On Thu, Apr 19, 2018 at 01:15:59AM +0100, Al Viro wrote: > On Thu, Apr 19, 2018 at 01:06:13AM +0100, Al Viro wrote: > > On Wed, Apr 18, 2018 at 05:00:29PM -0700, Eric Biggers wrote: > > > Hi Chris and other btrfs folks, > > > > > > btrfs_mkdir() calls d_instantiate() before unlock_new_inode(), which is wrong > > > because it exposes the inode to lookups before it's been fully initialized. > > > > Huh? It *is* fully initialized by that point; what else is left to do? > > ISTR something about false positives from lockdep (with > lockdep_annotate_inode_mutex_key() called too late, perhaps?); said that, it > was a long time ago and I don't remember details at the moment... Are you > actually seeing a deadlock there or is that just lockdep complaining? It's an actual deadlock. unlock_new_inode() calls lockdep_annotate_inode_mutex_key() which calls init_rwsem(), which resets i_rwsem->count while it's read-locked by lookup_slow(). Then the unlock in lookup_slow() makes i_rwsem->count negative, which makes it appear to be write-locked. So no, the inode isn't fully initialized until unlock_new_inode() ran. Eric