Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1868236ybz; Thu, 16 Apr 2020 17:21:36 -0700 (PDT) X-Google-Smtp-Source: APiQypI+h8ILMtN3BBWZFSWXPPM2uu9KbiOgsLxd+Fk+H22UOliO7LznNclvRI2bbVZzINjY9s+j X-Received: by 2002:a17:907:2069:: with SMTP id qp9mr595830ejb.137.1587082896709; Thu, 16 Apr 2020 17:21:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587082896; cv=none; d=google.com; s=arc-20160816; b=dkZx40x3CvmAN6ZYd+erWLdVSdeXd557BVHL5ChFa/tD65dipccHs7kD+ecwPvGWlV 4DLvUe/9ek99vLYCZfhEoAyQZUPyw7MN73S48n9Avqqg4khe84sC5r9mkc2T0ISNGev4 H4X2kD+daFFJgitz6k3WZMoo3ZXsKu1dHMkeFHsVSynlWfJ6O4O7xsmRvZzOZK2TQsxN HcNvIeVJ8Dxb9+NPN14SpSh1aMOxhCEymrE4kTxgntaS7y2tvq3BE/ReVm4L6qBiVlZN wVCwdts4xAKKo3vB6cChhnF+671dpKnzlZHEYRdQbKw/ke+vDmlrdkvce9j4r/p2VP7M 0qdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature; bh=thOqoeUHNa8nm/nAkMJNqT4+ado+3DKRxJPNfHmOJgE=; b=B5F3c9XlljHSd5vR9N5ndnGVq0ZXzNOPNl+18QGdWk0UUv6V3giXd+fow5sLZO9UW2 08nU6QBeMa6OUmOR+6jwR98d07QOgvrHux3e5mZ5VWGLVYUSPMfGAFX2K5CE5E0c8sBw Szk5wTkcVFv9pFruPGKiH0pqRR2w4OQ+NTuVksj8a3eBW3Ow47RQ1JWsWUpQm+SrQwic TumBKWrIAWAcH53Dy6QKBUikncx6iFOFgv1UVs8GpXU4+4R9S3yWjWC0Fi4mGYXBkGc9 SWhTvzKkqDHLOTboexeIebEm7kDAv6ZNf3RW9Cmh8Xb3UWtkM/JlNJfzA5F7a692Ux4g 859g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b7b+mYhR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s19si2108640ejz.320.2020.04.16.17.21.11; Thu, 16 Apr 2020 17:21:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b7b+mYhR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727930AbgDQAUC (ORCPT + 99 others); Thu, 16 Apr 2020 20:20:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44694 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726245AbgDQAUB (ORCPT ); Thu, 16 Apr 2020 20:20:01 -0400 Received: from mail-oi1-x243.google.com (mail-oi1-x243.google.com [IPv6:2607:f8b0:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0865C061A0C for ; Thu, 16 Apr 2020 17:20:01 -0700 (PDT) Received: by mail-oi1-x243.google.com with SMTP id k133so568808oih.12 for ; Thu, 16 Apr 2020 17:20:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:mime-version; bh=thOqoeUHNa8nm/nAkMJNqT4+ado+3DKRxJPNfHmOJgE=; b=b7b+mYhRh7/JSsY7PVsVxFpRfDl9fUnqJhTt41LRlYbLYCyeEJ8oJESMkG9A7xhLq8 qqDFRibQ52QZC+t9zDTS/ueyEbIQ9r7dyjCmKqNTpk8VMJUKfSn9jYWU3/iPYB/JgxEP IzBUsHQ4yyTcKtGsi7071Or3Lqyst1OvX2I4kRqjbrAd3KLxYUWE69IAoSzwCX2KIiCq kAjLWc8o/dCTkm7IrZCQgDZv6eR0sBywNIEYvD/HRNyBKzZJsxpeVYT0viTVjxUakfLs oJax/+ot1j1mY7S/ii+9QBKDSgWMngGkxxghIO2LAefHkibanea+XkqJuxS/Y7cyHWyl VXIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:user-agent:mime-version; bh=thOqoeUHNa8nm/nAkMJNqT4+ado+3DKRxJPNfHmOJgE=; b=npX1mSox3sDbBKjXzdMV0XQY5alDm5YoExLl5nf3zzpXhAtzkGjbyo2c5Fj5xh/knM YQy8isQH/i2bse1ku4kjBYFaKaI1Npze+1YMWARe3AQgCiVYg18EbpIFOlweap1P3dhE bVyArt4ROiLmTZeiKvStkg89YhasLULXDnv5G5wD0bmmmU87aAzZdNrzA5bO1yrZIs+F czYakCMib+30GDbDJ04yN/35xsH7KKIvqU1PLVPM4SzETgcSyr55WaHR8xf2HFLImv/P 4y+8jiMbVHo7qJQmEBGlnrOt3tFGEc7KY/Z0GjWBeAjYXvgeSPCOXiImbD1VshM+IiE1 +E4A== X-Gm-Message-State: AGi0PuYk+uwJxM0uZjKTsABex4Wxrwar/XrtuUj6LBVfzbicsk3YJL4e nL0VyZooi/8jo08wIyqb/UdBjlMRbzI= X-Received: by 2002:a05:6808:d9:: with SMTP id t25mr497092oic.147.1587082800737; Thu, 16 Apr 2020 17:20:00 -0700 (PDT) Received: from eggly.