Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1664675pxb; Wed, 9 Feb 2022 01:35:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJz3cv9NBrvS+g5zXtdDNZIAh33uMxk8kzNBrCUcoWRF5scROxcXI3fSybY97S2rAjzpWoko X-Received: by 2002:a17:903:11d0:: with SMTP id q16mr1251202plh.134.1644399347301; Wed, 09 Feb 2022 01:35:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644399347; cv=none; d=google.com; s=arc-20160816; b=e7p7OJXc4pv1TAW/9Lxc+JKvwpeo+uFQ2G0lFo+WUcNZtA2EiVYgfNZM18hKva8RzO HKbLnSEdnsRTS/21r9PSsvaQm0Xq8pbBJa0e3egjlFL+QDBeSfUfcIEnIO7D3mFEgV6b RQ/2oRdKZcvIb9UFp+hII7zfTkdBVd58RBjvAZEgENG1qUFl38sUosrrYcISuvT0Uf8P ggfvjUGPrSwh6yIlymKWPHizSUAiO26eK+463G6MhzBTE5+yRKoENyzjO2vEPq5EnL96 yuyYkjHeDXC+u22HJhPC6JG7SkQwGS7yf/ikJShQl5YhHbtN9B3cQ5G/8w+HErmWE5l8 G46Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=IiwkpuM+BfLL6jHkWVkc0DGHd+y4pmtd32Iu8/4ilfc=; b=lhzIdlWUY2NDwV08EvuNR3+V/7eT8glkDadBr6KDiQeMvDyXqyJipgtXAK1nGKNhmK MvgkdjH0k8oFIgXDjtN3SdSDS1ntv1zeEMu1OKc3iLGTpYFMP7ONeJu4555CD+6OMPpC HBrcM250SckwIXFP271tY0nKLSLWmE2idKdtgrAhAL1R6X+N1evZgXN5paghTH5Ue6WA /yt9T9Q9kHxACQ95rEmkw82p8qMeNq1tVMcRGfJCOFEpYlDQvySsXz98Q10GEec4x9f6 q159ScsU3fFyyMKrtWPAnMVATfsBUvDN4vJGC8MXGvxogJ9uZcW/Zl4uLpCBcYgdXCCA d90w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=c34Yqufw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id y16si14053119plp.400.2022.02.09.01.35.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 01:35:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=c34Yqufw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5B755DF28B1F; Wed, 9 Feb 2022 01:01:12 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358946AbiBHL1n (ORCPT + 99 others); Tue, 8 Feb 2022 06:27:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234069AbiBHKcU (ORCPT ); Tue, 8 Feb 2022 05:32:20 -0500 Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C8C7C03FEC0 for ; Tue, 8 Feb 2022 02:32:19 -0800 (PST) Received: by mail-il1-x12e.google.com with SMTP id z7so13500099ilb.6 for ; Tue, 08 Feb 2022 02:32:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IiwkpuM+BfLL6jHkWVkc0DGHd+y4pmtd32Iu8/4ilfc=; b=c34Yqufwr+tpl4Ls9NyohNK+tbfd7eD7QWVO23mmKLmOQplMwAiRZH4JxpVLsbcSLD ZjrnpBi4zlEiv+2yuO0AA3o37PVhrimSWqty//ByE1PcwJj2DPC0zUyD5tdFa41ApGuc ExF6gcgHxTjTmMsSGeiKGvthGPBqELlAP4WlcDDV+QjNMfx7cQTOcXjp52V8OIDZfNPq cJwhpKGuPc7RfJ5WpfLj0kHIExXZaSORc54NAO+z2brqOPtn0y+AcCAORXoax4UXOLKu zYjZPjGhbHHiVOt6susQrPHsmKiqFCoXEpBgp0D9nD/zaOiKVRTb0eoqrD+VzPrqt0NC lr5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IiwkpuM+BfLL6jHkWVkc0DGHd+y4pmtd32Iu8/4ilfc=; b=5OEDsq2qyYQj8MQKiMA8ZJEq70Pvn8f77zBJVkqCbshsMTfUiZY7OSs4jROz1oP0Hy z8rdDFZvOUEGI1QetKbFR57epBt9VJYnUXhZ7miDthgjsskbKxxJsikOIAC/5AF+Eo0n 4OxvJ16FAVCuzmBl7b38Y0uFhntwbnIF6Jx7NMfOBoQ2mocktoakC4jvyexIAxX/iQ00 IDrybWCWOlSOfdEB9D3528SemLD2zBmvyJ7wLLAnI++wRcEpJxa2hEdea66hs5PGPDpz 7knLsTYgLsyOCwz1EYr/ttiSkeudbRfP7dI1DUkbVgbtAyWeTGZnOvMSsg6DjSOR5MmX T8rQ== X-Gm-Message-State: AOAM530fRavba36jzUueuAeLwP5hsH9Op/54jfcEdTWm6y903crxXreL bWuO3AgbVNasmwC2kqQuLEf+zjp68w6eMhCuUGaBDg== X-Received: by 2002:a05:6e02:194b:: with SMTP id x11mr1773801ilu.123.1644316338411; Tue, 08 Feb 2022 02:32:18 -0800 (PST) MIME-Version: 1.0 References: <000000000000ef8cbb05d3bf84cd@google.com> <20211225005253.1962-1-hdanton@sina.com> <6396f046-b292-1a73-8339-d32b611d9b7f@redhat.com> <20211230125018.2272-1-hdanton@sina.com> In-Reply-To: <20211230125018.2272-1-hdanton@sina.com> From: Aleksandr Nogikh Date: Tue, 8 Feb 2022 11:32:07 +0100 Message-ID: Subject: Re: [syzbot] INFO: rcu detected stall in ext4_file_write_iter (4) To: Hillf Danton Cc: "Theodore Ts'o" , Waiman Long , syzbot , LKML , Peter Zijlstra , syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Closing the bug. Syzkaller now is much more