possible deadlock in blkdev_reread

[upstream] possible deadlock in blkdev_reread_part
Status: upstream: reported C repro on 2017/11/01 19:01
Reported-by: syzbot+4684a000d5abdade83fac55b1e7d1f935ef1936e@syzkaller.appspotmail.com
First: 300d, last: 12h44m

Sample crash report:

audit: type=1400 audit(1513727379.883:7): avc:  denied  { map } for  pid=3145 comm="syzkaller883040" path="/root/syzkaller883040234" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1

======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc4+ #138 Not tainted
------------------------------------------------------
syzkaller883040/3145 is trying to acquire lock:
 (&bdev->bd_mutex){+.+.}, at: [<00000000abac8f72>] blkdev_reread_part+0x1e/0x40 block/ioctl.c:192

but task is already holding lock:
 (&lo->lo_ctl_mutex#2){+.+.}, at: [<00000000253ad9ca>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1538

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&lo->lo_ctl_mutex#2){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       lo_release+0x6b/0x180 drivers/block/loop.c:1592
       __blkdev_put+0x602/0x7c0 fs/block_dev.c:1770
       blkdev_put+0x85/0x4f0 fs/block_dev.c:1835
       blkdev_close+0x8b/0xb0 fs/block_dev.c:1842
       __fput+0x327/0x7e0 fs/file_table.c:210
       ____fput+0x15/0x20 fs/file_table.c:244
       task_work_run+0x199/0x270 kernel/task_work.c:113
       tracehook_notify_resume include/linux/tracehook.h:191 [inline]
       exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
       prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
       syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
       entry_SYSCALL_64_fastpath+0x94/0x96

-> #0 (&bdev->bd_mutex){+.+.}:
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
       loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:619
       loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1161
       loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1511
       lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1539
       compat_blkdev_ioctl+0x3ae/0x1840 block/compat_ioctl.c:406
       C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline]
       compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419
       do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
       do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
       entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:125

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&lo->lo_ctl_mutex#2);
                               lock(&bdev->bd_mutex);
                               lock(&lo->lo_ctl_mutex#2);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

1 lock held by syzkaller883040/3145:
 #0:  (&lo->lo_ctl_mutex#2){+.+.}, at: [<00000000253ad9ca>] lo_compat_ioctl+0x109/0x140 drivers/block/loop.c:1538

stack backtrace:
CPU: 1 PID: 3145 Comm: syzkaller883040 Not tainted 4.15.0-rc4+ #138
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_circular_bug.isra.37+0x2cd/0x2dc kernel/locking/lockdep.c:1218
 check_prev_add kernel/locking/lockdep.c:1858 [inline]
 check_prevs_add kernel/locking/lockdep.c:1971 [inline]
 validate_chain kernel/locking/lockdep.c:2412 [inline]
 __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3426
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
 loop_reread_partitions+0x12f/0x1a0 drivers/block/loop.c:619
 loop_set_status+0x9ba/0xf60 drivers/block/loop.c:1161
 loop_set_status_compat+0x92/0xf0 drivers/block/loop.c:1511
 lo_compat_ioctl+0x114/0x140 drivers/block/loop.c:1539
 compat_blkdev_ioctl+0x3ae/0x1840 block/compat_ioctl.c:406
 C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline]
 compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419
 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
 do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:125
RIP: 0023:0xf7f68c79
RSP: 002b:00000000ffb7ffbc EFLAGS: 00000282 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000004c02
RDX: 0000000020063f68 RSI: 00000000080ef00c RDI: 000000000000003f
RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

