syzbot

======================================================
[ INFO: possible circular locking dependency detected ]
4.4.107-g610c835 #4 Not tainted
-------------------------------------------------------
syzkaller581102/3315 is trying to acquire lock:
 (&bdev->bd_mutex){+.+.+.}, at: [<ffffffff81cab7ee>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:189

but task is already holding lock:
 (&lo->lo_ctl_mutex#2){+.+.+.}, at: [<ffffffff82420ea9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1526

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

       [<ffffffff8123a61e>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
       [<ffffffff8376a89b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       [<ffffffff8376a89b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621
       [<ffffffff82421e5b>] lo_release+0x6b/0x140 drivers/block/loop.c:1580
       [<ffffffff815d2557>] __blkdev_put+0x5f7/0x7e0 fs/block_dev.c:1535
       [<ffffffff815d35b5>] blkdev_put+0x85/0x550 fs/block_dev.c:1600
       [<ffffffff815d3b0b>] blkdev_close+0x8b/0xb0 fs/block_dev.c:1607
       [<ffffffff81521163>] __fput+0x233/0x6d0 fs/file_table.c:208
       [<ffffffff81521685>] ____fput+0x15/0x20 fs/file_table.c:244
       [<ffffffff811890a4>] task_work_run+0x104/0x180 kernel/task_work.c:115
       [<ffffffff81003625>] tracehook_notify_resume include/linux/tracehook.h:191 [inline]
       [<ffffffff81003625>] exit_to_usermode_loop+0x145/0x170 arch/x86/entry/common.c:251
       [<ffffffff81006545>] prepare_exit_to_usermode arch/x86/entry/common.c:282 [inline]
       [<ffffffff81006545>] syscall_return_slowpath+0x1b5/0x1f0 arch/x86/entry/common.c:347
       [<ffffffff83773e9e>] int_ret_from_sys_call+0x25/0x9f

       [<ffffffff8123797f>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
       [<ffffffff8123797f>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
       [<ffffffff8123797f>] validate_chain kernel/locking/lockdep.c:2144 [inline]
       [<ffffffff8123797f>] __lock_acquire+0x371f/0x4b50 kernel/locking/lockdep.c:3213
       [<ffffffff8123a61e>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
       [<ffffffff8376a89b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       [<ffffffff8376a89b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621
       [<ffffffff81cab7ee>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:189
       [<ffffffff8241ba48>] loop_reread_partitions+0x78/0xe0 drivers/block/loop.c:645
       [<ffffffff8241c445>] loop_set_status+0x995/0xfc0 drivers/block/loop.c:1175
       [<ffffffff8241cb0a>] loop_set_status_compat+0x9a/0x100 drivers/block/loop.c:1499
       [<ffffffff82420eb4>] lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1527
       [<ffffffff81cf85a4>] compat_blkdev_ioctl+0x3d4/0x3b10 block/compat_ioctl.c:751
       [<ffffffff8161d5ca>] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline]
       [<ffffffff8161d5ca>] compat_SyS_ioctl+0x28a/0x2540 fs/compat_ioctl.c:1544
       [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
       [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
       [<ffffffff837754d7>] sysenter_flags_fixed+0xd/0x17

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&lo->lo_ctl_mutex#2);
                               lock(&bdev->bd_mutex);
                               lock(&lo->lo_ctl_mutex#2);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

1 lock held by syzkaller581102/3315:
 #0:  (&lo->lo_ctl_mutex#2){+.+.+.}, at: [<ffffffff82420ea9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1526

stack backtrace:
CPU: 0 PID: 3315 Comm: syzkaller581102 Not tainted 4.4.107-g610c835 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 c7dcb8468e4110f6 ffff8800b46175e8 ffffffff81d0457d
 ffffffff85178be0 ffffffff85178be0 ffffffff851a3fc0 ffff8801d0c20898
 ffff8801d0c20000 ffff8800b4617630 ffffffff812309f1 ffff8801d0c20898
Call Trace:
 [<ffffffff81d0457d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0457d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff812309f1>] print_circular_bug+0x271/0x310 kernel/locking/lockdep.c:1226
 [<ffffffff8123797f>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
 [<ffffffff8123797f>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
 [<ffffffff8123797f>] validate_chain kernel/locking/lockdep.c:2144 [inline]
 [<ffffffff8123797f>] __lock_acquire+0x371f/0x4b50 kernel/locking/lockdep.c:3213
 [<ffffffff8123a61e>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
 [<ffffffff8376a89b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8376a89b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621
 [<ffffffff81cab7ee>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:189
 [<ffffffff8241ba48>] loop_reread_partitions+0x78/0xe0 drivers/block/loop.c:645
 [<ffffffff8241c445>] loop_set_status+0x995/0xfc0 drivers/block/loop.c:1175
 [<ffffffff8241cb0a>] loop_set_status_compat+0x9a/0x100 drivers/block/loop.c:1499
 [<ffffffff82420eb4>] lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1527
 [<ffffffff81cf85a4>] compat_blkdev_ioctl+0x3d4/0x3b10 block/compat_ioctl.c:751
 [<ffffffff8161d5ca>] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline]
 [<ffffffff8161d5ca>] compat_SyS_ioctl+0x28a/0x2540 fs/compat_ioctl.c:1544
 [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff837754d7>] sysenter_flags_fixed+0xd/0x17