Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4550025imu; Tue, 8 Jan 2019 02:06:36 -0800 (PST) X-Google-Smtp-Source: ALg8bN5xina16zkNdCvEx45XHbsts+gX4guJ10dfLWUoerCr5TJ4ooBbKa589cKbUDmTsdfPLLVm X-Received: by 2002:a63:ce50:: with SMTP id r16mr928921pgi.217.1546941996001; Tue, 08 Jan 2019 02:06:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546941995; cv=none; d=google.com; s=arc-20160816; b=zoMO3+Gfip0D0wpfCnR+fiMFP455Sngqj54tF8DSry856T3bqWXPWtPx8jw5Zfa6I7 J5mdEsc+0jTJawsESQNMdMx3sSb6W12ZH8dE6XvYeCqLt5GR/5JCVamn5a7zCp3kHXEP xhIbGr7WMjSScN81Gs5/+K8x1U6e+IrhhEurIXBmeNIVEVDEsbILdg2p6MIVC4j/8EeC 6aetmPK2E1S0E/dzvBgsX7XlRnXGhHKUgf2w3mZgr5r0cpTQ/UifuhziGc8SoNR13Hm5 vDt+iEug9R5kS0qnI7GLwK3eWru0GPbFVYK/xIVSdVjGLovutzp6Dg2+TJxIuFQyCHID g5Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:message-id:references :in-reply-to:subject:cc:to:from:date:content-transfer-encoding :mime-version; bh=XxTx8+B6FYpgBPDOoykLE6/wbH7a7tWrBZ154EV6ckU=; b=VtYbz0QM/T8IzY1XkM+aMJXUv43WUs0ZGYM2g5KRqW29hUrHGyDeL0i7/T7BCbpOTw nCzZc4nvAx/BMaIFjeNo5T8rubU6kGXqnzaItfHzPV504uq8nEbmPf1xFYMYbMYfAuPK Vx4ydlfyzCn6FGpTPZM2eo1K/0ONoU5ZHLiF46hGtgu0GMiiVHnlxyRejumnn/veu8WC 0z+lu6CelEpYab9XBvV4sRDX7pAgMmlTYFqxpb8YAPr+OJ55DYFI+p69HdTdjgV+Nt5G BnMn33AtAyG6c1sxMiUwB/vBSN/osDIfZYSy+2ynDgeLBm8ddWtBy6PeyCZBC9Ctq0Rp xdEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l12si43467615plc.0.2019.01.08.02.06.20; Tue, 08 Jan 2019 02:06:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728236AbfAHKFJ (ORCPT + 99 others); Tue, 8 Jan 2019 05:05:09 -0500 Received: from mx2.suse.de ([195.135.220.15]:59340 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727001AbfAHKFJ (ORCPT ); Tue, 8 Jan 2019 05:05:09 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 566C1B0DF; Tue, 8 Jan 2019 10:05:08 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 08 Jan 2019 11:05:08 +0100 From: Roman Penyaev To: Dmitry Vyukov Cc: Andrew Morton , Stephen Rothwell , linux-fsdevel , LKML , syzkaller-bugs , Al Viro Subject: Re: WARNING in ep_poll_callback In-Reply-To: References: <000000000000d8bec0057eec0a92@google.com> Message-ID: X-Sender: rpenyaev@suse.de User-Agent: Roundcube Webmail Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-01-08 07:00, Dmitry Vyukov wrote: > On Tue, Jan 8, 2019 at 6:59 AM syzbot > wrote: >> >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: 139287cc2cc0 Add linux-next specific files for >> 20190108 >> git tree: linux-next >> console output: >> https://syzkaller.appspot.com/x/log.txt?x=16f563d7400000 >> kernel config: >> https://syzkaller.appspot.com/x/.config?x=1521b074ff5a5bdf >> dashboard link: >> https://syzkaller.appspot.com/bug?extid=aea82bf9ee6ffd9a79d9 >> compiler: gcc (GCC) 9.0.0 20181231 (experimental) >> >> Unfortunately, I don't have any reproducer for this crash yet. > > Looks like caused by: > > commit f92cacf118171208f62519d92502a8dd0341286d > Author: Roman Penyaev > Date: Tue Jan 8 12:15:44 2019 +1100 > > epoll: loosen irq safety in ep_poll_callback() Yes, that was my wrong assumption that all drivers disable irqs before waking up a wait queue. Of course for drivers like fuse this is not a case. Thanks for reporting. The fix is simple: just remove wrong assert line :) The whole logic stays correct: epoll always locks rwlock with irqs disabled and by itself does not call from interrupt, thus it is up to driver how to call wake_up_locked(), because if driver does not handle any interrupts it is safe on its side to take a simple spin_lock. Patch is sent: https://lore.kernel.org/lkml/20190108100121.20247-1-rpenyaev@suse.de -- Roman