Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2508152imj;
        Mon, 11 Feb 2019 04:07:22 -0800 (PST)
X-Google-Smtp-Source: AHgI3IbFAYRYYP78R4PsX4ImBeJtyD327TAfwaaD6oXVc6cVB9SQlq3yZq+vcp9QG9i8kD8xeKaK
X-Received: by 2002:a63:f74f:: with SMTP id f15mr33295863pgk.190.1549886841964;
        Mon, 11 Feb 2019 04:07:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549886841; cv=none;
        d=google.com; s=arc-20160816;
        b=bt7BLfEWlA+w+h+5HEF4X8/fbIhXIio9nSUFIdp2Kpyg2o1EPKFp+Flit6dzkTtRTE
         k3deUTFlDI5GL/8+koI4HeYS6lQP92a31+vHjTUS/6bWCpBl5Om6nLFtpqoC26OWDGYM
         mAiR4Smfuh4GyMbZLXTQI1dpNTBHykKURlu7b4pjClnFpRFYLPTPilN3t+wvVhhFcj6A
         HgKNfZTEM8QImngAQqEvpeWlF0N3UJluVGd4WgHTs1wQuGsS3QjoNydrnsGmx/qeluKg
         KEF74y4LICxMAPc8Itdm+vdaXu6snlB08kT4ROpVJyvU/EJckQgz8gwhilRg1T6+4EPD
         KeWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=Z2Xh5zlpM8WIhAH4sklxUfsqKEREhJGqUEeIguWIA/Y=;
        b=oBOEH3YbCZKFsI0i6poN7xmt5JPc7rE6dNTXnJAukw4QlZgbblZDat8wBhn3Fa2l/J
         fYSzP2zyz5iv7OyQaT9KaMf5loCdDX26g331qUC0y1EswytpGzDnZAIdiw5ztWyGOs2h
         EKXuNrQ9Z/QSpCxR2OTpM0MVvbtyX96uVWBBFQ3fgjxkKu65+LXnx0hTTVfQGTc8M4bQ
         YL4FeiA1OaWSFetKPbRIdnUoe9enlG320eCEjFEcPJF9j4TCcNyheTYmFWoqJCthrIZe
         XYS9oiAzbbq0o/ocIkeg79/DDd/0uXOdz1pfWzxdvIFyoLOnDmx4rrzCtHRxoJfqFmEz
         GXgw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=JrdMjMpK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 23si5208380pgs.342.2019.02.11.04.06.59;
        Mon, 11 Feb 2019 04:07:21 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=JrdMjMpK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726358AbfBKMGr (ORCPT <rfc822;jekfish0@gmail.com> + 99 others);
        Mon, 11 Feb 2019 07:06:47 -0500
Received: from mail-it1-f196.google.com ([209.85.166.196]:54901 "EHLO
        mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726036AbfBKMGr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Feb 2019 07:06:47 -0500
Received: by mail-it1-f196.google.com with SMTP id i145so25638203ita.4
        for <linux-kernel@vger.kernel.org>; Mon, 11 Feb 2019 04:06:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Z2Xh5zlpM8WIhAH4sklxUfsqKEREhJGqUEeIguWIA/Y=;
        b=JrdMjMpKUnaCUmmQbr1lleqQRlfzOG4vZXJCKK8US6k1LBqOoJDTkrzNR391jmrkVD
         Qs6jcMcqLq1eBUa1Q6v+iS+Bmx5lEHRal7q+H//NUhm4o/9gZQ04PFLMWrOaUq94Bgrl
         FP3xh7XM1NYnVTUFzPv7jmFxe6dWWKMfgTiiI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Z2Xh5zlpM8WIhAH4sklxUfsqKEREhJGqUEeIguWIA/Y=;
        b=cPAuSGuZgPIVnZL9l6q6O8Lyhfw089+AZ84HWFoiGh7y4sE9Lv7Hitj0tHlh/Kc4u7
         ETI8Lqt8injPEw2G30B68bf5lhmxTdrqbdn0HkLrY/q1wKc34+aYM5wk1fMIj8/Raah0
         +0FULY7VA325GEAZWh2RGFSXsLgNFpLOIqoaxHqdbJ09bhYxPBtobxP5CAoIeb5Xvk9N
         aFbalnBsajZ1QM4cMLYVJ4OqHuHxlT3jxm3evgC6cEKsY+BCTmKJ/2aXbpfOHAu6aNYH
         Rhejd3/lT/DbpPwl8MN5CD7KkvXOrruhACOisK/uOjVDxQfjdwR2xmGbMT1AhmQW8QVU
         FfXg==
X-Gm-Message-State: AHQUAuZRXkhY0UFQVZIcSPnREmQ3QQMw+sfpXllAmwSBgp9UKzmwm8D1
        p/UOmenAj/IgxrmuQWeVRN8eqJEr3i1pwnFpyCkCYg==
X-Received: by 2002:a5e:d803:: with SMTP id l3mr13273864iok.144.1549886805856;
 Mon, 11 Feb 2019 04:06:45 -0800 (PST)
MIME-Version: 1.0
References: <000000000000701c3305818e4814@google.com> <CAOQ4uxhhRs6kBH2rgbPyjd=tXoxxuJG76Y2vpCYmD0c0HzLwhA@mail.gmail.com>
In-Reply-To: <CAOQ4uxhhRs6kBH2rgbPyjd=tXoxxuJG76Y2vpCYmD0c0HzLwhA@mail.gmail.com>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Mon, 11 Feb 2019 13:06:34 +0100
Message-ID: <CAJfpegvjLgXa1HOCZkz6RKup7UdioMGyY7W4miyqcRtn9PL4QA@mail.gmail.com>
Subject: Re: possible deadlock in pipe_lock (2)
To:     Amir Goldstein <amir73il@gmail.com>
Cc:     linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        syzkaller-bugs@googlegroups.com, Al Viro <viro@zeniv.linux.org.uk>,
        syzbot <syzbot+31d8b84465a7cbfd8515@syzkaller.appspotmail.com>,
        overlayfs <linux-unionfs@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 11, 2019 at 8:38 AM Amir Goldstein <amir73il@gmail.com> wrote:
>
> On Sun, Feb 10, 2019 at 8:23 PM syzbot
> <syzbot+31d8b84465a7cbfd8515@syzkaller.appspotmail.com> wrote:

