Re: possible deadlock in blk_trace_remove
From: Jens Axboe <axboe@kernel.dk>
Date: 2017-11-19 18:50:25
Also in:
lkml
Subsystem:
block layer, the rest, tracing · Maintainers:
Jens Axboe, Linus Torvalds, Steven Rostedt, Masami Hiramatsu
On 11/19/2017 03:36 AM, syzbot wrote:
Hello,
syzkaller hit the following crash on
d9e0e63d9a6f88440eb201e1491fcf730272c706
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.>
Use struct sctp_sack_info instead
============================================
WARNING: possible recursive locking detected
4.14.0-rc8-next-20171110+ #40 Not tainted
--------------------------------------------
syz-executor6/21462 is trying to acquire lock:
(&q->blk_trace_mutex){+.+.}, at: [<ffffffff81760261>]
blk_trace_remove+0x21/0x40 kernel/trace/blktrace.c:373
but task is already holding lock:
(&q->blk_trace_mutex){+.+.}, at: [<ffffffff81763b38>]
blk_trace_setup+0x38/0x70 kernel/trace/blktrace.c:606
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&q->blk_trace_mutex);
lock(&q->blk_trace_mutex);The below should fix it.
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
index 206e0e2ace53..f224985de5fa 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c@@ -591,7 +591,7 @@ static int __blk_trace_setup(struct request_queue *q, char *name, dev_t dev, return ret; if (copy_to_user(arg, &buts, sizeof(buts))) { - blk_trace_remove(q); + __blk_trace_remove(q); return -EFAULT; } return 0;
@@ -637,7 +637,7 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name, return ret; if (copy_to_user(arg, &buts.name, ARRAY_SIZE(buts.name))) { - blk_trace_remove(q); + __blk_trace_remove(q); return -EFAULT; }
--
Jens Axboe