bisecting fixing commit since 7b1b868e1d9156484ccce9bf11122c053de82617 building syzkaller on bca53db974f570410921f59b8c2c59a3d263cb44 testing commit 7b1b868e1d9156484ccce9bf11122c053de82617 with gcc (GCC) 8.1.0 kernel signature: 6c67bc70a0e314730382cace95639d0b95fa84e0ade1b0611a815e1051c6cca2 all runs: crashed: possible deadlock in send_sigio testing current HEAD bec4c2968fce2f44ce62d05288a633cd99a722eb testing commit bec4c2968fce2f44ce62d05288a633cd99a722eb with gcc (GCC) 8.1.0 kernel signature: 31fb133e783286bb3d4fa43487c09a92c6b4922933c85315d1539c8afad458d8 all runs: OK # git bisect start bec4c2968fce2f44ce62d05288a633cd99a722eb 7b1b868e1d9156484ccce9bf11122c053de82617 Bisecting: 7462 revisions left to test after this (roughly 13 steps) [61f914256c56a39a96dc14eae9f394d35b934812] Merge tag 'platform-drivers-x86-v5.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 61f914256c56a39a96dc14eae9f394d35b934812 with gcc (GCC) 8.1.0 kernel signature: a92c3a49d75eadbeb74d284cd27211ec584e000609224fa67dfa808ddb3402e9 all runs: crashed: possible deadlock in send_sigio # git bisect good 61f914256c56a39a96dc14eae9f394d35b934812 Bisecting: 3765 revisions left to test after this (roughly 12 steps) [83005cd6bc76eef7bbf46b55bbb00ccc9534c38c] Merge tag 'mailbox-v5.11' of git://git.linaro.org/landing-teams/working/fujitsu/integration testing commit 83005cd6bc76eef7bbf46b55bbb00ccc9534c38c with gcc (GCC) 8.1.0 kernel signature: 33317968c17a0829ecc3d06d791fc504adaa4bd82e935306ce78c8c4aca07a71 all runs: OK # git bisect bad 83005cd6bc76eef7bbf46b55bbb00ccc9534c38c Bisecting: 1776 revisions left to test after this (roughly 11 steps) [009bd55dfcc857d8b00a5bbb17a8db060317af6f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 009bd55dfcc857d8b00a5bbb17a8db060317af6f with gcc (GCC) 8.1.0 kernel signature: e995836bb1a605fb5a6a7b867fb8f666e04b31b9912919dfd31101f295dbd671 all runs: OK # git bisect bad 009bd55dfcc857d8b00a5bbb17a8db060317af6f Bisecting: 935 revisions left to test after this (roughly 10 steps) [f986e350833347cb605d9d1ed517325c9a97808d] Merge branch 'akpm' (patches from Andrew) testing commit f986e350833347cb605d9d1ed517325c9a97808d with gcc (GCC) 8.1.0 kernel signature: d51003e9ed9716366aeba75534fd394b37d07924ac75c1683b341f0edf78252f all runs: OK # git bisect bad f986e350833347cb605d9d1ed517325c9a97808d Bisecting: 494 revisions left to test after this (roughly 9 steps) [8958b2491104d7f254cff0698505392582dbc13a] mm: fix some spelling mistakes in comments testing commit 8958b2491104d7f254cff0698505392582dbc13a with gcc (GCC) 8.1.0 kernel signature: 172d912f0f831cd6c937227f7d24268b1bedf061c9e74196bb8713172494a43e all runs: crashed: possible deadlock in send_sigio # git bisect good 8958b2491104d7f254cff0698505392582dbc13a Bisecting: 229 revisions left to test after this (roughly 8 steps) [f1ee3b8829006b3fda999f00f0059aa327e3f3d0] Merge tag 'for-5.11-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit f1ee3b8829006b3fda999f00f0059aa327e3f3d0 with gcc (GCC) 8.1.0 kernel signature: 7c88037c467c044f5ab2c4cfb747b21a6978fb889d09c818f897cb4d6a37fae3 all runs: OK # git bisect bad f1ee3b8829006b3fda999f00f0059aa327e3f3d0 Bisecting: 132 revisions