syzbot


possible deadlock in blkdev_reread_part

Status: fixed on 2019/01/15 20:25
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+4684a000d5abdade83fac55b1e7d1f935ef1936e@syzkaller.appspotmail.com
Fix commit: 0da03cab87e6 loop: Fix deadlock when calling blkdev_reread_part() 85b0a54a82e4 loop: Move loop_reread_partitions() out of loop_ctl_mutex
First crash: 2382d, last: 1918d
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 4.19 00/99] 4.19.17-stable review 109 (109) 2019/04/22 19:40
[PATCH 4.20 000/111] 4.20.4-stable review 120 (120) 2019/01/23 06:43
[PATCH 0/16 v3] loop: Fix oops and possible deadlocks 22 (22) 2018/11/12 10:15
[PATCH 0/15 v2] loop: Fix oops and possible deadlocks 24 (24) 2018/10/17 09:47
[PATCH 0/14] loop: Fix oops and possible deadlocks 17 (17) 2018/10/04 10:15
[PATCH 1/4] block/loop: Don't grab "struct file" for vfs_getattr() operation. 8 (8) 2018/09/27 11:42
[PATCH v3 (resend)] block/loop: Serialize ioctl operations. 11 (11) 2018/09/25 09:57
[PATCH] block/loop: Don't hold lock while rereading partition. 2 (2) 2018/09/25 08:47
possible deadlock in blkdev_reread_part 11 (11) 2018/09/17 13:57
[PATCH v3] block/loop: Serialize ioctl operations. 6 (6) 2018/08/28 10:31
[PATCH v2] block/loop: Serialize ioctl operations. 1 (1) 2018/05/09 10:54
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in blkdev_reread_part C 48668 387d 1813d 0/1 upstream: reported C repro on 2019/04/11 12:33
android-49 possible deadlock in blkdev_reread_part C 6117 1576d 1812d 0/3 public: reported C repro on 2019/04/12 00:00
android-44 possible deadlock in blkdev_reread_part C 3896 1578d 1812d 0/2 public: reported C repro on 2019/04/12 00:00

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
4.14.0-rc2+ #10 Not tainted
------------------------------------------------------
syzkaller821047/2981 is trying to acquire lock:
 (&bdev->bd_mutex){+.+.}, at: [<ffffffff8232c60e>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:192

but task is already holding lock:
 (&lo->lo_ctl_mutex#2){+.+.}, at: [<ffffffff83541ef9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1533

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&lo->lo_ctl_mutex#2){+.+.}:
       check_prevs_add kernel/locking/lockdep.c:2020 [inline]
       validate_chain kernel/locking/lockdep.c:2469 [inline]
       __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       lo_release+0x6b/0x180 drivers/block/loop.c:1587
       __blkdev_put+0x602/0x7c0 fs/block_dev.c:1780
       blkdev_put+0x85/0x4f0 fs/block_dev.c:1845
       blkdev_close+0x91/0xc0 fs/block_dev.c:1852
       __fput+0x333/0x7f0 fs/file_table.c:210
       ____fput+0x15/0x20 fs/file_table.c:244
       task_work_run+0x199/0x270 kernel/task_work.c:112
       tracehook_notify_resume include/linux/tracehook.h:191 [inline]
       exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
       prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
       syscall_return_slowpath+0x42f/0x510 arch/x86/entry/common.c:266
       entry_SYSCALL_64_fastpath+0xbc/0xbe

-> #0 (&bdev->bd_mutex){+.+.}:
       check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
       check_prevs_add kernel/locking/lockdep.c:2020 [inline]
       validate_chain kernel/locking/lockdep.c:2469 [inline]
       __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
       loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:614
       loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1156
       loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1506
       lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1534
       compat_blkdev_ioctl+0x3ba/0x1850 block/compat_ioctl.c:405
       C_SYSC_ioctl fs/compat_ioctl.c:1593 [inline]
       compat_SyS_ioctl+0x1d7/0x3290 fs/compat_ioctl.c:1540
       do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline]
       do_fast_syscall_32+0x3f2/0xf05 arch/x86/entry/common.c:391
       entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&lo->lo_ctl_mutex#2);
                               lock(&bdev->bd_mutex);
                               lock(&lo->lo_ctl_mutex#2);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