> > -> #1 (&ovl_i_mutex_key[depth]){+.+.}:
> >         down_write+0x38/0x90 kernel/locking/rwsem.c:70
> >         inode_lock include/linux/fs.h:757 [inline]
> >         ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231
> >         call_write_iter include/linux/fs.h:1863 [inline]
> >         new_sync_write fs/read_write.c:474 [inline]
> >         __vfs_write+0x613/0x8e0 fs/read_write.c:487
> > kobject: 'loop4' (000000009e2b886d): kobject_uevent_env
> >         __kernel_write+0x110/0x3b0 fs/read_write.c:506
> >         write_pipe_buf+0x15d/0x1f0 fs/splice.c:797
> >         splice_from_pipe_feed fs/splice.c:503 [inline]
> >         __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627
> >         splice_from_pipe+0x108/0x170 fs/splice.c:662
> >         default_file_splice_write+0x3c/0x90 fs/splice.c:809

Irrelevant to the lockdep splat, but why isn't there an
ovl_splice_write() that just recurses into realfile->splice_write()?
Sounds like a much more efficient way to handle splice read and
write...

[...]

> Miklos,
>
> Its good that this report popped up again, because I went to
> look back at my notes from previous report [1].
> If I was right in my previous analysis then we must have a real
> deadlock in current "lazy copy up" WIP patches. Right?

Hmm, AFAICS this circular dependency translated into layman's terms:

pipe lock -> ovl inode lock  (splice to ovl file)

ovl inode lock -> upper freeze lock (truncate of ovl file)

upper freeze lock -> pipe lock (splice to upper file)

> "This looks like a false positive because lockdep is not aware of
> s_stack_depth of the file (fs) associated with the pipe.

But AFAICS the above dependency doesn't include copy up or stacked
overlay, so looks like a real deadlock.

Am I missing something?

Thanks,
Miklos