Re: [syzbot] [block?] possible deadlock in __del_gendisk

Ming Lei <ming.lei@xxxxxxxxxx> · Mon, 23 Jun 2025 12:43:22 +0800

On Mon, May 26, 2025 at 08:12:27PM -0700, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    ddddf9d64f73 Merge tag 'perf-core-2025-05-25' of git://git..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=12f87882580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=fd18a1001092f95b
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e9e529ac0b319316453
> compiler:       Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11825df4580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17fb7ad4580000
> 
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-ddddf9d6.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/bc551d1d4e46/vmlinux-ddddf9d6.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/d26a6de23b0e/bzImage-ddddf9d6.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e9e529ac0b319316453@xxxxxxxxxxxxxxxxxxxxxxxxx
> 
> ======================================================
> WARNING: possible circular locking dependency detected
> 6.15.0-syzkaller-01599-gddddf9d64f73 #0 Not tainted
> ------------------------------------------------------
> kworker/u4:9/1091 is trying to acquire lock:
> ffff888011362358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0 block/genhd.c:706
> 
> but task is already holding lock:
> ffff88801bb55188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 block/genhd.c:818
> 
> which lock already depends on the new lock.
>

diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 7bdc7eb808ea..aa249719fa7f 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1473,7 +1473,12 @@ static int nbd_start_device(struct nbd_device *nbd)
 		return -EINVAL;
 	}
 
-	blk_mq_update_nr_hw_queues(&nbd->tag_set, config->num_connections);
+	mutex_unlock(&nbd->config_lock);
+	blk_mq_update_nr_hw_queues(&nbd->tag_set, num_connections);
+	mutex_lock(&nbd->config_lock);
+	if (config->num_connections != num_connections)
+		return -EINVAL;
+
 	nbd->pid = task_pid_nr(current);
 
 	nbd_parse_flags(nbd);

Thanks,
Ming








