On 10/8/20 4:27 PM, Matthew Wilcox wrote:
>
> If I understand the lockdep report here, this actually isn't an XArray
> issue, although I do think there is one.
>
> On Thu, Oct 08, 2020 at 02:14:20PM -0700, syzbot wrote:
>> ================================
>> WARNING: inconsistent lock state
>> 5.9.0-rc8-next-20201008-syzkaller #0 Not tainted
>> --------------------------------
>> inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
>> swapper/0/0 [HC0[0]:SC1[1]:HE0:SE0] takes:
>> ffff888025f65018 (&xa->xa_lock#7){+.?.}-{2:2}, at: xa_destroy+0xaa/0x350 lib/xarray.c:2205
>> {SOFTIRQ-ON-W} state was registered at:
>> lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5419
>> __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
>> _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
>> spin_lock include/linux/spinlock.h:354 [inline]
>> io_uring_add_task_file fs/io_uring.c:8607 [inline]
>
> You're using the XArray in a non-interrupt-disabling mode.
>
>> _raw_spin_lock_irqsave+0x94/0xd0 kernel/locking/spinlock.c:159
>> xa_destroy+0xaa/0x350 lib/xarray.c:2205
>> __io_uring_free+0x60/0xc0 fs/io_uring.c:7693
>> io_uring_free include/linux/io_uring.h:40 [inline]
>> __put_task_struct+0xff/0x3f0 kernel/fork.c:732
>> put_task_struct include/linux/sched/task.h:111 [inline]
>> delayed_put_task_struct+0x1f6/0x340 kernel/exit.c:172
>> rcu_do_batch kernel/rcu/tree.c:2484 [inline]
>
> But you're calling xa_destroy() from in-interrupt context.
> So (as far as lockdep is concerned), no matter what I do in
> xa_destroy(), this potential deadlock is there. You'd need to be
> using xa_init_flags(XA_FLAGS_LOCK_IRQ) if you actually needed to call
> xa_destroy() here.
Yeah good point, I guess that last free is in softirq from RCU.
> Fortunately, it seems you don't need to call xa_destroy() at all, so
> that problem is solved, but the patch I have here wouldn't help.
Right, it wouldn't have helped this case.
--
Jens Axboe
