hid-generic 0000:0004:FFFFFFFD.0003: unknown main item tag 0x0 hid-generic 0000:0004:FFFFFFFD.0003: hidraw1: HID v0.00 Device [syz0] on sy ====================================================== [ INFO: possible circular locking dependency detected ] 4.4.174+ #17 Not tainted ------------------------------------------------------- syz-executor.4/14470 is trying to acquire lock: (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 but task is already holding lock: (loop_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x105/0x140 drivers/block/loop.c:1599 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __lo_release drivers/block/loop.c:1653 [inline] [] lo_release+0x84/0x1b0 drivers/block/loop.c:1676 [] __blkdev_put+0x461/0x840 fs/block_dev.c:1535 [] blkdev_put+0x88/0x560 fs/block_dev.c:1600 [] blkdev_close+0x8b/0xb0 fs/block_dev.c:1607 [] __fput+0x246/0x710 fs/file_table.c:208 [] ____fput+0x16/0x20 fs/file_table.c:244 [] task_work_run+0x202/0x2b0 kernel/task_work.c:115 [] tracehook_notify_resume include/linux/tracehook.h:191 [inline] [] exit_to_usermode_loop+0x14a/0x170 arch/x86/entry/common.c:188 [] prepare_exit_to_usermode arch/x86/entry/common.c:221 [inline] [] syscall_return_slowpath+0x25b/0x2e0 arch/x86/entry/common.c:286 [] int_ret_from_sys_call+0x25/0xa3 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] lo_open+0x1d/0xb0 drivers/block/loop.c:1633 [] __blkdev_get+0x2ae/0xdf0 fs/block_dev.c:1213 [] blkdev_get+0x2e8/0x920 fs/block_dev.c:1353 [] blkdev_open+0x1aa/0x250 fs/block_dev.c:1508 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_sys_open+0x2f8/0x600 fs/open.c:1038 [] SYSC_open fs/open.c:1056 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1051 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 [] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:649 [] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1208 [] loop_set_status_compat+0xb2/0x110 drivers/block/loop.c:1572 [] lo_compat_ioctl+0x110/0x140 drivers/block/loop.c:1600 [] compat_blkdev_ioctl+0xca0/0x344f block/compat_ioctl.c:751 [] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline] [] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(loop_ctl_mutex#2); lock(loop_index_mutex); lock(loop_ctl_mutex#2); lock(&bdev->bd_mutex); *** DEADLOCK *** 1 lock held by syz-executor.4/14470: #0: (loop_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x105/0x140 drivers/block/loop.c:1599 stack backtrace: CPU: 0 PID: 14470 Comm: syz-executor.4 Not tainted 4.4.174+ #17 0000000000000000 98189a90448f5548 ffff8801bee675e0 ffffffff81aad1a1 ffffffff84057a80 ffff8801b348c740 ffffffff83aa0b10 ffffffff83ac6df0 ffffffff83aa16e0 ffff8801bee67630 ffffffff813abcda ffffffff83e1b000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 [] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:649 [] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1208 [] loop_set_status_compat+0xb2/0x110 drivers/block/loop.c:1572 [] lo_compat_ioctl+0x110/0x140 drivers/block/loop.c:1600 [] compat_blkdev_ioctl+0xca0/0x344f block/compat_ioctl.c:751 [] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline] [] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a input: syz1 as /devices/virtual/input/input74 loop_reread_partitions: partition scan of loop1 (r7t¯äæ¡yQ^6ô]"ú²yÄŠƒÆÌÐKFJe“ ¾ÒÍa o½Vä }¥—$§ÜR¾¬EžÉÎ†Ñåÿ‡ð) failed (rc=-13) loop_reread_partitions: partition scan of loop1 () failed (rc=-13) input: syz1 as /devices/virtual/input/input76 input: syz1 as /devices/virtual/input/input77 input: syz1 as /devices/virtual/input/input80 input: syz1 as /devices/virtual/input/input81 input: syz1 as /devices/virtual/input/input82 input: syz1 as /devices/virtual/input/input85 input: syz1 as /devices/virtual/input/input87 input: syz1 as /devices/virtual/input/input89 loop_set_status: loop3 () has still dirty pages (nrpages=258) input: syz1 as /devices/virtual/input/input91 input: syz1 as /devices/virtual/input/input92 input: syz1 as /devices/virtual/input/input94 loop_set_status: loop3 () has still dirty pages (nrpages=193) input: syz1 as /devices/virtual/input/input96 input: syz1 as /devices/virtual/input/input97 input: syz1 as /devices/virtual/input/input100 input: syz1 as /devices/virtual/input/input102 input: syz1 as /devices/virtual/input/input103 loop_set_status: loop3 () has still dirty pages (nrpages=257) input: syz1 as /devices/virtual/input/input105 input: syz1 as /devices/virtual/input/input106 input: syz1 as /devices/virtual/input/input107 loop_set_status: loop3 () has still dirty pages (nrpages=1) input: syz1 as /devices/virtual/input/input109 input: syz1 as /devices/virtual/input/input111 input: syz1 as /devices/virtual/input/input112