On Tue, Nov 05, 2024 at 06:40:22PM -0800, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: c88416ba074a Add linux-next specific files for 20241101 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=17e59aa7980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=704b6be2ac2f205f > dashboard link: https://syzkaller.appspot.com/bug?extid=ca7d7c797fee31d2b474 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1250b630580000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/760a8c88d0c3/disk-c88416ba.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/46e4b0a851a2/vmlinux-c88416ba.xz > kernel image: https://storage.googleapis.com/syzbot-assets/428e2c784b75/bzImage-c88416ba.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+ca7d7c797fee31d2b474@xxxxxxxxxxxxxxxxxxxxxxxxx > > ============================================ > WARNING: possible recursive locking detected > 6.12.0-rc5-next-20241101-syzkaller #0 Not tainted > -------------------------------------------- > udevd/6086 is trying to acquire lock: > ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_mq_alloc_request+0x26b/0xab0 block/blk-mq.c:626 > > but task is already holding lock: > ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_freeze_queue block/blk-mq.c:177 [inline] > ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:187 > > other info that might help us debug this: > Possible unsafe locking scenario: > > CPU0 > ---- > lock(&q->q_usage_counter(queue)#67); > lock(&q->q_usage_counter(queue)#67); > > *** DEADLOCK *** > > May be due to missing lock nesting notation > > 3 locks held by udevd/6086: > #0: ffff888034a534c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 block/bdev.c:904 > #1: ffff888028826188 (&q->q_usage_counter(io)#81){+.+.}-{0:0}, at: blk_freeze_queue block/blk-mq.c:177 [inline] > #1: ffff888028826188 (&q->q_usage_counter(io)#81){+.+.}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:187 > #2: ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_freeze_queue block/blk-mq.c:177 [inline] > #2: ffff8880288261c0 (&q->q_usage_counter(queue)#67){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:187 Not get idea how blk_mq_freeze_queue is called in this context. Is the blk_mq_unfreeze_queue() in sd_revalidate_disk() not released? Anyway, please test the not-merged fixes. #syz test: https://github.com/ming1/linux.git for-next Thanks, Ming