1 lock held by syzkaller821047/2981:
 #0:  (&lo->lo_ctl_mutex#2){+.+.}, at: [<ffffffff83541ef9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1533

stack backtrace:
CPU: 0 PID: 2981 Comm: syzkaller821047 Not tainted 4.14.0-rc2+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
 check_prevs_add kernel/locking/lockdep.c:2020 [inline]
 validate_chain kernel/locking/lockdep.c:2469 [inline]
 __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
 loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:614
 loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1156
 loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1506
 lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1534
 compat_blkdev_ioctl+0x3ba/0x1850 block/compat_ioctl.c:405
 C_SYSC_ioctl fs/compat_ioctl.c:1593 [inline]
 compat_SyS_ioctl+0x1d7/0x3290 fs/compat_ioctl.c:1540
 do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline]
 do_fast_syscall_32+0x3f2/0xf05 arch/x86/entry/common.c:391
 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124
RIP: 0023:0xf7f4bc79
RSP: 002b:00000000ff90868c EFLAGS: 00000286 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c02
RDX: 00000

Crashes (5736):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/09/25 13:28 upstream e19b205be43d c26ea367 .config console log report syz C ci-upstream-kasan-gce
2018/12/02 08:57 upstream 4b78317679c4 5a581673 .config console log report syz C ci-upstream-kasan-gce-386
2018/10/18 16:16 upstream 9bd871df56a7 d257b2d2 .config console log report syz C ci-upstream-kasan-gce-386
2018/02/09 23:57 upstream f9f1e414128e 2b6b214c .config console log report syz C ci-upstream-kasan-gce-386
2018/02/09 08:16 upstream c0136321924d 9fb5ec43 .config console log report syz C ci-upstream-kasan-gce-386
2017/12/19 23:51 upstream ace52288edf0 af9163c7 .config console log report syz C ci-upstream-kasan-gce-386
2017/12/12 20:56 upstream a638349bf6c2 414a185f .config console log report syz C ci-upstream-kasan-gce-386
2017/11/15 04:15 upstream 894025f24bd0 cf38de00 .config console log report syz C ci-upstream-kasan-gce-386
2018/12/27 17:43 upstream fc2fd5f0f1aa 43cf01dd .config console log report ci-upstream-kasan-gce-386
2018/12/26 08:10 upstream d8924c0d76aa 8a41a0ad .config console log report ci-upstream-kasan-gce-386
2018/12/25 22:02 upstream 8fe28cb58bcb 8a41a0ad .config console log report ci-upstream-kasan-gce-386
2018/12/24 12:32 upstream 8fe28cb58bcb be79df56 .config console log report ci-upstream-kasan-gce-386
2018/12/22 12:12 upstream 5092adb2272e 603b5124 .config console log report ci-upstream-kasan-gce-386
2018/12/21 16:06 upstream 9097a058d49e 588075e6 .config console log report ci-upstream-kasan-gce-386
2018/12/20 16:46 upstream ab63e725b49c aaf59e84 .config console log report ci-upstream-kasan-gce-386
2018/12/19 21:53 upstream 62393dbcbe0f fe2dc057 .config console log report ci-upstream-kasan-gce-386
2018/12/19 16:15 upstream 62393dbcbe0f fe2dc057 .config console log report ci-upstream-kasan-gce-386
2018/12/17 23:42 upstream 7566ec393f41 def91db3 .config console log report ci-upstream-kasan-gce-386
2018/12/14 10:07 upstream 65e08c5e8631 fe7127be .config console log report ci-upstream-kasan-gce-386
2018/12/10 20:46 upstream 40e020c129cf 6565f24d .config console log report ci-upstream-kasan-gce-386
2018/12/08 09:14 upstream 5f179793f0a7 65ed2472 .config console log report ci-upstream-kasan-gce-386
