linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Zhang, Qiang" <Qiang.Zhang@windriver.com>
To: Jens Axboe <axboe@kernel.dk>,
	syzbot <syzbot+28abd693db9e92c160d8@syzkaller.appspotmail.com>,
	"asml.silence@gmail.com" <asml.silence@gmail.com>,
	"io-uring@vger.kernel.org" <io-uring@vger.kernel.org>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"syzkaller-bugs@googlegroups.com"
	<syzkaller-bugs@googlegroups.com>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>
Subject: 回复: possible deadlock in io_poll_double_wake (2)
Date: Wed, 3 Mar 2021 12:15:16 +0000	[thread overview]
Message-ID: <BYAPR11MB2632D4973C567EDF64A6728BFF989@BYAPR11MB2632.namprd11.prod.outlook.com> (raw)
In-Reply-To: <586d357d-8c4c-8875-3a1c-0599a0a64da0@kernel.dk>



________________________________________
发件人: Jens Axboe <axboe@kernel.dk>
发送时间: 2021年3月3日 1:20
收件人: syzbot; asml.silence@gmail.com; io-uring@vger.kernel.org; linux-fsdevel@vger.kernel.org; linux-kernel@vger.kernel.org; syzkaller-bugs@googlegroups.com; viro@zeniv.linux.org.uk
主题: Re: possible deadlock in io_poll_double_wake (2)

[Please note: This e-mail is from an EXTERNAL e-mail address]

On 2/28/21 9:18 PM, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> possible deadlock in io_poll_double_wake
>
> ============================================
> WARNING: possible recursive locking detected
> 5.11.0-syzkaller #0 Not tainted
> --------------------------------------------
> syz-executor.0/10241 is trying to acquire lock:
> ffff888012e09130 (&runtime->sleep){..-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
> ffff888012e09130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake+0x25f/0x6a0 fs/io_uring.c:4921
>
> but task is already holding lock:
> ffff888013b00130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137
>
> other info that might help us debug this:
>  Possible unsafe locking scenario:
>
>        CPU0
>        ----
>   lock(&runtime->sleep);
>   lock(&runtime->sleep);
>
>  *** DEADLOCK ***
>
>  May be due to missing lock nesting notation
>
>Since the fix is in yet this keeps failing (and I didn't get it), >I looked
>closer at this report. While the names of the locks are the >same, they are
>really two different locks. So let's try this...

Hello Jens Axboe

Sorry, I provided the wrong information before. 
I'm not very familiar with io_uring,  before we start vfs_poll again,  should we set  'poll->head = NULL'  ?  

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 42b675939582..cae605c14510 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -4824,7 +4824,7 @@ static bool io_poll_rewait(struct io_kiocb *req, struct io_poll_iocb *poll)
 
        if (!req->result && !READ_ONCE(poll->canceled)) {
                struct poll_table_struct pt = { ._key = poll->events };
-
+               poll->head = NULL;
                req->result = vfs_poll(req->file, &pt) & poll->events;
        }

 

Thanks
Qiang

>
>#syz test: git://git.kernel.dk/linux-block syzbot-test
>
>--
>Jens Axboe


  parent reply	other threads:[~2021-03-03 16:51 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-29  2:28 possible deadlock in io_poll_double_wake (2) syzbot
2021-02-28  0:42 ` syzbot
2021-02-28 23:08   ` Jens Axboe
2021-03-01  2:08     ` 回复: " Zhang, Qiang
2021-03-01  2:48       ` Jens Axboe
2021-03-01  4:18     ` syzbot
2021-03-01 15:27       ` Jens Axboe
2021-03-01 15:55         ` syzbot
2021-03-02 17:20       ` Jens Axboe
2021-03-02 18:59         ` syzbot
2021-03-03  4:01           ` Jens Axboe
2021-03-03 11:36             ` syzbot
2021-03-03 12:15         ` Zhang, Qiang [this message]
2021-03-03 12:45           ` 回复: " Zhang, Qiang
     [not found]         ` <20210303065231.1589-1-hdanton@sina.com>
2021-03-03 13:39           ` Jens Axboe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BYAPR11MB2632D4973C567EDF64A6728BFF989@BYAPR11MB2632.namprd11.prod.outlook.com \
    --to=qiang.zhang@windriver.com \
    --cc=asml.silence@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=io-uring@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+28abd693db9e92c160d8@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).