回复: possible deadlock in io_poll_double_wake (2)

"Zhang, Qiang" <Qiang.Zhang@xxxxxxxxxxxxx> · Wed, 3 Mar 2021 12:45:10 +0000

________________________________________
发件人: Zhang, Qiang <Qiang.Zhang@xxxxxxxxxxxxx>
发送时间: 2021年3月3日 20:15
收件人: Jens Axboe; syzbot; asml.silence@xxxxxxxxx; io-uring@xxxxxxxxxxxxxxx; linux-fsdevel@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; syzkaller-bugs@xxxxxxxxxxxxxxxx; viro@xxxxxxxxxxxxxxxxxx
主题: 回复: possible deadlock in io_poll_double_wake (2)

________________________________________
发件人: Jens Axboe <axboe@xxxxxxxxx>
发送时间: 2021年3月3日 1:20
收件人: syzbot; asml.silence@xxxxxxxxx; io-uring@xxxxxxxxxxxxxxx; linux-fsdevel@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; syzkaller-bugs@xxxxxxxxxxxxxxxx; viro@xxxxxxxxxxxxxxxxxx
主题: Re: possible deadlock in io_poll_double_wake (2)

[Please note: This e-mail is from an EXTERNAL e-mail address]

On 2/28/21 9:18 PM, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> possible deadlock in io_poll_double_wake
>
> ============================================
> WARNING: possible recursive locking detected
> 5.11.0-syzkaller #0 Not tainted
> --------------------------------------------
> syz-executor.0/10241 is trying to acquire lock:
> ffff888012e09130 (&runtime->sleep){..-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
> ffff888012e09130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake+0x25f/0x6a0 fs/io_uring.c:4921
>
> but task is already holding lock:
> ffff888013b00130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137
>
> other info that might help us debug this:
>  Possible unsafe locking scenario:
>
>        CPU0
>        ----
>   lock(&runtime->sleep);
>   lock(&runtime->sleep);
>
>  *** DEADLOCK ***
>
>  May be due to missing lock nesting notation
>
>Since the fix is in yet this keeps failing (and I didn't get it), >I looked
>closer at this report. While the names of the locks are the >same, they are
>really two different locks. So let's try this...

>Hello Jens Axboe

Sorry for I make  noise, please ignore this information.

>Sorry, I provided the wrong information before.
>I'm not very familiar with io_uring,  before we start >vfs_poll again,  should we set  'poll->head = NULL'  ?
>
>diff --git a/fs/io_uring.c b/fs/io_uring.c
>index 42b675939582..cae605c14510 100644
>--- a/fs/io_uring.c
>+++ b/fs/io_uring.c
>@@ -4824,7 +4824,7 @@ static bool io_poll_rewait(struct >io_kiocb *req, struct io_poll_iocb *poll)
>
>        if (!req->result && !READ_ONCE(poll->canceled)) {
>                struct poll_table_struct pt = { ._key = poll->events >};
>-
>+               poll->head = NULL;
>                req->result = vfs_poll(req->file, &pt) & >poll->events;
>        }

>Thanks
>Qiang

>
>#syz test: git://git.kernel.dk/linux-block syzbot-test
>
>--
>Jens Axboe