Re: [PATCH v3] loop: Fix NULL pointer dereference in lo_rw_aio()

Next message: Josh Hilke: "Re: [PATCH v3 03/16] KVM: selftests: Add guest read/write macros"
Previous message: Josh Hilke: "Re: [PATCH v3 06/16] KVM: selftests: Add IRQ injection test"
In reply to: Hillf Danton: "Re: [PATCH v3] loop: Fix NULL pointer dereference in lo_rw_aio()"
Next in thread: Tetsuo Handa: "Re: [PATCH v3] loop: Fix NULL pointer dereference in lo_rw_aio()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hillf Danton

Date: Thu May 28 2026 - 19:03:10 EST

On Thu, 28 May 2026 13:43:31 +0800 Hillf Danton wrote:
>On Tue, 26 May 2026 22:00:49 -0500 Ming Lei wrote:
>>On Wed, May 27, 2026 at 10:35:56AM +0900, Tetsuo Handa wrote:
>>> On 2026/05/27 10:20, Ming Lei wrote:
>>> >> Of course we should try to figure out the root cause first, but how can we do?
>>> >
>>> > Definitely unexpected write IO(after umount & loop closed) from btrfs is more serious,
>>> > which may cause data loss, so CC btrfs list and maintainer.
>>>
>>> Why do you assume that the culprit is btrfs?
>>>
>>> https://syzkaller.appspot.com/bug?extid=bc273027d5643e48e5b3 indicated that
>>> this similar race is also happening with jfs.
>>
>> I just didn't see the above report on jfs.
>>
>> It doesn't change anything, the same question still stands: unexpected write IO is issued
>> or crosses umount & last closing of loop disk.
>>
> Given the loop workqueue that triggered the jfs warning, can you specify
> the reason why the workqueue in question is NOT flushed while closing disk?
>
Got it, the loop workqueue is NOT flushed to avoid deadlock, see d292dc80686a
("loop: don't destroy lo->workqueue in __loop_clr_fd") for detail.
And the deadlock can be reproduced by flushing the loop workqueue with
disk->open_mutex held [1].

[1] Subject: Re: [syzbot] possible deadlock in blkdev_put (3)
https://lore.kernel.org/lkml/000000000000ea753505da2658d5@xxxxxxxxxx/