, Anirudh Rayabharam wrote:
> On Mon, Feb 21, 2022 at 03:12:33PM +0100, Stefano Garzarella wrote:
> > #syz test: 
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
> > f71077a4d84b
> > 
> > Patch sent upstream:
> > https://lore.kernel.org/virtualization/20220221114916.107045-1-sgarz...@redhat.com/T/#u
> 
> I don't see how your patch fixes this issue. It looks unrelated. It is
> surprising that syzbot is happy with it.
> 
> I have sent a patch for this issue here:
> https://lore.kernel.org/lkml/20220221072852.31820-1-m...@anirudhrb.com/

I wasted so much time trying to figure out what this patch fixes.  :P

(It doesn't fix anything).

regards,
dan carpenter

___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization


Re: [syzbot] INFO: task hung in vhost_work_dev_flush

2022-02-21 Thread Stefano Garzarella

On Mon, Feb 21, 2022 at 09:23:04PM +0530, Anirudh Rayabharam wrote:

On Mon, Feb 21, 2022 at 03:12:33PM +0100, Stefano Garzarella wrote:

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
f71077a4d84b

Patch sent upstream:
https://lore.kernel.org/virtualization/20220221114916.107045-1-sgarz...@redhat.com/T/#u


I don't see how your patch fixes this issue. It looks unrelated. It is
surprising that syzbot is happy with it.

I have sent a patch for this issue here:
https://lore.kernel.org/lkml/20220221072852.31820-1-m...@anirudhrb.com/


It is related because the worker thread is accessing the iotlb that is 
going to be freed, so it could be corrupted/invalid.


Your patch seems right, but simply prevents iotlb from being set for the 
the specific test case, so it remains NULL and iotlb_access_ok() exits 
immediately.


Anyway, currently if nregions is 0 vhost_set_memory() sets an iotlb with 
no regions (the for loop is not executed), so I'm not sure 
iotlb_access_ok() cycles infinitely.


Stefano

___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization


Re: [syzbot] INFO: task hung in vhost_work_dev_flush

2022-02-21 Thread Stefano Garzarella
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
f71077a4d84b

Patch sent upstream:
https://lore.kernel.org/virtualization/20220221114916.107045-1-sgarz...@redhat.com/T/#u

On Sat, Feb 19, 2022 at 12:23 AM syzbot
 wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:e6251ab4551f Merge tag 'nfs-for-5.17-2' of git://git.linux..
> git tree:   upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=163caa3c70
> kernel config:  https://syzkaller.appspot.com/x/.config?x=266de9da75c71a45
> dashboard link: https://syzkaller.appspot.com/bug?extid=0abd373e2e50d704db87
> compiler:   gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils 
> for Debian) 2.35.2
> syz repro:  https://syzkaller.appspot.com/x/repro.syz?x=108514a470
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16ca671c70
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+0abd373e2e50d704d...@syzkaller.appspotmail.com
>
> INFO: task syz-executor117:3632 blocked for more than 143 seconds.
>   Not tainted 5.17.0-rc3-syzkaller-00029-ge6251ab4551f #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor117 state:D stack:27512 pid: 3632 ppid:  3631 
> flags:0x4002
> Call Trace:
>  
>  context_switch kernel/sched/core.c:4986 [inline]
>  __schedule+0xab2/0x4db0 kernel/sched/core.c:6295
>  schedule+0xd2/0x260 kernel/sched/core.c:6368
>  schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
>  do_wait_for_common kernel/sched/completion.c:85 [inline]
>  __wait_for_common kernel/sched/completion.c:106 [inline]
>  wait_for_common kernel/sched/completion.c:117 [inline]
>  wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
>  vhost_work_dev_flush.part.0+0xbb/0xf0 drivers/vhost/vhost.c:243
>  vhost_work_dev_flush drivers/vhost/vhost.c:238 [inline]
>  vhost_poll_flush+0x5e/0x80 drivers/vhost/vhost.c:252
>  vhost_vsock_flush drivers/vhost/vsock.c:710 [inline]
>  vhost_vsock_dev_release+0x1be/0x4b0 drivers/vhost/vsock.c:757
>  __fput+0x286/0x9f0 fs/file_table.c:311
>  task_work_run+0xdd/0x1a0 kernel/task_work.c:164
>  exit_task_work include/linux/task_work.h:32 [inline]
>  do_exit+0xb29/0x2a30 kernel/exit.c:806
>  do_group_exit+0xd2/0x2f0 kernel/exit.c:935
>  __do_sys_exit_group kernel/exit.c:946 [inline]
>  __se_sys_exit_group kernel/exit.c:944 [inline]
>  __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:944
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x44/0xae
> RIP: 0033:0x7fbf04b83b89
> RSP: 002b:7fff5bc9ca18 EFLAGS: 0246 ORIG_RAX: 00e7
> RAX: ffda RBX: 7fbf04bf8330 RCX: 7fbf04b83b89
> RDX: 003c RSI: 00e7 RDI: 
> RBP:  R08: ffc0 R09: 7fff5bc9cc08
> R10: 7fff5bc9cc08 R11: 0246 R12: 7fbf04bf8330
> R13: 0001 R14:  R15: 0001
>  
>
> Showing all locks held in the system:
> 1 lock held by khungtaskd/26:
>  #0: 8bb83c20 (rcu_read_lock){}-{1:2}, at: 
> debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
> 2 locks held by getty/3275:
>  #0: 88807f0db098 (>ldisc_sem){}-{0:0}, at: 
> tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
>  #1: c90002b662e8 (>atomic_read_lock){+.+.}-{3:3}, at: 
> n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077
> 1 lock held by vhost-3632/3633:
>
> =
>
> NMI backtrace for cpu 0
> CPU: 0 PID: 26 Comm: khungtaskd Not tainted 
> 5.17.0-rc3-syzkaller-00029-ge6251ab4551f #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS 
> Google 01/01/2011
> Call Trace:
>  
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
>  nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
>  nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
>  trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
>  check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
>  watchdog+0xc1d/0xf50 kernel/hung_task.c:369
>  kthread+0x2e9/0x3a0 kernel/kthread.c:377
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
>  
> Sending NMI from CPU 0 to CPUs 1:
> NMI backtrace for cpu 1
> CPU: 1 PID: 3633 Comm: vhost-3632 Not tainted 
> 5.17.0-rc3-syzkaller-00029-ge6251ab4551f #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS 
> Google 01/01/2011
> RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
> RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:200
> Code: 00 00 e9 c6 41 66 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff 
> ff 31 c0 c3 90 65 8b 05 29 f7 89 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 
> 48 8b 14 25 00 70 02 00 a9 00 01 ff 00 74 0e
> RSP: 0018:c9cd7c78 EFLAGS: