possible circular locking in kernfs_remove_by_name_ns/devinet_ioctl linux 6.0-rc3

Francesco Dolcini francesco.dolcini at toradex.com
Thu Sep 1 12:25:27 PDT 2022


On Thu, Sep 01, 2022 at 02:21:29PM +0200, Francesco Dolcini wrote:
> [   21.629186] ======================================================
> [   21.635418] WARNING: possible circular locking dependency detected
> [   21.641646] 6.0.0-rc3 #7 Not tainted
> [   21.645256] ------------------------------------------------------
> [   21.651480] connmand/542 is trying to acquire lock:
> [   21.656399] c2ce1d70 (kn->active#9){++++}-{0:0}, at: kernfs_remove_by_name_ns+0x50/0xa0
> [   21.664516]
>                but task is already holding lock:
> [   21.670394] c17af6e0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xc8/0x870
> [   21.677441]
>                which lock already depends on the new lock.
...
> [   21.945318] Chain exists of:
>                  kn->active#9 --> udc_lock --> rtnl_mutex
> 
> [   21.954902]  Possible unsafe locking scenario:
> 
> [   21.960865]        CPU0                    CPU1
> [   21.965430]        ----                    ----
> [   21.969994]   lock(rtnl_mutex);
> [   21.973174]                                lock(udc_lock);
> [   21.978709]                                lock(rtnl_mutex);
> [   21.984419]   lock(kn->active#9);
> [   21.987779]
>                 *** DEADLOCK ***
> 
> [   21.993745] 1 lock held by connmand/542:
> [   21.997704]  #0: c17af6e0 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0xc8/0x870
> [   22.005191]
...
> I have not tried to bisect this yet, just probing if someone has already
> some idea on this.

Commit 2191c00855b0 ("USB: gadget: Fix use-after-free Read in usb_udc_uevent()")
introduced this, see
https://lore.kernel.org/all/20220901192204.GA2268599@francesco-nb.int.toradex.com/

Francesco




More information about the linux-arm-kernel mailing list