Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2544896imm; Mon, 10 Sep 2018 02:52:11 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYNmVojBVS58sG/UEgUjw4YUefyc6n+XjizKaScpL3YPVsek1qxtyBTlktA5Oso4GSyc2nV X-Received: by 2002:a63:3f45:: with SMTP id m66-v6mr21630272pga.51.1536573130920; Mon, 10 Sep 2018 02:52:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536573130; cv=none; d=google.com; s=arc-20160816; b=QT7Fs8jgXA0Ym2KS4KZ8l6dZqrt1Wh/TPJYWUwZBAfoXLvot+8RqfOcVLVTn9/xlkY C8hojZ1C/q8fUTX/7zCfinE2opZKFUYvduAea+NJghrqfDFUM0k9AqNxIvZbULTWPS2b WDEFhWg6mRFPlnp6moVoNlR09JBmAzCXVAJ/RxTrkJZIX5M5mkvkZ4SOAF5DFmRCx4N2 FYkgcE0FSiejnJ2R2eBGFFkJo1P1pW7uesZXR+yXE2ieLAypakssszqvb+B/IO64I+uT 3mUCDwnwWKD2IC2Zgv9S87/EcAlvvP8uNLZTBUxcxroD50tzfkkJ8pDc69B01CMIyA2B 12Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=okCZjwxpi5Smv3VWgJl/+SHcHoAleOu5aO+k645KKm4=; b=lsT0/slbYlnDrBypFD4ccGE2RqQUglPgFpajAycV4WsFuD54KTsfB0HfQZfhM/QExE X9tsGQkZ+qGmnjvegACvm56WvXEPTj4XSH0hrK9wtFOcbue5kpp+bYZXQqhGqzz/q4Zt kZNZkO7rS6840nV0YoBX10IRfHmEydTwy1m9M1/5gjYBLeEqmBp7r/WeA29P6NVCqMML nZOob/yg09TFiu0iWSm+LbfkOYF0746q45Lzvex4497bawY0l6sdXKLYPnEKCF3fsJLi kouOi7olmoOaXehgcJjq2TunJRvMnyzyk4Jg1bHmOcTtLwVEKkU1gW6bY+vtt4AmN2tt WZNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=PHe2ve0J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d11-v6si16549795plo.91.2018.09.10.02.51.55; Mon, 10 Sep 2018 02:52:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=PHe2ve0J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728196AbeIJOn5 (ORCPT + 99 others); Mon, 10 Sep 2018 10:43:57 -0400 Received: from mail-oi0-f65.google.com ([209.85.218.65]:32948 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727261AbeIJOn5 (ORCPT ); Mon, 10 Sep 2018 10:43:57 -0400 Received: by mail-oi0-f65.google.com with SMTP id 8-v6so38969346oip.0 for ; Mon, 10 Sep 2018 02:50:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=okCZjwxpi5Smv3VWgJl/+SHcHoAleOu5aO+k645KKm4=; b=PHe2ve0JuKk65iMxmkvAweaa9jH+oKwDtXuUaY6JtmQ6E++WZ3O6ntDQJ3Xf0kAvy/ l+GaTjtmxcl16Nfu1APaU3VbOhv+tzIBertKziq51TDbojsOtvNEAW1epxiW9GOczin/ EsRC+AWcgp6lwerTQElCKaB0BrkpEdLhgTsKo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=okCZjwxpi5Smv3VWgJl/+SHcHoAleOu5aO+k645KKm4=; b=aqkSagzDJJlTvGAY1Q66TyPhPpFozuCu+jysW4BkY5XEsGWvPGCqzbPhWbjTbgoNPK ZlRwCq78KaELeonTlNYme7edieWlwNiksx/FHJAhwmFzq5ia2c71dD+6kDhzlYT3dVji OzqGxYS9RP6Copnl88ci2Oe/qmFOWG1p63UhWqZ0KmRfRto+MfctERpEpqbjomP0bJET WANOyaF0M8VJODWh5Tyd+uBE8jMP7Hl4o9JppJFnFtZEHdCm+QY1X1axupB0OJLYU83V hVNb4dQMiAepzQLCUUs+mqBwRccbwGcyPrawTEIRTwikSSFZu7CWoJw4Efxo8UxUwtiQ SWCg== X-Gm-Message-State: APzg51D/8aLdkb4Bt90pcg6oruFNfa3jM5oUzofYA2Oqvhl/k/xNx9xZ mBtP0roc3FwH4ow68kO3Xtar/CSfuHthmPL1yMsD6w== X-Received: by 2002:a54:4017:: with SMTP id x23-v6mr8462856oie.25.1536573044440; Mon, 10 Sep 