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id q7sm7526189otc.63.2020.04.16.17.19.59 (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128); Thu, 16 Apr 2020 17:20:00 -0700 (PDT) Date: Thu, 16 Apr 2020 17:19:43 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@eggly.anvils To: Yang Shi cc: Hugh Dickins , syzbot , Andrew Morton , Linux Kernel Mailing List , Linux MM , syzkaller-bugs@googlegroups.com, Linus Torvalds Subject: Re: possible deadlock in shmem_uncharge In-Reply-To: Message-ID: References: <000000000000e5838c05a3152f53@google.com> User-Agent: Alpine 2.11 (LSU 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 15 Apr 2020, Hugh Dickins wrote: > On Wed, 15 Apr 2020, Yang Shi wrote: > > On Wed, Apr 15, 2020 at 7:04 PM Hugh Dickins wrote: > > > On Mon, 13 Apr 2020, Yang Shi wrote: > > > > > > > > It looks shmem_uncharge() is just called by __split_huge_page() and > > > > collapse_file(). The collapse_file() has acquired xa_lock with irq > > > > disabled before acquiring info->lock, so it is safe. > > > > __split_huge_page() is called with holding xa_lock with irq enabled, > > > > but lru_lock is acquired with irq disabled before acquiring xa_lock. > > > > > > > > So, it is unnecessary to acquire info->lock with irq disabled in > > > > shmem_uncharge(). Can syzbot try the below patch? > > > > > > But I disagree with the patch below. You're right that IRQ-disabling > > > here is unnecessary, given its two callers; but I'm not sure that we > > > want it to look different from shmem_charge() and all other info->lock > > > takers; and, more importantly, I don't see how removing the redundant > > > IRQ-saving below could make it any less liable to deadlock. > > > > Yes, I realized the patch can't suppress the lockdep splat. But, > > actually I didn't understand how this deadlock could happen because > > info_lock is acquired with IRQ disabled before acquiring > > user_shm_lock. So, interrupt can't come in at all if I didn't miss > > anything. > > I think the story it's trying to tell is this (but, like most of us, > I do find Mr Lockdep embarrassingly difficult to understand; and I'm > not much good at drawing race diagrams either): > > CPU0 was in user_shm_unlock(), it's got shmlock_user_lock, then an > interrupt comes in. It's an endio kind of interrupt, which goes off > to test_clear_page_writeback(), which wants the xa_lock on i_pages. > > Meanwhile, CPU1 was doing some SysV SHM locking, it's got as far as > shmem_lock(), it has acquired info->lock, and goes off to user_shm_lock() > which wants shmlock_user_lock. > > But sadly, CPU2 is splitting a shmem THP, calling shmem_uncharge() > that wants info->lock while outer level holds xa_lock on i_pages: > with interrupts properly disabled, but that doesn't help. > > Now, that story doesn't quite hold up as a deadlock, because shmem > doesn't use writeback tags; and (unless you set shmem_enabled "force") > I don't think there's a way to get shmem THPs in SysV SHM (and are > they hole-punchable? maybe through MADV_REMOVE); so it looks like > we're talking about different inodes. > > But lockdep is right to report it, and more thought might arrive at > a more convincing scenario. Anyway, easily fixed and best fixed. > > (But now I think my patch must wait until tomorrow.) https://lore.kernel.org/lkml/alpine.LSU.2.11.2004161707410.16322@eggly.anvils/