On 2019-01-08 07:00, Dmitry Vyukov wrote:
On Tue, Jan 8, 2019 at 6:59 AM syzbot
<syzbot+aea82bf9ee6ffd9a79d9@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello,
syzbot found the following crash on:
HEAD commit: 139287cc2cc0 Add linux-next specific files for
20190108
git tree: linux-next
console output:
https://syzkaller.appspot.com/x/log.txt?x=16f563d7400000
kernel config:
https://syzkaller.appspot.com/x/.config?x=1521b074ff5a5bdf
dashboard link:
https://syzkaller.appspot.com/bug?extid=aea82bf9ee6ffd9a79d9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
Looks like caused by:
commit f92cacf118171208f62519d92502a8dd0341286d
Author: Roman Penyaev
Date: Tue Jan 8 12:15:44 2019 +1100
epoll: loosen irq safety in ep_poll_callback()
Yes, that was my wrong assumption that all drivers disable irqs before
waking up a wait queue. Of course for drivers like fuse this is not
a case. Thanks for reporting.
The fix is simple: just remove wrong assert line :) The whole logic
stays correct: epoll always locks rwlock with irqs disabled and by
itself does not call from interrupt, thus it is up to driver how to
call wake_up_locked(), because if driver does not handle any interrupts
it is safe on its side to take a simple spin_lock.
Patch is sent:
https://lore.kernel.org/lkml/20190108100121.20247-1-rpenyaev@xxxxxxx
--
Roman