possible deadlock in blkdev_reread

possible deadlock in blkdev_reread_part
Status: fixed on 2019/01/15 20:25
Reported-by: syzbot+4684a000d5abdade83fac55b1e7d1f935ef1936e@syzkaller.appspotmail.com
Fix commit: 0da03cab loop: Fix deadlock when calling blkdev_reread_part() 85b0a54a loop: Move loop_reread_partitions() out of loop_ctl_mutex
First crash: 1051d, last: 587d

similar bugs (3):
Kernel	Title	Repro	Count	Last	Reported	Patched	Status
linux-4.14	possible deadlock in blkdev_reread_part	C	9543	5h39m	483d	0/1	upstream: reported C repro on 2019/04/11 12:33
android-49	possible deadlock in blkdev_reread_part	C	6117	246d	482d	0/3	public: reported C repro on 2019/04/12 00:00
android-44	possible deadlock in blkdev_reread_part	C	3896	248d	482d	0/2	public: reported C repro on 2019/04/12 00:00

Sample crash report:

======================================================
WARNING: possible circular locking dependency detected
4.14.0-rc2+ #10 Not tainted
------------------------------------------------------
syzkaller821047/2981 is trying to acquire lock:
 (&bdev->bd_mutex){+.+.}, at: [<ffffffff8232c60e>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:192

but task is already holding lock:
 (&lo->lo_ctl_mutex#2){+.+.}, at: [<ffffffff83541ef9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1533

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&lo->lo_ctl_mutex#2){+.+.}:
       check_prevs_add kernel/locking/lockdep.c:2020 [inline]
       validate_chain kernel/locking/lockdep.c:2469 [inline]
       __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       lo_release+0x6b/0x180 drivers/block/loop.c:1587
       __blkdev_put+0x602/0x7c0 fs/block_dev.c:1780
       blkdev_put+0x85/0x4f0 fs/block_dev.c:1845
       blkdev_close+0x91/0xc0 fs/block_dev.c:1852
       __fput+0x333/0x7f0 fs/file_table.c:210
       ____fput+0x15/0x20 fs/file_table.c:244
       task_work_run+0x199/0x270 kernel/task_work.c:112
       tracehook_notify_resume include/linux/tracehook.h:191 [inline]
       exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
       prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
       syscall_return_slowpath+0x42f/0x510 arch/x86/entry/common.c:266
       entry_SYSCALL_64_fastpath+0xbc/0xbe

-> #0 (&bdev->bd_mutex){+.+.}:
       check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
       check_prevs_add kernel/locking/lockdep.c:2020 [inline]
       validate_chain kernel/locking/lockdep.c:2469 [inline]
       __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
       loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:614
       loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1156
       loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1506
       lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1534
       compat_blkdev_ioctl+0x3ba/0x1850 block/compat_ioctl.c:405
       C_SYSC_ioctl fs/compat_ioctl.c:1593 [inline]
       compat_SyS_ioctl+0x1d7/0x3290 fs/compat_ioctl.c:1540
       do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline]
       do_fast_syscall_32+0x3f2/0xf05 arch/x86/entry/common.c:391
       entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&lo->lo_ctl_mutex#2);
                               lock(&bdev->bd_mutex);
                               lock(&lo->lo_ctl_mutex#2);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

1 lock held by syzkaller821047/2981:
 #0:  (&lo->lo_ctl_mutex#2){+.+.}, at: [<ffffffff83541ef9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1533

stack backtrace:
CPU: 0 PID: 2981 Comm: syzkaller821047 Not tainted 4.14.0-rc2+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
 check_prevs_add kernel/locking/lockdep.c:2020 [inline]
 validate_chain kernel/locking/lockdep.c:2469 [inline]
 __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
 loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:614
 loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1156
 loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1506
 lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1534
 compat_blkdev_ioctl+0x3ba/0x1850 block/compat_ioctl.c:405
 C_SYSC_ioctl fs/compat_ioctl.c:1593 [inline]
 compat_SyS_ioctl+0x1d7/0x3290 fs/compat_ioctl.c:1540
 do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline]
 do_fast_syscall_32+0x3f2/0xf05 arch/x86/entry/common.c:391
 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124
RIP: 0023:0xf7f4bc79
RSP: 002b:00000000ff90868c EFLAGS: 00000286 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c02
RDX: 00000

