All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Theodore Ts'o" <tytso@mit.edu>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Hillf Danton <hdanton@sina.com>,
	Matthew Wilcox <willy@infradead.org>,
	syzbot <syzbot+9c3fb12e9128b6e1d7eb@syzkaller.appspotmail.com>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com,
	syzkaller <syzkaller@googlegroups.com>
Subject: Re: [syzbot] INFO: task hung in jbd2_journal_commit_transaction (3)
Date: Fri, 20 May 2022 17:45:12 -0400	[thread overview]
Message-ID: <YogL6MCdYVrqGcRf@mit.edu> (raw)
In-Reply-To: <CACT4Y+YHxkL5aAgd4wXPe-J+RG6_VBcPs=e8QpRM8=3KJe+GCg@mail.gmail.com>

On Fri, May 20, 2022 at 01:57:07PM +0200, Dmitry Vyukov wrote:
> 
> Hi Ted,
> 
> Reviving this old thread re syzkaller using SCHED_FIFO.
> 
> It's a bit hard to restrict what the fuzzer can do if we give it
> sched_setattr() and friends syscalls. We could remove them from the
> fuzzer entirely, but it's probably suboptimal as well.
> 
> I see that setting up SCHED_FIFO is guarded by CAP_SYS_NICE:
> https://elixir.bootlin.com/linux/v5.18-rc7/source/kernel/sched/core.c#L7264
> 
> And I see we drop CAP_SYS_NICE from the fuzzer process since 2019
> (after a similar discussion):
> https://github.com/google/syzkaller/commit/f3ad68446455a
>
> The latest C reproducer contains: ....

For this particular report, there *was* no C reproducer.  There was
only a syz reproducer:

> syzbot found the following issue on:
> 
> HEAD commit:    5472f14a3742 Merge tag 'for_linus' of git://git.kernel.org..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11132113b00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=e3bdfd29b408d1b6
> dashboard link: https://syzkaller.appspot.com/bug?extid=9c3fb12e9128b6e1d7eb
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14559113b00000

So let me ask a counter question.  I thought syzbot tries to create a
minimal reproducer?  So if the sched_setattr is a no-op, and is
returning EPERM, why wasn't the sched_setattr line removed from the
syz repro?

As a side note, since in many cases running a reproducer can be
painful, would it be possible for the syzkiller dashboard to provide
the output of running "strace -f" while the reproducer is running?

That would also especially help since even when there is a C
reproducer, trying to understand what it is doing from reading the
syzbot-generated C source code is often non-trivial, and strace does a
much better job decoding what the !@#?@ the reproducer.  Another
advantage of using strace is that it will also show us the return code
from the system call, which would very quickly confirm whether the
sched_setattr() was actually returning EPERM or not --- and it will
decode the system call arguments in a way that I often wished would be
included as comments in the syzbot-generated reproducer.

Providing the strace output could significantly reduce the amount of
upstream developer toil, and might therefore improve upstream
developer engagement with syzkaller.

Cheers,

						- Ted

  reply	other threads:[~2022-05-20 21:45 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-18 19:50 [syzbot] INFO: task hung in jbd2_journal_commit_transaction (3) syzbot
2021-12-18 21:22 ` Matthew Wilcox
     [not found] ` <20211219023540.1638-1-hdanton@sina.com>
2021-12-19  4:20   ` Matthew Wilcox
2021-12-20 21:24     ` Theodore Ts'o
     [not found]     ` <20211221090804.1810-1-hdanton@sina.com>
2021-12-21 22:32       ` Theodore Ts'o
     [not found]       ` <20211222022527.1880-1-hdanton@sina.com>
2021-12-22  4:35         ` Theodore Ts'o
2022-05-20 11:57           ` Dmitry Vyukov
2022-05-20 21:45             ` Theodore Ts'o [this message]
2022-05-23 11:34               ` Dmitry Vyukov
2022-05-24 10:59                 ` Jan Kara
2021-12-23  5:32 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YogL6MCdYVrqGcRf@mit.edu \
    --to=tytso@mit.edu \
    --cc=dvyukov@google.com \
    --cc=hdanton@sina.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+9c3fb12e9128b6e1d7eb@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=syzkaller@googlegroups.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.