| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zyrm8uw204eZW9wF@fedora>
Date: Wed, 6 Nov 2024 11:48:02 +0800
From: Ming Lei <ming.lei@...hat.com>
To: syzbot <syzbot+ca7d7c797fee31d2b474@...kaller.appspotmail.com>
Cc: axboe@...nel.dk, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [block?] possible deadlock in blk_mq_alloc_request
On Tue, Nov 05, 2024 at 06:40:22PM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: c88416ba074a Add linux-next specific files for 20241101
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=17e59aa7980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=704b6be2ac2f205f
> dashboard link: https://syzkaller.appspot.com/bug?extid=ca7d7c797fee31d2b474
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1250b630580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/760a8c88d0c3/disk-c88416ba.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/46e4b0a851a2/vmlinux-c88416ba.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/428e2c784b75/bzImage-c88416ba.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+ca7d7c797fee31d2b474@...kaller.appspotmail.com
>
> ============================================
> WARNING: possible recursive locking detected
> 6.12.0-rc5-next-20241101-syzkaller #0 Not tainted
> --------------------------------------------
> udevd/6086 is trying to acquire lock:
> ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_mq_alloc_request+0x26b/0xab0 block/blk-mq.c:626
>
> but task is already holding lock:
> ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_freeze_queue block/blk-mq.c:177 [inline]
> ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:187
>
> other info that might help us debug this:
> Possible unsafe locking scenario:
>
> CPU0
> ----
> lock(&q->q_usage_counter(queue)#67);
> lock(&q->q_usage_counter(queue)#67);
>
> *** DEADLOCK ***
>
> May be due to missing lock nesting notation
>
> 3 locks held by udevd/6086:
> #0: ffff888034a534c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 block/bdev.c:904
> #1: ffff888028826188 (&q->q_usage_counter(io)#81){+.+.}-{0:0}, at: blk_freeze_queue block/blk-mq.c:177 [inline]
> #1: ffff888028826188 (&q->q_usage_counter(io)#81){+.+.}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:187
> #2: ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_freeze_queue block/blk-mq.c:177 [inline]
> #2: ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:187
Not get idea how blk_mq_freeze_queue is called in this context.
Is the blk_mq_unfreeze_queue() in sd_revalidate_disk() not released?
Anyway, please test the not-merged fixes.
#syz test: https://github.com/ming1/linux.git for-next
Thanks,
Ming
Powered by blists - more mailing lists