Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2559036imm; Mon, 10 Sep 2018 03:06:13 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYiA8Gs46GEU12PgxuMLrtvkryoJkRDam778ykhdmvEfvPRs3PqNVB0QbmVnoOIIrN5Csuy X-Received: by 2002:a63:6385:: with SMTP id x127-v6mr21923643pgb.413.1536573973623; Mon, 10 Sep 2018 03:06:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536573973; cv=none; d=google.com; s=arc-20160816; b=RDJBDPRebNeRVUYCs8x4itLaYV4o+jh0dPgT4ldL/bl16Dc7uMesrU1kKJlKtMeyym 9JM1rdtJLuByPf8xHLj/+VUFWXyFsyvOr7VsDkdTT+5kKMIVk435XN6kSZ7pr5dE2fpy +CWbLJodYyjUn+09TV/fcfCBKqBmaDurVQrRC9KMFnaPUBh2rBsjk9zRpypuMeFf73hu SnTztpZt+O4/3jd6KRvTwBt+20gfQdwHe5JbH0YsMPCOfHo5v6ITE+qaN4vxr+6X4mIc 97EbepK4S+eoNrDEH7PUf3o1pm+uoI2Op6FTp6Zo/N/3DS1sSqkqOVDPwdgaj/3yyuIi Pczg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=/xUu7u6g6nMLkUgxb4rUbhPm2CU+c5aV2ky3Qv0ymyc=; b=eTuNVkwXiQvTtV8NotbHljiJ7IE+xhiWIoo6RLlNkVyJEhZz4ZY2wCEruAlev01SlV wNOe6JJj6wQEOyYrZyWm8FQd1oNfuoyyZkwG3FJxzvEhZ2hSn7yfMzgM50RcUvILlpnv 7weI6cc9aSGBj8XuOT5j1mMog+ZjYPf2kl8bO+ohNILKOIl8kC6y6IvP7oHANukH1w54 Dh8r4UMjaW83o45klqKuWoUGAZ543ExMd66ZUmdyu0fNtDJ8KEN4YZKXIzmH6RrDCNMp JDjaQP8Cea8+3oAo8Qe2bi9MNQLkZqKnFO39xBifwBKGvqbhT0YsZZp/ZCHGtQiqnfCI 01zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Zr5apeb6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r2-v6si16351968pgk.452.2018.09.10.03.05.58; Mon, 10 Sep 2018 03:06:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Zr5apeb6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728146AbeIJO5f (ORCPT + 99 others); Mon, 10 Sep 2018 10:57:35 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:38369 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727311AbeIJO5e (ORCPT ); Mon, 10 Sep 2018 10:57:34 -0400 Received: by mail-io0-f196.google.com with SMTP id y3-v6so151501ioc.5 for ; Mon, 10 Sep 2018 03:04:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/xUu7u6g6nMLkUgxb4rUbhPm2CU+c5aV2ky3Qv0ymyc=; b=Zr5apeb6p4rHnmpi1U5i0XKxMEQlxO94tCXsU5IZqq7bjqhx+V3oFn0vaTwnotSEKe d4HPsxnWKDBrXvCgtXpfwn1BpH9dzCwG6W6wqxE00j3XpLGyqXPq+o+S2CHVsqvHKhqf f3uiu6QNome92+CrcrXIDvywkC48qLZteZMk7c9xYcKt4nfwcild5GtnQb91rT+lzfTu SjV4ivI9QNdwi1MPXKdmi76tua529LC/Q9K5Rgeebm3fG2Vyy7zhASd7PQY2nRE/9kzo ehYp2bJVRhuaP6Aq3CLOTGAZUmsQ9SsHnAiTt4sJQ3nJoMK5r5JAjQoC7X3RTCe6QBbi NQNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/xUu7u6g6nMLkUgxb4rUbhPm2CU+c5aV2ky3Qv0ymyc=; b=aP1kJjOqMF6BpV1cfIuI8IOcnQWoRV/jyJLGsDRbn7VBfw0CqrrVScy6SSkAE681XV l2h+CNvs+SwFFFHgwm00D4V/MESJVsbxZA56l5GdSN+/1CbsN+fTw6MNjhTIsxzAGpL3 dfmVMPy1CEB6uPxqCHLuKq8CaYnZArdCs0KMrg0/a0PqUgkaGk78pSVvik19ShYWVJEw UTlJIKlDHdm/WZOCDesd0QFOKqLHKPQNvoSgsthI2PLQ8d9CLZVj+Y5GM/h89LvYfF18 iDhaCelhub3iY2eG59yIfJb3/fSIPWL+P6J6T4T0guh6J/15mmwxum1TXPvchhs9xDZ3 8Puw== X-Gm-Message-State: APzg51DhqpimvZRdX3ZU5yNboL5iLeJgfsBGLw+mJYFlyp+ERzfy9+OJ b34TQ+qxs9x7x8Ng4SaZDL0vguuwAygJ2Z1Q3yvRlQ== X-Received: by 2002:a6b:f316:: with SMTP id m22-v6mr14788337ioh.271.1536573857448; Mon, 10 Sep 2018 03:04:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:5942:0:0:0:0:0 