Crashes (5736):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce	2017/09/25 13:28	upstream	e19b205b	c26ea367	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/02 08:57	upstream	4b783176	5a581673	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/18 16:16	upstream	9bd871df	d257b2d2	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/02/09 23:57	upstream	f9f1e414	2b6b214c	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/02/09 08:16	upstream	c0136321	9fb5ec43	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2017/12/19 23:51	upstream	ace52288	af9163c7	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2017/12/12 20:56	upstream	a638349b	414a185f	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2017/11/15 04:15	upstream	894025f2	cf38de00	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/27 17:43	upstream	fc2fd5f0	43cf01dd	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/26 08:10	upstream	d8924c0d	8a41a0ad	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/25 22:02	upstream	8fe28cb5	8a41a0ad	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/24 12:32	upstream	8fe28cb5	be79df56	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/22 12:12	upstream	5092adb2	603b5124	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/21 16:06	upstream	9097a058	588075e6	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/20 16:46	upstream	ab63e725	aaf59e84	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/19 21:53	upstream	62393dbc	fe2dc057	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/19 16:15	upstream	62393dbc	fe2dc057	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/17 23:42	upstream	7566ec39	def91db3	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/14 10:07	upstream	65e08c5e	fe7127be	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/10 20:46	upstream	40e020c1	6565f24d	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/08 09:14	upstream	5f179793	65ed2472	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/05 13:38	upstream	0072a0c1	ac6c0578	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/05 05:56	upstream	0072a0c1	f162ad97	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/04 07:28	upstream	0072a0c1	03f94a45	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/03 20:15	upstream	25956467	819002b0	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/03 18:37	upstream	25956467	819002b0	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/12/01 09:18	upstream	b6839ef2	d8988561	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/30 02:24	upstream	f92a2ebb	66071e27	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/28 10:36	upstream	ef78e5ec	4b6d14f2	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/28 08:15	upstream	ef78e5ec	4b6d14f2	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/27 19:35	upstream	ef78e5ec	4b6d14f2	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/24 04:16	upstream	e6005d3c	eb9ed731	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/23 13:03	upstream	edeca3a7	2b0dc848	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/22 23:50	upstream	edeca3a7	87815d9d	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/21 23:09	upstream	92b41928	9db828b5	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/19 13:41	upstream	9ff01193	adf636a8	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/18 01:31	upstream	1ce80e0f	adf636a8	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/17 15:13	upstream	1ce80e0f	b08ee62a	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/12 09:58	upstream	e12e00e3	7b5f8621	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/10 01:18	upstream	3541833f	f9815aaf	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/09 03:42	upstream	b00d2092	e85d2a61	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/07 04:01	upstream	8053e5b9	8bd6bd63	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/06 12:04	upstream	163c8d54	8bd6bd63	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/02 20:56	upstream	8adcc599	8bd6bd63	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/26 03:10	upstream	bd6bf7c1	a8292de9	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/23 09:40	upstream	ca9eb48f	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/22 20:29	upstream	84df9525	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/21 19:20	upstream	23469de6	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/20 20:36	upstream	270b77a0	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/19 08:39	upstream	fa520c47	9aba67b5	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/18 12:32	upstream	9bd871df	d257b2d2	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/17 22:39	upstream	c343db45	b2695b95	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/17 14:39	upstream	c0cff31b	1ba7fd7e	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/17 09:04	upstream	b955a910	1ba7fd7e	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org