possible deadlock in blkdev_reread

[upstream] possible deadlock in blkdev_reread_part
Status: upstream: reported C repro on 2017/11/01 19:01
Reported-by: syzbot+4684a000d5abdade83fac55b1e7d1f935ef1936e@syzkaller.appspotmail.com
Commits: ["loop: Fix deadlock when calling blkdev_reread_part()" "loop: Move loop_reread_partitions() out of loop_ctl_mutex"]
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce]
First: 424d, last: 6h42m

Sample crash report:

======================================================
WARNING: possible circular locking dependency detected
4.14.0-rc2+ #10 Not tainted
------------------------------------------------------
syzkaller821047/2981 is trying to acquire lock:
 (&bdev->bd_mutex){+.+.}, at: [<ffffffff8232c60e>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:192

but task is already holding lock:
 (&lo->lo_ctl_mutex#2){+.+.}, at: [<ffffffff83541ef9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1533

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&lo->lo_ctl_mutex#2){+.+.}:
       check_prevs_add kernel/locking/lockdep.c:2020 [inline]
       validate_chain kernel/locking/lockdep.c:2469 [inline]
       __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       lo_release+0x6b/0x180 drivers/block/loop.c:1587
       __blkdev_put+0x602/0x7c0 fs/block_dev.c:1780
       blkdev_put+0x85/0x4f0 fs/block_dev.c:1845
       blkdev_close+0x91/0xc0 fs/block_dev.c:1852
       __fput+0x333/0x7f0 fs/file_table.c:210
       ____fput+0x15/0x20 fs/file_table.c:244
       task_work_run+0x199/0x270 kernel/task_work.c:112
       tracehook_notify_resume include/linux/tracehook.h:191 [inline]
       exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
       prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
       syscall_return_slowpath+0x42f/0x510 arch/x86/entry/common.c:266
       entry_SYSCALL_64_fastpath+0xbc/0xbe

-> #0 (&bdev->bd_mutex){+.+.}:
       check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
       check_prevs_add kernel/locking/lockdep.c:2020 [inline]
       validate_chain kernel/locking/lockdep.c:2469 [inline]
       __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
       loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:614
       loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1156
       loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1506
       lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1534
       compat_blkdev_ioctl+0x3ba/0x1850 block/compat_ioctl.c:405
       C_SYSC_ioctl fs/compat_ioctl.c:1593 [inline]
       compat_SyS_ioctl+0x1d7/0x3290 fs/compat_ioctl.c:1540
       do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline]
       do_fast_syscall_32+0x3f2/0xf05 arch/x86/entry/common.c:391
       entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&lo->lo_ctl_mutex#2);
                               lock(&bdev->bd_mutex);
                               lock(&lo->lo_ctl_mutex#2);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

1 lock held by syzkaller821047/2981:
 #0:  (&lo->lo_ctl_mutex#2){+.+.}, at: [<ffffffff83541ef9>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1533

stack backtrace:
CPU: 0 PID: 2981 Comm: syzkaller821047 Not tainted 4.14.0-rc2+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
 check_prevs_add kernel/locking/lockdep.c:2020 [inline]
 validate_chain kernel/locking/lockdep.c:2469 [inline]
 __lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0x16f/0x19d0 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
 loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:614
 loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1156
 loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1506
 lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1534
 compat_blkdev_ioctl+0x3ba/0x1850 block/compat_ioctl.c:405
 C_SYSC_ioctl fs/compat_ioctl.c:1593 [inline]
 compat_SyS_ioctl+0x1d7/0x3290 fs/compat_ioctl.c:1540
 do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline]
 do_fast_syscall_32+0x3f2/0xf05 arch/x86/entry/common.c:391
 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124
RIP: 0023:0xf7f4bc79
RSP: 002b:00000000ff90868c EFLAGS: 00000286 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c02
RDX: 00000

All crashes (5706):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce	2017/09/25 13:28	upstream	e19b205b	c26ea367	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/18 16:16	upstream	9bd871df	d257b2d2	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/02/09 23:57	upstream	f9f1e414	2b6b214c	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/02/09 08:16	upstream	c0136321	9fb5ec43	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2017/12/19 23:51	upstream	ace52288	af9163c7	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2017/12/12 20:56	upstream	a638349b	414a185f	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2017/11/15 04:15	upstream	894025f2	cf38de00	.config	log	report	syz	C	axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/17 15:13	upstream	1ce80e0f	b08ee62a	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/12 09:58	upstream	e12e00e3	7b5f8621	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/10 01:18	upstream	3541833f	f9815aaf	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/09 03:42	upstream	b00d2092	e85d2a61	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/07 04:01	upstream	8053e5b9	8bd6bd63	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/06 12:04	upstream	163c8d54	8bd6bd63	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/11/02 20:56	upstream	8adcc599	8bd6bd63	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/26 03:10	upstream	bd6bf7c1	a8292de9	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/23 09:40	upstream	ca9eb48f	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/22 20:29	upstream	84df9525	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/21 19:20	upstream	23469de6	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/20 20:36	upstream	270b77a0	ecb386fe	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/19 08:39	upstream	fa520c47	9aba67b5	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/18 12:32	upstream	9bd871df	d257b2d2	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/17 22:39	upstream	c343db45	b2695b95	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/17 14:39	upstream	c0cff31b	1ba7fd7e	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/17 09:04	upstream	b955a910	1ba7fd7e	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/16 22:59	upstream	b955a910	1ba7fd7e	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/16 14:50	upstream	f0a7d188	1ba7fd7e	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/15 08:42	upstream	35a7f35a	caf12900	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/14 18:04	upstream	3a272031	caf12900	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/14 04:01	upstream	7ec21823	caf12900	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/13 03:00	upstream	6b3944e4	caf12900	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/12 19:33	upstream	6b3944e4	caf12900	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/03 16:18	upstream	6bebe379	8b311eaf	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/02 08:56	upstream	385afbf8	e06f7713	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/02 06:36	upstream	385afbf8	e06f7713	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/02 00:41	upstream	17b57b18	e06f7713	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/10/01 17:19	upstream	17b57b18	48a50c6b	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/29 10:16	upstream	e704966c	41e4b329	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/28 06:59	upstream	c127e59b	0c2fa87b	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/26 05:04	upstream	846e8dd4	b7e11289	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/24 03:15	upstream	6bf4ca7f	28d9ac76	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/23 12:17	upstream	328c6333	37079712	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/22 15:47	upstream	10dc890d	37079712	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/19 09:39	upstream	eba2d6b3	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/19 07:55	upstream	eba2d6b3	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/19 04:51	upstream	5211da9c	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/19 03:26	upstream	5211da9c	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/18 18:23	upstream	5211da9c	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/17 15:26	upstream	c0747ad3	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/17 14:13	upstream	c0747ad3	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2018/09/17 10:01	upstream	c0747ad3	7f125108	.config	log	report			axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org