Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3396133imm; Tue, 17 Jul 2018 04:15:47 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcJ7L0sUDI7kolgE8qH28QJnWNrr8yHdbiYDwcXrxiwgVXbKqxB+9RLrT5p4DFB/YZHKnXm X-Received: by 2002:a17:902:262:: with SMTP id 89-v6mr1193671plc.221.1531826147026; Tue, 17 Jul 2018 04:15:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531826146; cv=none; d=google.com; s=arc-20160816; b=g2zT/DQhz+97ZkS/fz9W6hXw0amsYeUdcPRukjR3eP7lz0yeukwTvrPID0MaUiB4zy 9oRuZ+0tdzrlIrEMs78xwesQNUANf0OEC/58I8kDBNyjE1dCj8I6nx+DIndgfHrb+SGG wT0GlV5cDoCG2U8528xwcX/Qv0KPR2A0psBkY9ES5ziA86sejB3v4dT2QTdPF+ZbRfhQ bvplXII15gBkO90jtfQge8dIejew0FklA+EF8tPiqyaH9Do4pwt8zNXb2MGKWe77oY63 7TZKZSEFvs3+nbC6r4vnMcypGP8OKZr6FF0Rp/j1leGVmhlM9msQSwjkfJfkFPBm7tQr Jm0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=q3e1s3fqXQJGeRMiGghReKnux5dgmK9ZuWEZdWDIkfk=; b=qWRuGy7HQUG2HQNKzpbRme7gQidFmq0va+VvAHE1c/TW0vfVpIyYerazGofVE+Dm8z /W05zcL+BObiJaQMEBRTf9UTnX4TM5vXSRWPlvVIupmrbRd6pYZ0M9mqYol+hU0rxS0a nyLyiQ/1eQSy4By+wVfBGgY0KdKXkzXswetx5By2CjpH2PdfDVAHD8T3qgi/Roq9+ybB fPY6b0bbWd5E+IDEIUeWcBTR5CLEWeYfEySVR0AeQzERd4ykVC/9raHEDH9xTJ6f2rbd AOM71wKqKhW+3iZK3crLkwsYfN0Iyvr2QIm41tLoEyoCRt1+7HCRtmrlc1B2skAJEoLi 4Pog== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=GWc2noAb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 89-v6si613335ple.488.2018.07.17.04.15.31; Tue, 17 Jul 2018 04:15:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=GWc2noAb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731314AbeGQLqh (ORCPT + 99 others); Tue, 17 Jul 2018 07:46:37 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:40070 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730000AbeGQLqh (ORCPT ); Tue, 17 Jul 2018 07:46:37 -0400 Received: by mail-oi0-f66.google.com with SMTP id w126-v6so1255440oie.7 for ; Tue, 17 Jul 2018 04:14:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=q3e1s3fqXQJGeRMiGghReKnux5dgmK9ZuWEZdWDIkfk=; b=GWc2noAbPRwz0jobmgdAz9LOr0xMSMflEiPCIvxQddv9B9PN2Rw3plqXZUopyrRqGd YXdsbPyzBt5APTR7aGoG3Ge9pDY2/7wTS3ByAPzrW7m8Im7SZuyd0ibpWhJauj3dVIeZ aOnWD6QiNjhTI3Lklkk6Haq6JEZ9z5zYPdsEg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=q3e1s3fqXQJGeRMiGghReKnux5dgmK9ZuWEZdWDIkfk=; b=P4nwMjUTYnF/Mats+d4QS+0lcgvIu2wscP1kglWI7tCGOMJtil/K30dcN+X7MzwJo/ bi+h92gkgo3XAESoG8+VQB0gsMe/BNO7KYFZmOA+s4DZU7tGzxqloG1UPNxIPTNgM4q3 uyehjA0xz9+fgnc/7OJeS4Wk20cemKfgqbYAthk/94caqJ9x7fXZ/NvtmzLnnZ6JC5m5 DcllSsXOcjtXDUAXe2HYm6WVtgOxAy/dgC93plCcgWKju+CgR2QKTHztfXZg+Xy4UXHE AJTuj0e8Wo5CYqtUAaKD2/H17YmCGCIwkMmwhWzoKmGGWIvo2LcfwXPjJZ0dp5rNi/sN C4jg== X-Gm-Message-State: AOUpUlF8dpKAquWxxmoaln5fXFUc4Teo5vStvctdblfgQ5crqcNNK9gY ZQZbOcalI6zhjRBa2PK+TeF6vfpB024bOaeUcIjhvw== X-Received: by 2002:aca:4bc6:: with SMTP id y189-v6mr1086573oia.181.1531826069591; Tue, 17 Jul 2018 04:14:29 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:113c:0:0:0:0:0 with HTTP; Tue, 17 Jul 2018 04:14:28 -0700 (PDT) X-Originating-IP: [212.96.48.140] In-Reply-To: <0000000000006a10de0570cf4d66@google.com> References: <0000000000006a10de0570cf4d66@google.com> From: Miklos Szeredi Date: Tue, 17 Jul 2018 13:14:28 +0200 Message-ID: Subject: Re: WARNING: lock held when returning to user space in fuse_lock_inode To: syzbot Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 12, 2018 at 5:49 PM, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: c25c74b7476e Merge tag 'trace-v4.18-rc3-2' of git://git.ke.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=177bcec2400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=25856fac4e580aa7 > dashboard link: https://syzkaller.appspot.com/bug?extid=3f7b29af1baa9d0a55be > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=13aa7678400000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17492678400000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+3f7b29af1baa9d0a55be@syzkaller.appspotmail.com > > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > > ================================================ > WARNING: lock held when returning to user space! > 4.18.0-rc4+ #143 Not tainted > ------------------------------------------------ > syz-executor012/4539 is leaving the kernel with locks still held! > 1 lock held by syz-executor012/4539: > #0: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 > fs/fuse/inode.c:363 False positive. fi->mutex is definitely not held by the acquiring task when returning to userspace. Maybe syzkaller is confused by the fact that there are several interdependent tasks involved with fuse: the one calling into fuse by doing something (looking up ./file0/file0) and the one that reads the fuse device (returning with the LOOKUP request for "file0"). The second one will return with that lock held, but it's not the one that acquired it, so there's no bug at all here. Thanks, Miklos > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with > syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches