From: Al Viro <viro@zeniv.linux.org.uk>
To: Dave Chinner <david@fromorbit.com>
Cc: Mateusz Guzik <mjguzik@gmail.com>,
syzbot <syzbot+e245f0516ee625aaa412@syzkaller.appspotmail.com>,
brauner@kernel.org, djwong@kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-xfs@vger.kernel.org, llvm@lists.linux.dev,
nathan@kernel.org, ndesaulniers@google.com,
syzkaller-bugs@googlegroups.com, trix@redhat.com
Subject: Re: [syzbot] [xfs?] INFO: task hung in __fdget_pos (4)
Date: Mon, 4 Sep 2023 00:13:38 +0100 [thread overview]
Message-ID: <20230903231338.GN3390869@ZenIV> (raw)
In-Reply-To: <ZPUIQzsCSNlnBFHB@dread.disaster.area>
On Mon, Sep 04, 2023 at 08:27:15AM +1000, Dave Chinner wrote:
> It already is (sysrq-t), but I'm not sure that will help - if it is
> a leaked unlock then nothing will show up at all.
Unlikely; grep and you'll see - very few callers, and for all of them
there's an fdput_pos() downstream of any fdget_pos() that had picked
non-NULL file reference.
In theory, it's not impossible that something had stripped FDPUT_POS_UNLOCK
from the flags, but that's basically "something might've corrupted the
local variables" scenario. There are 12 functions total where we might
be calling fdget_pos() and all of them are pretty small (1 in alpha
osf_sys.c, 6 in read_write.c and 5 in readdir.c); none of those takes
an address of struct fd, none of them has assignments to it after fdget_pos()
and the only accesses to its members are those to fd.file - all fetches.
Control flow is also easy to check - they are all short.
IMO it's much more likely that we'll find something like
thread A:
grabs some fs lock
gets stuck on something
thread B: write()
finds file
grabs ->f_pos_lock
calls into filesystem
blocks on fs lock held by A
thread C: read()/write()/lseek() on the same file
blocks on ->f_pos_lock
next prev parent reply other threads:[~2023-09-03 23:13 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-03 4:11 [syzbot] [xfs?] INFO: task hung in __fdget_pos (4) syzbot
2023-09-03 5:25 ` Dave Chinner
2023-09-03 8:33 ` Mateusz Guzik
2023-09-03 18:01 ` Al Viro
2023-09-03 18:57 ` Mateusz Guzik
2023-09-03 19:51 ` Al Viro
2023-09-03 20:04 ` Mateusz Guzik
2023-09-06 17:53 ` Aleksandr Nogikh
2023-09-03 22:27 ` Dave Chinner
2023-09-03 22:47 ` Mateusz Guzik
2023-09-03 23:09 ` Dave Chinner
2023-09-04 8:11 ` Christian Brauner
2023-09-04 8:23 ` Christian Brauner
2023-09-04 8:55 ` Dave Chinner
2023-09-03 23:13 ` Al Viro [this message]
2023-09-04 1:45 ` Dave Chinner
2023-09-04 3:02 ` Al Viro
2023-09-04 3:26 ` Theodore Ts'o
2023-09-04 6:09 ` Mateusz Guzik
2023-11-30 16:58 ` [syzbot] [fs] " syzbot
2024-09-21 5:58 ` syzbot
2024-10-31 13:38 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230903231338.GN3390869@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=brauner@kernel.org \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=mjguzik@gmail.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=syzbot+e245f0516ee625aaa412@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).