with HTTP; Mon, 10 Sep 2018 03:03:56 -0700 (PDT) In-Reply-To: References: <00000000000024df4605757495a8@google.com> From: Dmitry Vyukov Date: Mon, 10 Sep 2018 12:03:56 +0200 Message-ID: Subject: Re: possible deadlock in free_ioctx_users To: Miklos Szeredi , Peter Zijlstra , Ingo Molnar , Will Deacon Cc: syzbot , bcrl , linux-aio , linux-fsdevel , LKML , syzkaller-bugs , Al Viro Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 10, 2018 at 11:50 AM, Miklos Szeredi wrote: > On Mon, Sep 10, 2018 at 11:43 AM, Dmitry Vyukov wrote: >> On Mon, Sep 10, 2018 at 11:28 AM, Miklos Szeredi wrote: >>> On Sun, Sep 9, 2018 at 8:41 PM, syzbot >>> wrote: >>>> Hello, >>>> >>>> syzbot found the following crash on: >>>> >>>> HEAD commit: f8f65382c98a Merge tag 'for-linus' of git://git.kernel.org.. >>>> git tree: upstream >>>> console output: https://syzkaller.appspot.com/x/log.txt?x=113260ae400000 >>>> kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6 >>>> dashboard link: https://syzkaller.appspot.com/bug?extid=d86c4426a01f60feddc7 >>>> compiler: gcc (GCC) 8.0.1 20180413 (experimental) >>>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120baa9e400000 >>>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13979cbe400000 >>>> >>>> IMPORTANT: if you fix the bug, please add the following tag to the commit: >>>> Reported-by: syzbot+d86c4426a01f60feddc7@syzkaller.appspotmail.com >>>> >>>> random: sshd: uninitialized urandom read (32 bytes read) >>>> random: sshd: uninitialized urandom read (32 bytes read) >>>> random: sshd: uninitialized urandom read (32 bytes read) >>>> >>>> ======================================================== >>>> WARNING: possible irq lock inversion dependency detected >>>> 4.19.0-rc2+ #229 Not tainted >>>> -------------------------------------------------------- >>>> swapper/0/0 just changed the state of lock: >>>> 00000000c02bddef (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq >>>> include/linux/spinlock.h:354 [inline] >>>> 00000000c02bddef (&(&ctx->ctx_lock)->rlock){..-.}, at: >>>> free_ioctx_users+0xbc/0x710 fs/aio.c:603 >>>> but this lock took another, SOFTIRQ-unsafe lock in the past: >>>> (&fiq->waitq){+.+.} >>>> >>>> >>>> and interrupts could create inverse lock ordering between them. >>>> >>>> >>>> other info that might help us debug this: >>>> Possible interrupt unsafe locking scenario: >>>> >>>> CPU0 CPU1 >>>> ---- ---- >>>> lock(&fiq->waitq); >>>> local_irq_disable(); >>>> lock(&(&ctx->ctx_lock)->rlock); >>>> lock(&fiq->waitq); >>>> >>>> lock(&(&ctx->ctx_lock)->rlock); >>> >>> Fuse device doesn't support AIO ops. So false positive, AFAICS. >> >> Hi Miklos, >> >> We still need to annotate this. How? > > Good question. > > Isn't lockdep assuming too much here? It hasn't shown that that > ctx_lock instance was actually called from interrupt context, has it? +lockdep maintainers for lockdep false positive and how to annotate it Full reports are available here: https://syzkaller.appspot.com/bug?extid=d86c4426a01f60feddc7