careful with sched_setattr and perf_event_open, so, hopefully, we'll see fewer such false positive reports in the future. #syz invalid On Thu, Dec 30, 2021 at 1:50 PM Hillf Danton wrote: > > On Wed, 29 Dec 2021 16:29:33 -0500 Theodore Ts'o wrote: > > On Mon, Dec 27, 2021 at 10:14:23PM -0500, Waiman Long wrote: > > > > > > The test was running on a CONFIG_PREEMPT kernel. So if the syzkaller kthread > > > is running at a higher priority than the rcu_preempt kthread, it is possible > > > for the rcu_preempt kthread to be starved of cpu time. The rwsem optimistic > > > spinning code will relinquish the cpu if there is a higher priority thread > > > running. Since rcu_preempt kthread did not seem to be able to get the cpu, I > > > suspect that it is probably caused by the syzkaller thread having a higher > > > priority. > > > > It's even worse than that. The Syzkaller reproducer is calling > > sched_setattr(): > > > > *(uint32_t*)0x20000080 = 0x38; // sched_attr.sched_size > > *(uint32_t*)0x20000084 = 1; // sched_attr.sched_policy == SCHED_FIFO > > *(uint64_t*)0x20000088 = 0; // sched_attr.sched_flags > > *(uint32_t*)0x20000090 = 0; // sched_attr.sched_nice > > *(uint32_t*)0x20000094 = 1; // sched_attr.sched_priority > > *(uint64_t*)0x20000098 = 0; // ... > > *(uint64_t*)0x200000a0 = 0; > > *(uint64_t*)0x200000a8 = 0; > > *(uint32_t*)0x200000b0 = 0; > > *(uint32_t*)0x200000b4 = 0; > > syscall(__NR_sched_setattr, 0, 0x20000080ul, 0ul); > > > > So one or more of the syzkaller threads is SCHED_FIFO, and SCHED_FIFO > > threads will *never* relinquish the CPU in favor of SCHED_OTHER > > threads (which in practice will include all kernel threads unless > > special measures are taken by someone who knows what they are doing) > > so long as it they are runable. > > > > See the discussion at: > > > > https://lore.kernel.org/all/Yb5RMWRsJl5TMk8H@casper.infradead.org/ > > > > I recommend that kernel developers simply ignore any syzkaller report > > that relates to tasks being hung or rcu detected and where the > > reproducer is trying to set a real-time priority (e.g., sched_policy > > of SCHED_FIFO or SCHED_RR), since the number of ways that > > sched_setattr can be used as a foot-gun are near infinite.... > > > > Syzkaller reports that include sched_setattr are great for inflating > > the OMG! There are tons of unhandled syzkaller reports, "companies > > need to fund more engineering headcount to fix syzkaller bugs" slide > > decks. But IMHO, they are not good for much else. > > > > - Ted > > > > On the other hand, this report suggests IMHO the need for setting the > deadline, a couple of ticks by default, for spinners, to cut the chance > for FIFO tasks to make trouble in scenarios like the report. > > Mutex needs the same mechanism if it makes sense. > > Thanks > Hillf > > > +++ x/kernel/locking/rwsem.c > @@ -716,6 +716,7 @@ rwsem_spin_on_owner(struct rw_semaphore > struct task_struct *new, *owner; > unsigned long flags, new_flags; > enum owner_state state; > + unsigned long deadline; > > lockdep_assert_preemption_disabled(); > > @@ -724,6 +725,10 @@ rwsem_spin_on_owner(struct rw_semaphore > if (state != OWNER_WRITER) > return state; > > + /* avoid spinning long enough to make rcu stall > + * particularly in case of FIFO spinner > + */ > + deadline = jiffies + 2; > for (;;) { > /* > * When a waiting writer set the handoff flag, it may spin > @@ -747,7 +752,8 @@ rwsem_spin_on_owner(struct rw_semaphore > */ > barrier(); > > - if (need_resched() || !owner_on_cpu(owner)) { > + if (need_resched() || !owner_on_cpu(owner) || > + time_after(jiffies, deadline)) { > state = OWNER_NONSPINNABLE; > break; > } > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/20211230125018.2272-1-hdanton%40sina.com.