On 8/5/21 10:45 PM, Theodore Ts'o wrote:
On Thu, Aug 05, 2021 at 06:14:18PM +0300, Pavel Skripkin wrote:
Syzbot reported task hung bug in ext4_fill_super(). The problem was in
too huge mmp update interval.
Syzkaller reproducer setted s_mmp_update_interval to 39785 seconds. This
update interaval is unreasonable huge and it can cause tasks to hung on
kthread_stop() call, since it will wait until timeout timer expires.
I must be missing something. kthread_stop() should wake up the
kmmpd() thread, which should see kthread_should_stop(), and then it
should exit. What is causing it to wait until the timeout timer
expires?
- Ted
Hi, Ted!
I guess, I've explained my idea badly, sorry :)
I mean, that there is a chance to hit this situation:
CPU0 CPU1
kthread_should_stop() <-- false
kthread_stop()
set_bit(KTHREAD_SHOULD_STOP)
wake_up_process()
wait_for_completion()
schedule_timeout_interruptible()
*waits until timer expires*
Since there wasn't any validation checks for mmp_update_interval, CPU0
will wait for up to (1 << 16) seconds (s_mmp_update_interval it __le16).
With regards,
Pavel Skripkin
