From: Oleg Nesterov <oleg@redhat.com>
To: Mateusz Guzik <mjguzik@gmail.com>
Cc: syzbot <syzbot+62262fdc0e01d99573fc@syzkaller.appspotmail.com>,
brauner@kernel.org, dhowells@redhat.com, jack@suse.cz,
jlayton@kernel.org, kprateek.nayak@amd.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
netfs@lists.linux.dev, swapnil.sapkal@amd.com,
syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: Re: [syzbot] [netfs?] INFO: task hung in netfs_unbuffered_write_iter
Date: Sun, 23 Mar 2025 22:02:52 +0100 [thread overview]
Message-ID: <20250323210251.GD14883@redhat.com> (raw)
In-Reply-To: <CAGudoHHmvU54MU8dsZy422A4+ZzWTVs7LFevP7NpKzwZ1YOqgg@mail.gmail.com>
Prateek, Mateusz, thanks for your participation!
On 03/23, Mateusz Guzik wrote:
>
> On Sun, Mar 23, 2025 at 8:47 PM Oleg Nesterov <oleg@redhat.com> wrote:
> >
> > OK, as expected.
> >
> > Dear syzbot, thank you.
> >
> > So far I think this is another problem revealed by aaec5a95d59615523db03dd5
> > ("pipe_read: don't wake up the writer if the pipe is still full").
> >
> > I am going to forget about this report for now and return to it later, when
> > all the pending pipe-related changes in vfs.git are merged.
> >
>
> How do you ask syzbot for all stacks?
Heh, I don't know.
> The reproducer *does* use pipes, but it is unclear to me if they play
> any role here
please see the reproducer,
https://syzkaller.appspot.com/x/repro.c?x=10d6a44c580000
res = syscall(__NR_pipe2, /*pipefd=*/0x400000001900ul, /*flags=*/0ul);
if (res != -1) {
r[2] = *(uint32_t*)0x400000001900;
r[3] = *(uint32_t*)0x400000001904;
}
then
res = syscall(__NR_dup, /*oldfd=*/r[3]);
if (res != -1)
r[4] = res;
so r[2] and r[4] are the read/write fd's.
then later
memcpy((void*)0x400000000280, "trans=fd,", 9);
...
memcpy((void*)0x400000000289, "rfdno", 5);
...
sprintf((char*)0x40000000028f, "0x%016llx", (long long)r[2]);
...
memcpy((void*)0x4000000002a2, "wfdno", 5);
...
sprintf((char*)0x4000000002a8, "0x%016llx", (long long)r[4]);
...
syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x400000000000ul,
/*type=*/0x400000000040ul, /*flags=*/0ul, /*opts=*/0x400000000280ul);
so this pipe is actually used as "trans=fd".
> -- and notably we don't know if there is someone stuck
> in pipe code, resulting in not waking up the reported thread.
Yes, I am not familiar with 9p or netfs, so I don't know either.
Oleg.
next prev parent reply other threads:[~2025-03-23 21:03 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-22 15:54 [syzbot] [netfs?] INFO: task hung in netfs_unbuffered_write_iter syzbot
2025-03-23 18:48 ` Oleg Nesterov
2025-03-23 19:17 ` syzbot
2025-03-23 19:47 ` Oleg Nesterov
2025-03-23 19:50 ` K Prateek Nayak
2025-03-23 19:52 ` Mateusz Guzik
2025-03-23 21:02 ` Oleg Nesterov [this message]
2025-03-24 10:47 ` K Prateek Nayak
2025-03-24 11:15 ` syzbot
2025-03-24 13:17 ` Mateusz Guzik
2025-03-24 13:19 ` K Prateek Nayak
2025-03-24 14:52 ` K Prateek Nayak
2025-03-24 16:03 ` Mateusz Guzik
2025-03-24 16:25 ` K Prateek Nayak
2025-03-24 16:36 ` K Prateek Nayak
2025-03-25 2:52 ` K Prateek Nayak
2025-03-25 12:15 ` Oleg Nesterov
2025-03-25 12:36 ` Dominique Martinet
2025-03-25 13:04 ` Oleg Nesterov
2025-03-25 14:49 ` K Prateek Nayak
2025-03-25 14:58 ` Dominique Martinet
2025-03-26 12:19 ` Oleg Nesterov
2025-03-26 12:44 ` Oleg Nesterov
2025-03-26 13:05 ` Oleg Nesterov
2025-03-27 17:46 ` K Prateek Nayak
2025-03-27 21:19 ` syzbot
2025-03-27 22:18 ` asmadeus
2025-03-28 4:01 ` K Prateek Nayak
2025-03-28 4:43 ` syzbot
2025-03-28 13:06 ` Oleg Nesterov
2025-03-28 13:07 ` syzbot
2025-03-28 13:25 ` Oleg Nesterov
2025-03-28 13:49 ` syzbot
2025-03-28 14:49 ` Oleg Nesterov
2025-03-28 15:22 ` syzbot
2025-03-28 17:00 ` Oleg Nesterov
2025-03-28 17:56 ` K Prateek Nayak
2025-03-28 18:20 ` Oleg Nesterov
2025-03-29 0:00 ` asmadeus
2025-03-29 14:21 ` Oleg Nesterov
2025-03-29 23:27 ` asmadeus
2025-03-30 10:21 ` Oleg Nesterov
2025-03-23 20:03 ` Mateusz Guzik
2025-03-23 20:43 ` syzbot
2025-03-28 18:14 ` David Howells
2025-03-28 18:44 ` syzbot
2025-03-28 19:01 ` Oleg Nesterov
2025-08-03 12:09 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250323210251.GD14883@redhat.com \
--to=oleg@redhat.com \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=kprateek.nayak@amd.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjguzik@gmail.com \
--cc=netfs@lists.linux.dev \
--cc=swapnil.sapkal@amd.com \
--cc=syzbot+62262fdc0e01d99573fc@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).