All crashes (5584):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce-386	2017/12/19 23:51	upstream	ace52288edf0cb5e7a52b681f057f86224c49c27	af9163c76381c5363976d40392f9f6728d7a1dc9	.config	log	report	syz	C	["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/02/09 08:16	upstream	c0136321924dd338bb8fc5661c4b0e27441a8d04	9fb5ec4367f8816ba2297a39963778ad74d6f443	.config	log	report	syz	C	["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/02/09 23:57	upstream	f9f1e414128ea58d8e848a0275db0f644c9e9f45	2b6b214cf2fc16447250192774f9c8e124793c50	.config	log	report	syz	C	["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2017/12/12 20:56	upstream	a638349bf6c29433b938141f99225b160551ff48	414a185f4d36140539d2783e5d7be02346c2cfbe	.config	log	report	syz	C	["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2017/11/15 04:15	upstream	894025f24bd028942da3e602b87d9f7223109b14	cf38de0018e34456cf066b70ca148ab502155672	.config	log	report	syz	C	["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce	2017/09/25 13:28	upstream	e19b205be43d11bff638cad4487008c48d21c103	c26ea367cfa790e86800ac025638ad50f95b8287	.config	log	report	syz	C	["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/17 00:42	upstream	706bf68b4339adf57cf7325561fddd8a3b41fa8e	40cb0c9aa6126f2fc180ce627d868742f645434c	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/16 04:56	upstream	9d3cce1e8b8561fed5f383d22a4d6949db4eadbe	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/15 17:52	upstream	37b5dca2898d1471729194f45e281c2443eb9d6c	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/15 04:23	upstream	c31496dbacc2b6352750937afc20a8dbe22b27a4	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/14 22:31	upstream	c31496dbacc2b6352750937afc20a8dbe22b27a4	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/14 19:00	upstream	2db39a2f491a48ec740e0214a7dd584eefc2137d	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/12 18:28	upstream	c25c74b7476e27180e9b76840e963e542023f118	06c33b3af0ff4072fb002879f83077c9d162a224	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/11 20:19	upstream	1e09177acae32a61586af26d83ca5ef591cdcaf5	2e0e3130f967984ba51ac1387b67040f0d953942	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/10 04:02	upstream	092150a25cb7bd6a79aa00bb1ad131063f58073d	f25e57704183544b0d540ef0035acfa6fb9071d7	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/06 02:34	upstream	fc36def997cfd6cbff3eda4f82853a5c311c5466	d3b2a0e21207954bb0f8ad9d9a2cad6e5cc5499d	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/05 14:28	upstream	fc36def997cfd6cbff3eda4f82853a5c311c5466	f525fd7250aae36586c4a4e5bbe0c11f2314f875	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/05 12:28	upstream	fc36def997cfd6cbff3eda4f82853a5c311c5466	f525fd7250aae36586c4a4e5bbe0c11f2314f875	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/04 11:56	upstream	fc36def997cfd6cbff3eda4f82853a5c311c5466	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/04 05:03	upstream	410da1e12ffed61129d61df5b7adce4d08c7f17c	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/03 22:12	upstream	410da1e12ffed61129d61df5b7adce4d08c7f17c	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/03 20:28	upstream	410da1e12ffed61129d61df5b7adce4d08c7f17c	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/03 16:16	upstream	d0fbad0aec1df29717fab736eb24c8a49cf2c70b	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/02 09:18	upstream	d3bc0e67f8525760479e88a51e87bb0c026e40f3	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/02 06:16	upstream	d3bc0e67f8525760479e88a51e87bb0c026e40f3	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/01 21:18	upstream	883c9ab9eb595f8542d01e55d29a346c8d96862e	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/01 06:38	upstream	0fbc4aeabc91f2e39e0dffebe8f81a0eb3648d97	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/07/01 03:09	upstream	0fbc4aeabc91f2e39e0dffebe8f81a0eb3648d97	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/30 19:29	upstream	1904148a361a07fb2d7cba1261d1d2c2f33c8d2e	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/30 18:06	upstream	1904148a361a07fb2d7cba1261d1d2c2f33c8d2e	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/30 16:31	upstream	1904148a361a07fb2d7cba1261d1d2c2f33c8d2e	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/30 09:43	upstream	1904148a361a07fb2d7cba1261d1d2c2f33c8d2e	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/28 19:34	upstream	f57494321cbf5b1e7769b6135407d2995a369e28	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/28 09:52	upstream	f57494321cbf5b1e7769b6135407d2995a369e28	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/27 03:41	upstream	813835028e9ae1f18cd11bb0ec591d0f0577d96a	b0294c53d01ff4816b69d34f27d10656d002a8fa	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/27 01:10	upstream	813835028e9ae1f18cd11bb0ec591d0f0577d96a	b0294c53d01ff4816b69d34f27d10656d002a8fa	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/26 11:57	upstream	6f0d349d922ba44e4348a17a78ea51b7135965b1	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/26 04:48	upstream	6f0d349d922ba44e4348a17a78ea51b7135965b1	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/25 15:18	upstream	6f0d349d922ba44e4348a17a78ea51b7135965b1	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/22 06:00	upstream	27db64f65f1be2f2ee741a1bf20d8d13d62c167f	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/21 20:36	upstream	1abd8a8f39cd9a2925149000056494523c85643a	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/21 18:21	upstream	1abd8a8f39cd9a2925149000056494523c85643a	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/21 14:51	upstream	1abd8a8f39cd9a2925149000056494523c85643a	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/20 16:43	upstream	81e97f01371f4e1701feeafe484665112cd9ddc2	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/20 14:38	upstream	81e97f01371f4e1701feeafe484665112cd9ddc2	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/20 01:17	upstream	ba4dbdedd3edc2798659bcd8b1a184ea8bdd04dc	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/18 19:36	upstream	9ffc59d57228d74809700be6f7ecb1db10292f05	45c54f755c6dee216beaeeef11e98a0375102712	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]
ci-upstream-kasan-gce-386	2018/06/18 15:40	upstream	9ffc59d57228d74809700be6f7ecb1db10292f05	27c5f59f504f562333e3cd5e715fea5cb69c396e	.config	log	report			["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-kernel@vger.kernel.org"]