left to test after this (roughly 7 steps) [445d8ab53f69f4c4062b668c6a25b88a79753136] btrfs: sysfs: remove unneeded semicolon testing commit 445d8ab53f69f4c4062b668c6a25b88a79753136 with gcc (GCC) 8.1.0 kernel signature: fcefac8d0984e6f45f8f5483da468af735cbd59e089a147bc985f27e0e243b43 all runs: crashed: possible deadlock in send_sigio # git bisect good 445d8ab53f69f4c4062b668c6a25b88a79753136 Bisecting: 66 revisions left to test after this (roughly 6 steps) [a725cb4d708e5ac8bc76a70b3002ff64c07312d8] Merge tag 'locks-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux testing commit a725cb4d708e5ac8bc76a70b3002ff64c07312d8 with gcc (GCC) 8.1.0 kernel signature: fab457320bc5983fec22546e7510ccc03e0eb71d0c052a13bf2767d2c01e4004 all runs: OK # git bisect bad a725cb4d708e5ac8bc76a70b3002ff64c07312d8 Bisecting: 32 revisions left to test after this (roughly 5 steps) [b44786c9bdc46eac8388843f0a6116369cb18bca] remoteproc: pru: Add support for various PRU cores on K3 J721E SoCs testing commit b44786c9bdc46eac8388843f0a6116369cb18bca with gcc (GCC) 8.1.0 kernel signature: 30544034e106462396307f583970be40842fdabbba177f901398da31b25d400c all runs: crashed: possible deadlock in send_sigio # git bisect good b44786c9bdc46eac8388843f0a6116369cb18bca Bisecting: 17 revisions left to test after this (roughly 4 steps) [ef9df0011791ce302b646e2adf3c698f3b20b90a] Merge tag 'rproc-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit ef9df0011791ce302b646e2adf3c698f3b20b90a with gcc (GCC) 8.1.0 kernel signature: 4aeefd2e01f13a6eff5e15272dbff7f2e960dcbcd6691a5ab80522a17b2a40b4 all runs: crashed: possible deadlock in send_sigio # git bisect good ef9df0011791ce302b646e2adf3c698f3b20b90a Bisecting: 9 revisions left to test after this (roughly 3 steps) [950a7388f02bf775515d13dc508cb9d749bd6d91] rpmsg: Turn name service into a stand alone driver testing commit 950a7388f02bf775515d13dc508cb9d749bd6d91 with gcc (GCC) 8.1.0 kernel signature: f638618528142a69f8f64db1f8952aa630bd087c1726ced5b128345dd6a86860 all runs: crashed: possible deadlock in send_sigio # git bisect good 950a7388f02bf775515d13dc508cb9d749bd6d91 Bisecting: 4 revisions left to test after this (roughly 2 steps) [0e10f9c89332def4288b33866a1b793ffc94107b] Merge tag 'hwlock-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit 0e10f9c89332def4288b33866a1b793ffc94107b with gcc (GCC) 8.1.0 kernel signature: 4aeefd2e01f13a6eff5e15272dbff7f2e960dcbcd6691a5ab80522a17b2a40b4 all runs: crashed: possible deadlock in send_sigio # git bisect good 0e10f9c89332def4288b33866a1b793ffc94107b Bisecting: 2 revisions left to test after this (roughly 1 step) [529adfe8f131c60938ece113379f1a07640aefb1] locks: fix a typo at a kernel-doc markup testing commit 529adfe8f131c60938ece113379f1a07640aefb1 with gcc (GCC) 8.1.0 kernel signature: f638618528142a69f8f64db1f8952aa630bd087c1726ced5b128345dd6a86860 all runs: crashed: possible deadlock in send_sigio # git bisect good 529adfe8f131c60938ece113379f1a07640aefb1 Bisecting: 1 revision left to test after this (roughly 1 step) [8d1ddb5e79374fb277985a6b3faa2ed8631c5b4c] fcntl: Fix potential deadlock in send_sig{io, urg}() testing commit 8d1ddb5e79374fb277985a6b3faa2ed8631c5b4c