From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A121C2BA2B for ; Fri, 17 Apr 2020 00:20:03 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2874B21841 for ; Fri, 17 Apr 2020 00:20:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="b7b+mYhR" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2874B21841 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A9A558E0003; Thu, 16 Apr 2020 20:20:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A242E8E0001; Thu, 16 Apr 2020 20:20:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8EBA38E0003; Thu, 16 Apr 2020 20:20:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0060.hostedemail.com [216.40.44.60]) by kanga.kvack.org (Postfix) with ESMTP id 711568E0001 for ; Thu, 16 Apr 2020 20:20:02 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 23B8F181AEF21 for ; Fri, 17 Apr 2020 00:20:02 +0000 (UTC) X-FDA: 76715439444.16.tax27_74ac5f5e2e220 X-HE-Tag: tax27_74ac5f5e2e220 X-Filterd-Recvd-Size: 6274 Received: from mail-oi1-f193.google.com (mail-oi1-f193.google.com [209.85.167.193]) by imf45.hostedemail.com (Postfix) with ESMTP for ; Fri, 17 Apr 2020 00:20:01 +0000 (UTC) Received: by mail-oi1-f193.google.com with SMTP id t199so599747oif.7 for ; Thu, 16 Apr 2020 17:20:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:mime-version; bh=thOqoeUHNa8nm/nAkMJNqT4+ado+3DKRxJPNfHmOJgE=; b=b7b+mYhRh7/JSsY7PVsVxFpRfDl9fUnqJhTt41LRlYbLYCyeEJ8oJESMkG9A7xhLq8 qqDFRibQ52QZC+t9zDTS/ueyEbIQ9r7dyjCmKqNTpk8VMJUKfSn9jYWU3/iPYB/JgxEP IzBUsHQ4yyTcKtGsi7071Or3Lqyst1OvX2I4kRqjbrAd3KLxYUWE69IAoSzwCX2KIiCq kAjLWc8o/dCTkm7IrZCQgDZv6eR0sBywNIEYvD/HRNyBKzZJsxpeVYT0viTVjxUakfLs oJax/+ot1j1mY7S/ii+9QBKDSgWMngGkxxghIO2LAefHkibanea+XkqJuxS/Y7cyHWyl VXIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:user-agent:mime-version; bh=thOqoeUHNa8nm/nAkMJNqT4+ado+3DKRxJPNfHmOJgE=; b=Sd/qhMedti2o+WA3IBud8nyL26kEDmwMH60Pz+ejso03o+xrr32C2Lq1kzUzER+aqN JfeZsjBRggOHPtBnZXTpAVEadioL7+KGQ/HygReTkjmLRfXVrQfRQJHpWumk+EqUwp0F R9uP0f5Fpm7MM71FCuf7Xz9+0UM+E3vB40eKnS3X3hOIUQGN2NYLhIkUwkyFzg4fjSBF q7kXibBwdihvEGrK/pKOgCmpnvShLQ4l2+qcr6fSeSJiYhn2PiLgqrtgr93W7ksnpxzj RJp45lzcns2nJS/YoMWHuNAdXbK8Ej6ic+r7wxUkA6mQuqYUJioTC0qiOIPH0rUQuiVB tlvw== X-Gm-Message-State: AGi0PubgQzcpbXj13AL6lS4DUJEL8lWAxpWlJQb930f96m/5wv5tS5z+ ESBnVHVoiAfuXgfEgMmXLuDYig== X-Google-Smtp-Source: APiQypJHGAhKDQezHjIhhBwZzlYnpkNIUubGrWvHRQLNARJzU245nG0YzeOHyY2Bj6r7A3QGMufHFg== X-Received: by 2002:a05:6808:d9:: with SMTP id t25mr497092oic.147.1587082800737; Thu, 16 Apr 2020 17:20:00 -0700 (PDT) Received: from eggly.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id q7sm7526189otc.63.2020.04.16.17.19.59 (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128); Thu, 16 Apr 2020 17:20:00 -0700 (PDT) Date: Thu, 16 Apr 2020 17:19:43 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@eggly.anvils To: Yang Shi cc: Hugh Dickins , syzbot , Andrew Morton , Linux Kernel Mailing List , Linux MM , syzkaller-bugs@googlegroups.com, Linus Torvalds Subject: Re: possible deadlock in shmem_uncharge In-Reply-To: Message-ID: References: <000000000000e5838c05a3152f53@google.com> User-Agent: Alpine 2.11 (LSU 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 15 Apr 2020, Hugh Dickins wrote: > On Wed, 15 Apr 2020, Yang Shi wrote: > > On Wed, Apr 15, 2020 at 7:04 PM Hugh Dickins wrote: > > > On Mon, 13 Apr 2020, Yang Shi wrote: > > > > > > > > It looks shmem_uncharge() is just called by __split_huge_page() and > > > > collapse_file(). The collapse_file() has acquired xa_lock with irq > > > > disabled before acquiring info->lock, so it is safe. > > > > __split_huge_page() is called with holding xa_lock with irq enabled, > > > > but lru_lock is acquired with irq disabled before acquiring xa_lock. > > > > > > > > So, it is unnecessary to acquire info->lock with irq disabled in > > > > shmem_uncharge(). Can syzbot try the below patch? > > > > > > But I disagree with the patch below. You're right that IRQ-disabling > > > here is unnecessary, given its two callers; but I'm not sure that we > > > want it to look different from shmem_charge() and all other info->lock > > > takers; and, more importantly, I don't see how removing the redundant > > > IRQ-saving below could make it any less liable to deadlock. > > > > Yes, I realized the patch can't suppress the lockdep splat. But, > > actually I didn't understand how this deadlock could happen because > > info_lock is acquired with IRQ disabled before acquiring > > user_shm_lock. So, interrupt can't come in at all if I didn't miss > > anything. > > I think the story it's trying to tell is this (but, like most of us, > I do find Mr Lockdep embarrassingly difficult to understand; and I'm > not much good at drawing race diagrams either): > > CPU0 was in user_shm_unlock(), it's got shmlock_user_lock, then an > interrupt comes in. It's an endio kind of interrupt, which goes off > to test_clear_page_writeback(), which wants the xa_lock on i_pages. > > Meanwhile, CPU1 was doing some SysV SHM locking, it's got as far as > shmem_lock(), it has acquired info->lock, and goes off to user_shm_lock() > which wants shmlock_user_lock. > > But sadly, CPU2 is splitting a shmem THP, calling shmem_uncharge() > that wants info->lock while outer level holds xa_lock on i_pages: > with interrupts properly disabled, but that doesn't help. > > Now, that story doesn't quite hold up as a deadlock, because shmem > doesn't use writeback tags; and (unless you set shmem_enabled "force") > I don't think there's a way to get shmem THPs in SysV SHM (and are > they hole-punchable? maybe through MADV_REMOVE); so it looks like > we're talking about different inodes. > > But lockdep is right to report it, and more thought might arrive at > a more convincing scenario. Anyway, easily fixed and best fixed. > > (But now I think my patch must wait until tomorrow.) https://lore.kernel.org/lkml/alpine.LSU.2.11.2004161707410.16322@eggly.anvils/