2018 02:50:44 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:24a3:0:0:0:0:0 with HTTP; Mon, 10 Sep 2018 02:50:43 -0700 (PDT) X-Originating-IP: [94.21.245.65] In-Reply-To: References: <00000000000024df4605757495a8@google.com> From: Miklos Szeredi Date: Mon, 10 Sep 2018 11:50:43 +0200 Message-ID: Subject: Re: possible deadlock in free_ioctx_users To: Dmitry Vyukov Cc: syzbot , bcrl , linux-aio , linux-fsdevel , LKML , syzkaller-bugs , Al Viro Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 10, 2018 at 11:43 AM, Dmitry Vyukov wrote: > On Mon, Sep 10, 2018 at 11:28 AM, Miklos Szeredi wrote: >> On Sun, Sep 9, 2018 at 8:41 PM, syzbot >> wrote: >>> Hello, >>> >>> syzbot found the following crash on: >>> >>> HEAD commit: f8f65382c98a Merge tag 'for-linus' of git://git.kernel.org.. >>> git tree: upstream >>> console output: https://syzkaller.appspot.com/x/log.txt?x=113260ae400000 >>> kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6 >>> dashboard link: https://syzkaller.appspot.com/bug?extid=d86c4426a01f60feddc7 >>> compiler: gcc (GCC) 8.0.1 20180413 (experimental) >>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120baa9e400000 >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13979cbe400000 >>> >>> IMPORTANT: if you fix the bug, please add the following tag to the commit: >>> Reported-by: syzbot+d86c4426a01f60feddc7@syzkaller.appspotmail.com >>> >>> random: sshd: uninitialized urandom read (32 bytes read) >>> random: sshd: uninitialized urandom read (32 bytes read) >>> random: sshd: uninitialized urandom read (32 bytes read) >>> >>> ======================================================== >>> WARNING: possible irq lock inversion dependency detected >>> 4.19.0-rc2+ #229 Not tainted >>> -------------------------------------------------------- >>> swapper/0/0 just changed the state of lock: >>> 00000000c02bddef (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq >>> include/linux/spinlock.h:354 [inline] >>> 00000000c02bddef (&(&ctx->ctx_lock)->rlock){..-.}, at: >>> free_ioctx_users+0xbc/0x710 fs/aio.c:603 >>> but this lock took another, SOFTIRQ-unsafe lock in the past: >>> (&fiq->waitq){+.+.} >>> >>> >>> and interrupts could create inverse lock ordering between them. >>> >>> >>> other info that might help us debug this: >>> Possible interrupt unsafe locking scenario: >>> >>> CPU0 CPU1 >>> ---- ---- >>> lock(&fiq->waitq); >>> local_irq_disable(); >>> lock(&(&ctx->ctx_lock)->rlock); >>> lock(&fiq->waitq); >>> >>> lock(&(&ctx->ctx_lock)->rlock); >> >> Fuse device doesn't support AIO ops. So false positive, AFAICS. > > Hi Miklos, > > We still need to annotate this. How? Good question. Isn't lockdep assuming too much here? It hasn't shown that that ctx_lock instance was actually called from interrupt context, has it? Thanks, Miklos