hid-generic 0000:0000:0000.0298: item fetching failed at offset -632515119 ====================================================== [ INFO: possible circular locking dependency detected ] 4.4.174+ #17 Not tainted ------------------------------------------------------- syz-executor.3/17974 is trying to acquire lock: (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 but task is already holding lock: (loop_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x105/0x140 drivers/block/loop.c:1599 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (loop_ctl_mutex#2){+.+.+.}: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __lo_release drivers/block/loop.c:1653 [inline] [] lo_release+0x84/0x1b0 drivers/block/loop.c:1676 [] __blkdev_put+0x461/0x840 fs/block_dev.c:1535 [] blkdev_put+0x88/0x560 fs/block_dev.c:1600 [] blkdev_close+0x8b/0xb0 fs/block_dev.c:1607 [] __fput+0x246/0x710 fs/file_table.c:208 [] ____fput+0x16/0x20 fs/file_table.c:244 [] task_work_run+0x202/0x2b0 kernel/task_work.c:115 [] tracehook_notify_resume include/linux/tracehook.h:191 [inline] [] exit_to_usermode_loop+0x14a/0x170 arch/x86/entry/common.c:188 [] prepare_exit_to_usermode arch/x86/entry/common.c:221 [inline] [] syscall_return_slowpath+0x25b/0x2e0 arch/x86/entry/common.c:286 [] int_ret_from_sys_call+0x25/0xa3 -> #1 (loop_index_mutex){+.+.+.}: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] lo_open+0x1d/0xb0 drivers/block/loop.c:1633 [] __blkdev_get+0x2ae/0xdf0 fs/block_dev.c:1213 [] blkdev_get+0x2e8/0x920 fs/block_dev.c:1353 [] blkdev_open+0x1aa/0x250 fs/block_dev.c:1508 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_sys_open+0x2f8/0x600 fs/open.c:1038 [] SYSC_open fs/open.c:1056 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1051 [] entry_SYSCALL_64_fastpath+0x1e/0x9a -> #0 (&bdev->bd_mutex){+.+.+.}: [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 [] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:649 [] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1208 [] loop_set_status_compat+0xb2/0x110 drivers/block/loop.c:1572 [] lo_compat_ioctl+0x110/0x140 drivers/block/loop.c:1600 [] compat_blkdev_ioctl+0xca0/0x344f block/compat_ioctl.c:751 [] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline] [] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a other info that might help us debug this: Chain exists of: &bdev->bd_mutex --> loop_index_mutex --> loop_ctl_mutex#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(loop_ctl_mutex#2); lock(loop_index_mutex); lock(loop_ctl_mutex#2); lock(&bdev->bd_mutex); *** DEADLOCK *** 1 lock held by syz-executor.3/17974: #0: (loop_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x105/0x140 drivers/block/loop.c:1599 stack backtrace: CPU: 0 PID: 17974 Comm: syz-executor.3 Not tainted 4.4.174+ #17 0000000000000000 e348661b7eb14ed2 ffff8801bc1ef5e0 ffffffff81aad1a1 ffffffff84057a80 ffff8801d0bc17c0 ffffffff83aa0cc0 ffffffff83ac6580 ffffffff83aa1890 ffff8801bc1ef630 ffffffff813abcda ffffffff83e1a280 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 [] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:649 [] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1208 [] loop_set_status_compat+0xb2/0x110 drivers/block/loop.c:1572 [] lo_compat_ioctl+0x110/0x140 drivers/block/loop.c:1600 [] compat_blkdev_ioctl+0xca0/0x344f block/compat_ioctl.c:751 [] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline] [] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a loop_reread_partitions: partition scan of loop0 ( ñy§rZ³²èï>¥iÛj¦î$^¡g /¼ }÷ó€éI­×oòzy#¸„«`‰¡Þ‡£RnVÊAIn) failed (rc=-13) hid-generic 0000:0000:0000.0299: item fetching failed at offset -632152775 hid-generic: probe of 0000:0000:0000.0299 failed with error -22 hid-generic: probe of 0000:0000:0000.0298 failed with error -22 hid-generic 0000:0000:0000.029A: item fetching failed at offset 2225809 hid-generic: probe of 0000:0000:0000.029A failed with error -22 hid-generic 0000:0000:0000.029B: item fetching failed at offset -1192775103 hid-generic: probe of 0000:0000:0000.029B failed with error -22 hid-generic 0000:0000:0000.029C: item fetching failed at offset -1291506831 hid-generic 0000:0000:0000.029D: item fetching failed at offset -1189821647 hid-generic: probe of 0000:0000:0000.029C failed with error -22 hid-generic: probe of 0000:0000:0000.029D failed with error -22 hid-generic 0000:0000:0000.029E: item fetching failed at offset -770877783 hid-generic: probe of 0000:0000:0000.029E failed with error -22 hid-generic 0000:0000:0000.029F: item fetching failed at offset -1277012071 hid-generic: probe of 0000:0000:0000.029F failed with error -22 hid-generic 0000:0000:0000.02A0: item fetching failed at offset -639324775 hid-generic: probe of 0000:0000:0000.02A0 failed with error -22 hid-generic 0000:0000:0000.02A1: item fetching failed at offset -818278279 hid-generic: probe of 0000:0000:0000.02A1 failed with error -22