with gcc (GCC) 8.1.0 kernel signature: 9e0ac1715d5076271e84a7c45722c53ea0a5a375795839cb4494e7f43f1853ec all runs: OK # git bisect bad 8d1ddb5e79374fb277985a6b3faa2ed8631c5b4c 8d1ddb5e79374fb277985a6b3faa2ed8631c5b4c is the first bad commit commit 8d1ddb5e79374fb277985a6b3faa2ed8631c5b4c Author: Boqun Feng Date: Thu Nov 5 14:23:51 2020 +0800 fcntl: Fix potential deadlock in send_sig{io, urg}() Syzbot reports a potential deadlock found by the newly added recursive read deadlock detection in lockdep: [...] ======================================================== [...] WARNING: possible irq lock inversion dependency detected [...] 5.9.0-rc2-syzkaller #0 Not tainted [...] -------------------------------------------------------- [...] syz-executor.1/10214 just changed the state of lock: [...] ffff88811f506338 (&f->f_owner.lock){.+..}-{2:2}, at: send_sigurg+0x1d/0x200 [...] but this lock was taken by another, HARDIRQ-safe lock in the past: [...] (&dev->event_lock){-...}-{2:2} [...] [...] [...] and interrupts could create inverse lock ordering between them. [...] [...] [...] other info that might help us debug this: [...] Chain exists of: [...] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [...] [...] Possible interrupt unsafe locking scenario: [...] [...] CPU0 CPU1 [...] ---- ---- [...] lock(&f->f_owner.lock); [...] local_irq_disable(); [...] lock(&dev->event_lock); [...] lock(&new->fa_lock); [...] [...] lock(&dev->event_lock); [...] [...] *** DEADLOCK *** The corresponding deadlock case is as followed: CPU 0 CPU 1 CPU 2 read_lock(&fown->lock); spin_lock_irqsave(&dev->event_lock, ...) write_lock_irq(&filp->f_owner.lock); // wait for the lock read_lock(&fown-lock); // have to wait until the writer release // due to the fairness spin_lock_irqsave(&dev->event_lock); // wait for the lock The lock dependency on CPU 1 happens if there exists a call sequence: input_inject_event(): spin_lock_irqsave(&dev->event_lock,...); input_handle_event(): input_pass_values(): input_to_handler(): handler->event(): // evdev_event() evdev_pass_values(): spin_lock(&client->buffer_lock); __pass_event(): kill_fasync(): kill_fasync_rcu(): read_lock(&fa->fa_lock); send_sigio(): read_lock(&fown->lock); To fix this, make the reader in send_sigurg() and send_sigio() use read_lock_irqsave() and read_lock_irqrestore(). Reported-by: syzbot+22e87cdf94021b984aa6@syzkaller.appspotmail.com Reported-by: syzbot+c5e32344981ad9f33750@syzkaller.appspotmail.com Signed-off-by: Boqun Feng Signed-off-by: Jeff Layton fs/fcntl.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) culprit signature: 9e0ac1715d5076271e84a7c45722c53ea0a5a375795839cb4494e7f43f1853ec parent signature: f638618528142a69f8f64db1f8952aa630bd087c1726ced5b128345dd6a86860 revisions tested: 16, total time: 2h51m31.233489849s (build: 1h22m16.379195063s, test: 1h26m59.2462624s) first good commit: 8d1ddb5e79374fb277985a6b3faa2ed8631c5b4c fcntl: Fix potential deadlock in send_sig{io, urg}() recipients (to): ["boqun.feng@gmail.com" "jlayton@kernel.org" "linux-kernel@vger.kernel.org"] recipients (cc): ["bfields@fieldses.org" "jlayton@kernel.org" "linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"]