2018/12/05 13:38 upstream 0072a0c14d5b ac6c0578 .config console log report ci-upstream-kasan-gce-386
2018/12/05 05:56 upstream 0072a0c14d5b f162ad97 .config console log report ci-upstream-kasan-gce-386
2018/12/04 07:28 upstream 0072a0c14d5b 03f94a45 .config console log report ci-upstream-kasan-gce-386
2018/12/03 20:15 upstream 2595646791c3 819002b0 .config console log report ci-upstream-kasan-gce-386
2018/12/03 18:37 upstream 2595646791c3 819002b0 .config console log report ci-upstream-kasan-gce-386
2018/12/01 09:18 upstream b6839ef26e54 d8988561 .config console log report ci-upstream-kasan-gce-386
2018/11/30 02:24 upstream f92a2ebb3d55 66071e27 .config console log report ci-upstream-kasan-gce-386
2018/11/28 10:36 upstream ef78e5ec9214 4b6d14f2 .config console log report ci-upstream-kasan-gce-386
2018/11/28 08:15 upstream ef78e5ec9214 4b6d14f2 .config console log report ci-upstream-kasan-gce-386
2018/11/27 19:35 upstream ef78e5ec9214 4b6d14f2 .config console log report ci-upstream-kasan-gce-386
2018/11/24 04:16 upstream e6005d3c4233 eb9ed731 .config console log report ci-upstream-kasan-gce-386
2018/11/23 13:03 upstream edeca3a769ad 2b0dc848 .config console log report ci-upstream-kasan-gce-386
2018/11/22 23:50 upstream edeca3a769ad 87815d9d .config console log report ci-upstream-kasan-gce-386
2018/11/21 23:09 upstream 92b419289cee 9db828b5 .config console log report ci-upstream-kasan-gce-386
2018/11/19 13:41 upstream 9ff01193a20d adf636a8 .config console log report ci-upstream-kasan-gce-386
2018/11/18 01:31 upstream 1ce80e0fe98e adf636a8 .config console log report ci-upstream-kasan-gce-386
2018/11/17 15:13 upstream 1ce80e0fe98e b08ee62a .config console log report ci-upstream-kasan-gce-386
2018/11/12 09:58 upstream e12e00e388de 7b5f8621 .config console log report ci-upstream-kasan-gce-386
2018/11/10 01:18 upstream 3541833fd1f2 f9815aaf .config console log report ci-upstream-kasan-gce-386
2018/11/09 03:42 upstream b00d209241ff e85d2a61 .config console log report ci-upstream-kasan-gce-386
2018/11/07 04:01 upstream 8053e5b93eca 8bd6bd63 .config console log report ci-upstream-kasan-gce-386
2018/11/06 12:04 upstream 163c8d54a997 8bd6bd63 .config console log report ci-upstream-kasan-gce-386
2018/11/02 20:56 upstream 8adcc59974b8 8bd6bd63 .config console log report ci-upstream-kasan-gce-386
2018/10/26 03:10 upstream bd6bf7c10484 a8292de9 .config console log report ci-upstream-kasan-gce-386
2018/10/23 09:40 upstream ca9eb48fe01f ecb386fe .config console log report ci-upstream-kasan-gce-386
2018/10/22 20:29 upstream 84df9525b0c2 ecb386fe .config console log report ci-upstream-kasan-gce-386
2018/10/21 19:20 upstream 23469de647c4 ecb386fe .config console log report ci-upstream-kasan-gce-386
2018/10/20 20:36 upstream 270b77a0f30e ecb386fe .config console log report ci-upstream-kasan-gce-386
2018/10/19 08:39 upstream fa520c47eaa1 9aba67b5 .config console log report ci-upstream-kasan-gce-386
2018/10/18 12:32 upstream 9bd871df56a7 d257b2d2 .config console log report ci-upstream-kasan-gce-386
2018/10/17 22:39 upstream c343db455eb3 b2695b95 .config console log report ci-upstream-kasan-gce-386
2018/10/17 14:39 upstream c0cff31be705 1ba7fd7e .config console log report ci-upstream-kasan-gce-386
2018/10/17 09:04 upstream b955a910d7fd 1ba7fd7e .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.