Re: deadlock bug related to bpf,audit subsystems

On Thu, Mar 18, 2021 at 10:43 AM Serhei Makarov <smakarov(a)redhat.com&gt; wrote: I've confirmed that my first bisection was incorrect by testing @1c2f67308af4 mm: thp: fix MADV_REMOVE deadlock on shmem THP and reproducing the deadlock. Previously this commit was marked as good, so it seems a kernel with the bug can sometimes pass the test. I'll double check rc6 next since I have the kernel handy. If 5.11.0-rc6 can also be made to fail, with Jiri Olsa's report it'd be necessary to do a wider search. There may be commits with intent similar to https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit... which tightened some of the behaviour of kernel reads, but affecting the audit subsystem? The actual stack trace that leads to deadlock goes through security_locked_down() which was present since the original patch reworking probe_read into separate probe_read_{user,kernel} helpers https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit... -- Serhei