task hung in exfat_write_inode

Message ID 20231221045014.3986230-1-lizhi.xu@windriver.com
State New
Headers
Series task hung in exfat_write_inode |

Commit Message

Lizhi Xu Dec. 21, 2023, 4:50 a.m. UTC
  #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git f9ff5644bcc0
  

Comments

syzbot Dec. 21, 2023, 5:18 a.m. UTC | #1
Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: rcu detected stall in corrupted

rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P5348 } 2631 jiffies s: 2881 root: 0x0/T
rcu: blocking rcu_node structures (internal RCU debug):


Tested on:

commit:         f9ff5644 Merge tag 'hsi-for-6.2' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=110d6fb6e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=1bf08f50e8fff9ad
dashboard link: https://syzkaller.appspot.com/bug?extid=2f73ed585f115e98aee8
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17028ec9e80000
  

Patch

diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index 56b870d9cc0d..a40e0f5ca67c 100644
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -149,7 +149,7 @@  static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 {
 	struct super_block *sb = inode->i_sb;
 	struct exfat_sb_info *sbi = EXFAT_SB(sb);
-	int cur_cmap_i, next_cmap_i;
+	int cur_cmap_i, next_cmap_i, ei = 0;
 	unsigned int num_clusters = 0;
 	unsigned int clu;
 
@@ -176,8 +176,11 @@  static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 
 	if (p_chain->flags == ALLOC_NO_FAT_CHAIN) {
 		unsigned int last_cluster = p_chain->dir + p_chain->size - 1;
+		printk("b dir: %u, s: %u, nc: %u\n", p_chain->dir, p_chain->size, num_clusters);
 		do {
 			bool sync = false;
+			if (ei > 100)
+				break;
 
 			if (clu < last_cluster)
 				next_cmap_i =
@@ -192,12 +195,17 @@  static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 			exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
 			clu++;
 			num_clusters++;
+			ei++;
 		} while (num_clusters < p_chain->size);
+		printk("e dir: %u, s: %u, nc: %u, e: %d\n", p_chain->dir, p_chain->size, num_clusters, ei);
 	} else {
+		printk("b2 dir: %u, s: %u, nc: %u\n", p_chain->dir, p_chain->size, num_clusters);
 		do {
 			bool sync = false;
 			unsigned int n_clu = clu;
 			int err = exfat_get_next_cluster(sb, &n_clu);
+			if (ei > 100)
+				break;
 
 			if (err || n_clu == EXFAT_EOF_CLUSTER)
 				sync = true;
@@ -213,10 +221,12 @@  static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 			exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
 			clu = n_clu;
 			num_clusters++;
+			ei++;
 
 			if (err)
 				goto dec_used_clus;
 		} while (clu != EXFAT_EOF_CLUSTER);
+		printk("e2 dir: %u, s: %u, nc: %u, e: %d\n", p_chain->dir, p_chain->size, num_clusters, ei);
 	}
 
 dec_used_clus: